Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix(deps): update dependency knex to v2.4.0 [security] (#2871)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [knex](https://knex.github.io/documentation/) ([source](https://togithub.com/knex/knex)) | [`2.3.0` -> `2.4.0`](https://renovatebot.com/diffs/npm/knex/2.3.0/2.4.0) | [![age](https://badges.renovateapi.com/packages/npm/knex/2.4.0/age-slim)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://badges.renovateapi.com/packages/npm/knex/2.4.0/adoption-slim)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://badges.renovateapi.com/packages/npm/knex/2.4.0/compatibility-slim/2.3.0)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://badges.renovateapi.com/packages/npm/knex/2.4.0/confidence-slim/2.3.0)](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2016-20018](https://nvd.nist.gov/vuln/detail/CVE-2016-20018) Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query. This vulnerability has been fixed in version 2.4.0. --- ### Release Notes <details> <summary>knex/knex</summary> ### [`v2.4.0`](https://togithub.com/knex/knex/blob/HEAD/CHANGELOG.md#​240---06-January-2022) [Compare Source](https://togithub.com/knex/knex/compare/2.3.0...2.4.0) ##### New features: - Support partial unique indexes [#​5316](https://togithub.com/knex/knex/issues/5316) - Make compiling SQL in error message optional [#​5282](https://togithub.com/knex/knex/issues/5282) ##### Bug fixes - Insert array into json column [#​5321](https://togithub.com/knex/knex/issues/5321) - Fix unexpected max acquire-timeout [#​5377](https://togithub.com/knex/knex/issues/5377) - Fix: orWhereJson [#​5361](https://togithub.com/knex/knex/issues/5361) - MySQL: Add assertion for basic where clause not to be object or array [#​1227](https://togithub.com/knex/knex/issues/1227) - SQLite: Fix changing the default value of a boolean column in SQLite [#​5319](https://togithub.com/knex/knex/issues/5319) ##### Typings: - add missing type for 'expirationChecker' on PgConnectionConfig [#​5334](https://togithub.com/knex/knex/issues/5334) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://app.renovatebot.com/dashboard#github/Unleash/unleash). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNC45Ny4wIiwidXBkYXRlZEluVmVyIjoiMzQuOTcuMCJ9--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
- Loading branch information