1
0
mirror of https://github.com/Unleash/unleash.git synced 2024-12-22 19:07:54 +01:00

fix(deps): update dependency knex to v2.4.0 [security] (#2871)

[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [knex](https://knex.github.io/documentation/)
([source](https://togithub.com/knex/knex)) | [`2.3.0` ->
`2.4.0`](https://renovatebot.com/diffs/npm/knex/2.3.0/2.4.0) |
[![age](https://badges.renovateapi.com/packages/npm/knex/2.4.0/age-slim)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://badges.renovateapi.com/packages/npm/knex/2.4.0/adoption-slim)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://badges.renovateapi.com/packages/npm/knex/2.4.0/compatibility-slim/2.3.0)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://badges.renovateapi.com/packages/npm/knex/2.4.0/confidence-slim/2.3.0)](https://docs.renovatebot.com/merge-confidence/)
|

### GitHub Vulnerability Alerts

#### [CVE-2016-20018](https://nvd.nist.gov/vuln/detail/CVE-2016-20018)

Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability
that can be exploited to ignore the WHERE clause of a SQL query. This
vulnerability has been fixed in version 2.4.0.

---

### Release Notes

<details>
<summary>knex/knex</summary>

###
[`v2.4.0`](https://togithub.com/knex/knex/blob/HEAD/CHANGELOG.md#&#8203;240---06-January-2022)

[Compare Source](https://togithub.com/knex/knex/compare/2.3.0...2.4.0)

##### New features:

- Support partial unique indexes
[#&#8203;5316](https://togithub.com/knex/knex/issues/5316)
- Make compiling SQL in error message optional
[#&#8203;5282](https://togithub.com/knex/knex/issues/5282)

##### Bug fixes

- Insert array into json column
[#&#8203;5321](https://togithub.com/knex/knex/issues/5321)
- Fix unexpected max acquire-timeout
[#&#8203;5377](https://togithub.com/knex/knex/issues/5377)
- Fix: orWhereJson
[#&#8203;5361](https://togithub.com/knex/knex/issues/5361)
- MySQL: Add assertion for basic where clause not to be object or array
[#&#8203;1227](https://togithub.com/knex/knex/issues/1227)
- SQLite: Fix changing the default value of a boolean column in SQLite
[#&#8203;5319](https://togithub.com/knex/knex/issues/5319)

##### Typings:

- add missing type for 'expirationChecker' on PgConnectionConfig
[#&#8203;5334](https://togithub.com/knex/knex/issues/5334)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://app.renovatebot.com/dashboard#github/Unleash/unleash).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNC45Ny4wIiwidXBkYXRlZEluVmVyIjoiMzQuOTcuMCJ9-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This commit is contained in:
renovate[bot] 2023-01-11 14:31:52 +01:00 committed by GitHub
parent 1a894eb3a0
commit 0d238cdef6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -1987,7 +1987,12 @@ commander@^6.1.0:
resolved "https://registry.yarnpkg.com/commander/-/commander-6.2.1.tgz#0792eb682dfbc325999bb2b84fddddba110ac73c"
integrity sha512-U7VdrJFnJgo4xjrHpTzu0yrHPGImdsmD95ZlgYSEajAn2JKzDhDTPG9kBTefmObL2w/ngeZnilk+OV9CG3d7UA==
commander@^9.1.0, commander@^9.4.1:
commander@^9.1.0:
version "9.5.0"
resolved "https://registry.yarnpkg.com/commander/-/commander-9.5.0.tgz#bc08d1eb5cedf7ccb797a96199d41c7bc3e60d30"
integrity sha512-KRs7WVDKg86PWiuAqhDrAQnTXZKraVcCc6vFdL14qrZ/DcWwuRo7VoiYXalXO7S5GKpqYiVEwCbgFDfxNHKJBQ==
commander@^9.4.1:
version "9.4.1"
resolved "https://registry.yarnpkg.com/commander/-/commander-9.4.1.tgz#d1dd8f2ce6faf93147295c0df13c7c21141cfbdd"
integrity sha512-5EEkTNyHNGFPD2H+c/dXXfQZYa/scCKasxWcXJaWnNJ99pnQN9Vnmqow+p+PlFPE63Q6mThaZws1T+HxfpgtPw==
@ -4450,9 +4455,9 @@ kleur@^3.0.3:
integrity sha512-eTIzlVOSUR+JxdDFepEYcBMtZ9Qqdef+rnzWdRZuMbOywu5tO2w2N7rqjoANZ5k9vywhL6Br1VRjUIgTQx4E8w==
knex@^2.0.0:
version "2.3.0"
resolved "https://registry.yarnpkg.com/knex/-/knex-2.3.0.tgz#87fa2a9553d7cafb125d7a0645256fbe29ef5967"
integrity sha512-WMizPaq9wRMkfnwKXKXgBZeZFOSHGdtoSz5SaLAVNs3WRDfawt9O89T4XyH52PETxjV8/kRk0Yf+8WBEP/zbYw==
version "2.4.0"
resolved "https://registry.yarnpkg.com/knex/-/knex-2.4.0.tgz#7d33cc36f320cdac98741010544b4c6a98b8b19e"
integrity sha512-i0GWwqYp1Hs2yvc2rlDO6nzzkLhwdyOZKRdsMTB8ZxOs2IXQyL5rBjSbS1krowCh6V65T4X9CJaKtuIfkaPGSA==
dependencies:
colorette "2.0.19"
commander "^9.1.0"