fix(deps): update dependency knex to v2 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
knex (source)	0.21.17 -> 2.4.0

GitHub Vulnerability Alerts

CVE-2016-20018

Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query. This vulnerability has been fixed in version 2.4.0.

---

Release Notes

knex/knex (knex)

v2.4.0

Compare Source

New features:

• Support partial unique indexes #​5316
• Make compiling SQL in error message optional #​5282

Bug fixes

• Insert array into json column #​5321
• Fix unexpected max acquire-timeout #​5377
• Fix: orWhereJson #​5361
• MySQL: Add assertion for basic where clause not to be object or array #​1227
• SQLite: Fix changing the default value of a boolean column in SQLite #​5319

Typings:

• add missing type for 'expirationChecker' on PgConnectionConfig #​5334

v2.3.0

Compare Source

New features:

• PostgreSQL: Explicit jsonb support for custom pg clients #​5201
• SQLite: Support returning with sqlite3 and better-sqlite3 #​5285
• MSSQL: Implement mapBinding mssql dialect option #​5292

Typings:

• Update types for TS 4.8 #​5279
• Fix typo #​5267
• Fix WhereJsonObject withCompositeTableType #​5306
• Fix AnalyticFunction type #​5304
• Infer specific column value type in aggregations #​5297

v2.2.0

Compare Source

New features:

• Inline primary key creation for postgres flavours #​5233
• SQLite: Add warning for undefined connection file #​5223
• MSSQL: Add JSON parameter support for connection #​5200

Bug fixes:

• PostgreSQL: add primaryKey option for uuid #​5212

Typings:

• Add promisable and better types #​5222
• Update raw query bind parameter type #​5208

v2.1.0

Compare Source

New features:

• Improve bundling experience to safely import dialects while using static paths #​5142
• Implement extendable builders #​5041
• PostgreSQL: Refresh materialized view concurrently #​5166

Bug fixes:

• Use correct paths in package.json browser field #​5174
• MariaDB: Fix 'NULL' returned instead of NULL on MariaDB 10.2.6+ #​5181
• MySQL: fix hasColumn Error (hasColumn ('a_id') is true, but hasColumn('a_Id') is false) #​5148
• MSSQL: Fix .hasTable result when using .withSchema #​5176
• Oracle: correctly INSERTS Buffer #​4869

Typings:

• Update type definitions for pg connection #​5139

v2.0.0

Compare Source

Breaking changes

• Restore sqlite3 package #​5136

Test / internal changes:

• Migrate Husky from 4 to 7 #​5137
• Migrate Jake to 10.8.5 #​5138

v1.0.7

Compare Source

Bug fixes:

• CLI: Fix cli migrate:make SQLite dependency #​5106

v1.0.6

Compare Source

Bug fixes:

• PostgreSQL: Wait for search path to be set before returning connection #​5107
• CLI: No client override during migrate:make #​5109

v1.0.5

Compare Source

New features:

• Override knexfile options with CLI options #​4047

Bug fixes:

• Stringify json value in update #​5063
• Fix isModuleType() for yarn #​4447
• Wrapped Unions Fixes #​5072
• SQLite: Fix @​vscode-sqlite3 error message #​5081
• CLI: Fix completed migration listing #​5060

Typings:

• Make default generic parameters of Knex match the generic parameter types of knex #​5021
• Update knex types for TS 4.7 #​5095

v1.0.4

Compare Source

New features:

• Add whereLike functions #​5044

Bug fixes:

• Fix orWhereJsonPath clause #​5022
• Subquery in on clause missing parenthesis #​5049
• Rework Union Wrapping #​5030
• Oracle: Fix batch inserts with DEFAULT values with OracleDB #​2592 #​5037

Typings:

• Fix types for "returning" methods #​5031
• createTableLike callback should be optional #​5055

Documentation:

• Website URL changed to https://knex.github.io/documentation/

v1.0.3

Compare Source

Bug fixes:

• Fix error message for missing migration files #​4937
• Add withMaterialized and withNotMaterialized to method-constants #​5009
• PostgreSQL: Fix whereJsonPath queries #​5011
• PostgreSQL: Fix delete joins #​5016
• CockroachDB: Fix whereJsonPath queries #​5011
• MySQL: Create primary keys in same statement #​5017

Typings:

• Fix type definition for getMigration in MigrationSource #​4998
• Fix argument type of alter method #​4996

Improvements:

• Use async / await syntax in seeds as default #​5005

Documentation:

• Add Firebird dialect to ECOSYSTEM.md #​5003

v1.0.2

Compare Source

New features:

• Support of MATERIALIZED and NOT MATERIALIZED with WITH/CTE #​4940
• Add raw support in onConflict clause #​4960
• Alter nullable constraint when alterNullable is set to true #​4730
• Add alterType parameter for alter function #​4967
• Support string json in json values #​4988
• MySQL: add with clause #​4508

Bug fixes:

• Fix error message for missing migration files #​4937
• Move deferrable to after on update/on delete #​4976
• Do not use sys.tables to find if a table exists #​2328
• PostgreSQL: Fix Order nulls #​4989
• MySQL: Fix collation when renaming column #​2666
• SQLite: Same boolean handling in better-sqlite3 as in sqlite3 #​4982

Typings:

• WhereILike - fix typo #​4941

v1.0.1

Compare Source

Bug fixes:

• Fix package.json metadata

v1.0.0

Compare Source

Breaking changes

• Dropped support for Node 10;
• Replaced unsupported sqlite3 driver with @vscode/sqlite3;
• Changed data structure from RETURNING operation to be consistent with SELECT;
• Changed Migrator to return list of migrations as objects consistently.

New features:

• Support fromRaw #​4781
• Support zero precision in timestamp/datetime #​4784
• Support whereLike and whereILike #​4779
• Add JSDoc (TS flavor) to stub files #​4809
• Allow skip binding in limit and offset #​4811
• Support creating a new table in the database based on another table #​4821
• Accept Raw on onIn joins #​4830
• Implement support for custom seed sources #​4842
• Add binary uuid option #​4836
• ForUpdate array parameter #​4882
• Add camel case to timestamps method #​4803
• Advanced JSON support #​4859
• Add type to TypeScript knexfile #​4909
• Checks Constraints Support #​4874
• Support creating multiple PKs with increments #​4903
• Enable wrapIdentifier for SQLite .hasTable #​4915
• MSSQL: Add support for unique constraint #​4887
• SQLite: New dialect, using better-sqlite3 driver #​4871
• SQLite: Switch to @​vscode/sqlite3 #​4866
• SQLite: Support createViewOrReplace #​4856
• SQLite: Support RETURNING statements for better-sqlite3 driver #​4934
• PostgreSQL: Support JOIN and USING syntax for Delete Statement #​4800

Bug fixes:

• Fix overzealous warning on use of whereNot with "in" or "between" #​4780
• Fix Union all + first syntax error #​4799
• Make view columns optional in create view like #​4829
• Insert lock row fix during migration #​4865
• Fix for createViewOrReplace #​4856
• SQLite: Fix foreign key constraints when altering a table #​4189
• MySQL: Validate connection fix #​4794
• MySQL: Set comment size warning limit to 1024 #​4867

Typings:

• Allow string indexType in index creation #​4791
• Add missing ints typings #​4832
• Returning method types #​4881
• Improve columnInfo type #​4868

v0.95.15

Compare Source

Bug fixes:

• Oracle:
• MariaDB: lock row fix during migration in MariaDB and Oracle #​4865

v0.95.14

Compare Source

Bug fixes:

• MySQL: mysql2 dialect validate connection fix #​4794

v0.95.13

Compare Source

Bug fixes:

• PostgreSQL: Support zero precision in timestamp/datetime #​4784

Typings:

• Allow string indexType in index creation #​4791

v0.95.12

Compare Source

New features:

• New dialect: CockroachDB #​4742
• New dialect: pg-native #​4327
• CockroachDB: add support for upsert #​4767
• PostgreSQL: Support SELECT .. FOR NO KEY UPDATE / KEY SHARE row level locking clauses #​4755
• PostgreSQL: Add support for 'CASCADE' in PostgreSQL 'DROP SCHEMA' queries #​4713
• MySQL: Add storage engine index Type support to index() and unique() schema #​4756
• MSSQL: Support table.primary, table.unique variant with options object #​4710
• SQLite: Add setNullable support to SQLite #​4684
• Add geometry column building #​4776
• Add support for creating table copies #​1373
• Implement support for views and materialized views #​1626
• Implement partial index support #​4768
• Support for 'is null' in 'order by' #​3667

Bug fixes:

• Fix support for Oracle connections passed via knex.connection() #​4757
• Avoid inserting multiple locks if a migration lock already exists #​4694

Typings:

• Some TableBuilder methods return wrong types #​4764
• Update JoinRaw bindings type to accept arrays #​4752
• fix onDelete/onUpdate for ColumnBuilder #​4656

v0.95.11

Compare Source

New features:

• Add support for nullability modification via schema builder (table.setNullable() and table.dropNullable()) #​4657
• MySQL: Add support for mysql/mariadb-client JSON parameters in connectionURIs #​4629
• MSSQL: Support comments as MS_Description properties #​4632

Bug fixes:

• Fix Analytic orderBy and partitionBy to follow the SQL documentation #​4602
• CLI: fix migrate:up for migrations disabling transactions #​4550
• SQLite: Fix adding a column with a foreign key constraint in SQLite #​4649
• MSSQL: columnInfo() support case-sensitive database collations #​4633
• MSSQL: Generate valid SQL for withRecursive() #​4514
• Oracle: withRecursive: omit invalid RECURSIVE keyword, include column list #​4514

Improvements:

• Add .mjs migration and seed stubs #​4631
• SQLite: Clean up DDL handling and move all operations to the parser-based approach #​4648

v0.95.10

Compare Source

Improvements:

• Use sys info function instead of connection db name #​4623

Typings:

• Deferrable and withkeyName should not be in ColumnBuilder #​4600

v0.95.9

Compare Source

New features:

• Oracle: support specifying schema for dropTable and dropSequence #​4596
• Oracle: support specifying schema for autoincrement #​4594

Typings:

• Add TypeScript support for deferrable, new Primary/Unique syntax #​4589

v0.95.8

Compare Source

New features:

• Add deferrable support for constraint #​4584
• Implement delete with join #​4568
• Add DPI error codes for Oracle #​4536

Bug fixes:

• Fixing PostgreSQL datetime and timestamp column created with wrong format #​4578

Typings:

• Improve analytic types #​4576
• MSSQL: Add trustServerCertificate option #​4500

v0.95.7

Compare Source

New features:

• Add ability to omit columns on an onConflict().ignore() #​4557
• CLI: Log error message #​4534

Typings:

• Export Knex.TransactionConfig #​4498
• Include options object in count(Distinct) typings #​4491
• Add types for analytic functions #​4544

v0.95.6

Compare Source

Typings:

• Export TransactionProvider type #​4489

v0.95.5

Compare Source

New features:

• SQLite: Add support for file open flags #​4446
• Add .cjs extension to Seeder.js to support Node ESM #​4381 #​4382

Bug fixes:

• Remove peerDependencies to avoid auto-install on npm 7 #​4480

Typings:

• Fix typing for increments and bigIncrements #​4406
• Add typings for on JoinClause for onVal #​4436
• Adding Type Definition for isTransaction #​4418
• Export client class from knex namespace #​4479

v0.95.4

Compare Source

Typings:

• Fix mistyping of stream #​4400

v0.95.3

Compare Source

New features:

• PostgreSQL: Add "same" as operator #​4372
• MSSQL: Improve an estimate of the max comment length #​4362
• Throw an error if negative offset is provided #​4361

Bug fixes:

• Fix timeout method #​4324
• SQLite: prevent dropForeign from being silently ignored #​4376

Typings:

• Allow config.client to be non-client instance #​4367
• Add dropForeign arg type for single column #​4363
• Update typings for TypePreservingAggregation and stream #​4377

v0.95.2

Compare Source

New features:

• Improve ESM import support #​4350

Bug fixes:

• CLI: update ts.stub files to new TypeScript namespace #​4344
• CLI: fix TypeScript migration stub after 0.95.0 changes #​4366

Typings:

• Move QueryBuilder and KnexTimeoutError into knex namespace #​4358

Test / internal changes:

• Unify db test helpers #​4356

v0.95.1

Compare Source

Bug fixes:

• Oracle:
• MariaDB: lock row fix during migration in MariaDB and Oracle #​4865

v0.95.0

Compare Source

Note: there are many breaking changes in this version, particularly in TypeScript support. Please see UPGRADING.md for details.

New features:

• Add transaction isolation support #​4185
• Add analytic functions #​4188
• Change default to not trigger a promise rejection for transactions with a specified handler #​4195
• Make toSQL().toNative() work for Raw to match the API for QueryBuilder #​4058
• Allow 'match' operator #​3569
• Support optimizer hints #​4243
• Add parameter to prevent autoincrement columns from being primary keys #​4266
• Make "first" and "pluck" mutually exclusive #​4280
• Added merge strategy to allow selecting columns to upsert. #​4252
• Throw error if the array passed to insert is empty #​4289
• Events: introduce queryContext on query-error #​4301
• CLI: Use UTC timestamp for new migrations #​4245
• MSSQL: Replace MSSQL dialect with Tedious.js implementation #​2857 #​4281
• MSSQL: Use "nvarchar(max)" for ".json()" #​4278
• MSSQL: Schema builder - add predictable constraint names for default values #​4319
• MSSQL: Schema builder - attempt to drop default constraints when changing default value on columns #​4321
• SQLite: Fallback to json for sqlite3 when using jsonb #​4186
• SQLite: Return complete list of DDL commands for creating foreign keys #​4194
• SQLite: Support dropping composite foreign keys #​4202
• SQLite: Recreate indices when altering a table #​4277
• SQLite: Add support for altering columns #​4322

Bug fixes:

• Fix issue with .withSchema usage with joins on a subquery #​4267
• Fix issue with schema usage with FROM clause contain QueryBuilder, function or Raw #​4268
• CLI: Address raised security warnings by dropping liftoff #​4122
• CLI: Fix an issue with npm@​7 and ESM when type was set to 'module' in package.json #​4295
• PostgreSQL: Add check to only create native enum once #​3658
• SQLite: Fix foreign key "on delete" when altering a table #​4225
• SQLite: Made the constraint detection case-insensitive #​4330
• MySQL: Keep auto increment after rename #​4266
• MSSQL: don't raise query-error twice #​4314
• MSSQL: Alter column must have its own query #​4317

Typings:

• TypeScript 4.1+ is now required
• Add missing onConflict overrides #​4182
• Introduce the "infamous triplet" export #​4181
• Fix type definition of Transaction #​4172
• Add typedefinitions for havingNotIn #​4265
• Include 'name' property in MigratorConfig #​4300
• Improve join and conflict types #​4318
• Fix ArrayIfAlready type #​4331

Test / internal changes:

• Drop global Knex.raw #​4180
• Stop using legacy url.parse API #​3702
• Various internal refactorings #​4175 #​4177 #​4178 #​4192
• Refactor to classes #​4190 #​4191 #​4193 #​4210 #​4253
• Move transaction type tests to TSD #​4208
• Clean up destroy logic #​4248
• Colorize code snippets in readme files #​4234
• Add "Ecosystem" documentation for Knex plugins #​4183
• Documentation cleanup
• SQLite: Use SQLite "rename column" instead of a DDL helper #​4200
• SQLite: Simplify reinsert logic when altering a table #​4272

v0.21.21

Compare Source

v0.21.20

Compare Source

v0.21.19

Compare Source

• SQLite: Made the constraint detection case-insensitive #​4332

v0.21.18

Compare Source

• CLI: Fix an issue with npm@​7 and ESM when type was set to 'module' in package.json #​4295

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[sonarqubecloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
0.0% Duplication

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud