fix(deps): update dependency knex to v2 [security]

[renovate]

Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more here.

This PR contains the following updates:

Package	Change	Age	Confidence
knex (source)	^0.95 -> ^2.0.0

GitHub Vulnerability Alerts

CVE-2016-20018

Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query. This vulnerability has been fixed in version 2.4.0.

---

Release Notes

knex/knex (knex)

v2.4.0

Compare Source

New features:

• Support partial unique indexes #​5316
• Make compiling SQL in error message optional #​5282

Bug fixes

• Insert array into json column #​5321
• Fix unexpected max acquire-timeout #​5377
• Fix: orWhereJson #​5361
• MySQL: Add assertion for basic where clause not to be object or array #​1227
• SQLite: Fix changing the default value of a boolean column in SQLite #​5319

Typings:

• add missing type for 'expirationChecker' on PgConnectionConfig #​5334

v2.3.0

Compare Source

New features:

• PostgreSQL: Explicit jsonb support for custom pg clients #​5201
• SQLite: Support returning with sqlite3 and better-sqlite3 #​5285
• MSSQL: Implement mapBinding mssql dialect option #​5292

Typings:

• Update types for TS 4.8 #​5279
• Fix typo #​5267
• Fix WhereJsonObject withCompositeTableType #​5306
• Fix AnalyticFunction type #​5304
• Infer specific column value type in aggregations #​5297

v2.2.0

Compare Source

New features:

• Inline primary key creation for postgres flavours #​5233
• SQLite: Add warning for undefined connection file #​5223
• MSSQL: Add JSON parameter support for connection #​5200

Bug fixes:

• PostgreSQL: add primaryKey option for uuid #​5212

Typings:

• Add promisable and better types #​5222
• Update raw query bind parameter type #​5208

v2.1.0

Compare Source

New features:

• Improve bundling experience to safely import dialects while using static paths #​5142
• Implement extendable builders #​5041
• PostgreSQL: Refresh materialized view concurrently #​5166

Bug fixes:

• Use correct paths in package.json browser field #​5174
• MariaDB: Fix 'NULL' returned instead of NULL on MariaDB 10.2.6+ #​5181
• MySQL: fix hasColumn Error (hasColumn ('a_id') is true, but hasColumn('a_Id') is false) #​5148
• MSSQL: Fix .hasTable result when using .withSchema #​5176
• Oracle: correctly INSERTS Buffer #​4869

Typings:

• Update type definitions for pg connection #​5139

v2.0.0

Compare Source

Breaking changes

• Restore sqlite3 package #​5136

Test / internal changes:

• Migrate Husky from 4 to 7 #​5137
• Migrate Jake to 10.8.5 #​5138

v1.0.7

Compare Source

Bug fixes:

• CLI: Fix cli migrate:make SQLite dependency #​5106

v1.0.6

Compare Source

Bug fixes:

• PostgreSQL: Wait for search path to be set before returning connection #​5107
• CLI: No client override during migrate:make #​5109

v1.0.5

Compare Source

New features:

• Override knexfile options with CLI options #​4047

Bug fixes:

• Stringify json value in update #​5063
• Fix isModuleType() for yarn #​4447
• Wrapped Unions Fixes #​5072
• SQLite: Fix @​vscode-sqlite3 error message #​5081
• CLI: Fix completed migration listing #​5060

Typings:

• Make default generic parameters of Knex match the generic parameter types of knex #​5021
• Update knex types for TS 4.7 #​5095

v1.0.4

Compare Source

New features:

• Add whereLike functions #​5044

Bug fixes:

• Fix orWhereJsonPath clause #​5022
• Subquery in on clause missing parenthesis #​5049
• Rework Union Wrapping #​5030
• Oracle: Fix batch inserts with DEFAULT values with OracleDB #​2592 #​5037

Typings:

• Fix types for "returning" methods #​5031
• createTableLike callback should be optional #​5055

Documentation:

• Website URL changed to https://knex.github.io/documentation/

v1.0.3

Compare Source

Bug fixes:

• Fix error message for missing migration files #​4937
• Add withMaterialized and withNotMaterialized to method-constants #​5009
• PostgreSQL: Fix whereJsonPath queries #​5011
• PostgreSQL: Fix delete joins #​5016
• CockroachDB: Fix whereJsonPath queries #​5011
• MySQL: Create primary keys in same statement #​5017

Typings:

• Fix type definition for getMigration in MigrationSource #​4998
• Fix argument type of alter method #​4996

Improvements:

• Use async / await syntax in seeds as default #​5005

Documentation:

• Add Firebird dialect to ECOSYSTEM.md #​5003

v1.0.2

Compare Source

New features:

• Support of MATERIALIZED and NOT MATERIALIZED with WITH/CTE #​4940
• Add raw support in onConflict clause #​4960
• Alter nullable constraint when alterNullable is set to true #​4730
• Add alterType parameter for alter function #​4967
• Support string json in json values #​4988
• MySQL: add with clause #​4508

Bug fixes:

• Fix error message for missing migration files #​4937
• Move deferrable to after on update/on delete #​4976
• Do not use sys.tables to find if a table exists #​2328
• PostgreSQL: Fix Order nulls #​4989
• MySQL: Fix collation when renaming column #​2666
• SQLite: Same boolean handling in better-sqlite3 as in sqlite3 #​4982

Typings:

• WhereILike - fix typo #​4941

v1.0.1

Compare Source

Bug fixes:

• Fix package.json metadata

v1.0.0

Compare Source

Breaking changes

• Dropped support for Node 10;
• Replaced unsupported sqlite3 driver with @vscode/sqlite3;
• Changed data structure from RETURNING operation to be consistent with SELECT;
• Changed Migrator to return list of migrations as objects consistently.

New features:

• Support fromRaw #​4781
• Support zero precision in timestamp/datetime #​4784
• Support whereLike and whereILike #​4779
• Add JSDoc (TS flavor) to stub files #​4809
• Allow skip binding in limit and offset #​4811
• Support creating a new table in the database based on another table #​4821
• Accept Raw on onIn joins #​4830
• Implement support for custom seed sources #​4842
• Add binary uuid option #​4836
• ForUpdate array parameter #​4882
• Add camel case to timestamps method #​4803
• Advanced JSON support #​4859
• Add type to TypeScript knexfile #​4909
• Checks Constraints Support #​4874
• Support creating multiple PKs with increments #​4903
• Enable wrapIdentifier for SQLite .hasTable #​4915
• MSSQL: Add support for unique constraint #​4887
• SQLite: New dialect, using better-sqlite3 driver #​4871
• SQLite: Switch to @​vscode/sqlite3 #​4866
• SQLite: Support createViewOrReplace #​4856
• SQLite: Support RETURNING statements for better-sqlite3 driver #​4934
• PostgreSQL: Support JOIN and USING syntax for Delete Statement #​4800

Bug fixes:

• Fix overzealous warning on use of whereNot with "in" or "between" #​4780
• Fix Union all + first syntax error #​4799
• Make view columns optional in create view like #​4829
• Insert lock row fix during migration #​4865
• Fix for createViewOrReplace #​4856
• SQLite: Fix foreign key constraints when altering a table #​4189
• MySQL: Validate connection fix #​4794
• MySQL: Set comment size warning limit to 1024 #​4867

Typings:

• Allow string indexType in index creation #​4791
• Add missing ints typings #​4832
• Returning method types #​4881
• Improve columnInfo type #​4868

v0.95.15

Compare Source

Bug fixes:

• Oracle:
• MariaDB: lock row fix during migration in MariaDB and Oracle #​4865

v0.95.14

Compare Source

Bug fixes:

• MySQL: mysql2 dialect validate connection fix #​4794

v0.95.13

Compare Source

Bug fixes:

• PostgreSQL: Support zero precision in timestamp/datetime #​4784

Typings:

• Allow string indexType in index creation #​4791

v0.95.12

Compare Source

New features:

• New dialect: CockroachDB #​4742
• New dialect: pg-native #​4327
• CockroachDB: add support for upsert #​4767
• PostgreSQL: Support SELECT .. FOR NO KEY UPDATE / KEY SHARE row level locking clauses #​4755
• PostgreSQL: Add support for 'CASCADE' in PostgreSQL 'DROP SCHEMA' queries #​4713
• MySQL: Add storage engine index Type support to index() and unique() schema #​4756
• MSSQL: Support table.primary, table.unique variant with options object #​4710
• SQLite: Add setNullable support to SQLite #​4684
• Add geometry column building #​4776
• Add support for creating table copies #​1373
• Implement support for views and materialized views #​1626
• Implement partial index support #​4768
• Support for 'is null' in 'order by' #​3667

Bug fixes:

• Fix support for Oracle connections passed via knex.connection() #​4757
• Avoid inserting multiple locks if a migration lock already exists #​4694

Typings:

• Some TableBuilder methods return wrong types #​4764
• Update JoinRaw bindings type to accept arrays #​4752
• fix onDelete/onUpdate for ColumnBuilder #​4656

v0.95.11

Compare Source

New features:

• Add support for nullability modification via schema builder (table.setNullable() and table.dropNullable()) #​4657
• MySQL: Add support for mysql/mariadb-client JSON parameters in connectionURIs #​4629
• MSSQL: Support comments as MS_Description properties #​4632

Bug fixes:

• Fix Analytic orderBy and partitionBy to follow the SQL documentation #​4602
• CLI: fix migrate:up for migrations disabling transactions #​4550
• SQLite: Fix adding a column with a foreign key constraint in SQLite #​4649
• MSSQL: columnInfo() support case-sensitive database collations #​4633
• MSSQL: Generate valid SQL for withRecursive() #​4514
• Oracle: withRecursive: omit invalid RECURSIVE keyword, include column list #​4514

Improvements:

• Add .mjs migration and seed stubs #​4631
• SQLite: Clean up DDL handling and move all operations to the parser-based approach #​4648

v0.95.10

Compare Source

Improvements:

• Use sys info function instead of connection db name #​4623

Typings:

• Deferrable and withkeyName should not be in ColumnBuilder #​4600

v0.95.9

Compare Source

New features:

• Oracle: support specifying schema for dropTable and dropSequence #​4596
• Oracle: support specifying schema for autoincrement #​4594

Typings:

• Add TypeScript support for deferrable, new Primary/Unique syntax #​4589

v0.95.8

Compare Source

New features:

• Add deferrable support for constraint #​4584
• Implement delete with join #​4568
• Add DPI error codes for Oracle #​4536

Bug fixes:

• Fixing PostgreSQL datetime and timestamp column created with wrong format #​4578

Typings:

• Improve analytic types #​4576
• MSSQL: Add trustServerCertificate option #​4500

v0.95.7

Compare Source

New features:

• Add ability to omit columns on an onConflict().ignore() #​4557
• CLI: Log error message #​4534

Typings:

• Export Knex.TransactionConfig #​4498
• Include options object in count(Distinct) typings #​4491
• Add types for analytic functions #​4544

---

Configuration

📅 Schedule: Branch creation - "" in timezone Europe/Paris, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	has@​1.0.4
	is-unicode-supported@​0.1.0
	is-interactive@​1.0.0
	array.prototype.tosorted@​1.1.4
	array.prototype.flatmap@​1.3.2
	boolbase@​1.0.0
	get-value@​2.0.6
	caller-path@​2.0.0
	copy-descriptor@​0.1.1
	@​jest/​globals@​29.7.0
	@​jest/​source-map@​29.6.3
	@​pkgr/​core@​0.1.1
	@​sideway/​pinpoint@​2.0.0
	core-util-is@​1.0.3
	astral-regex@​1.0.0
	@​svgr/​babel-plugin-remove-jsx-empty-expression@​8.0.0
	@​jest/​expect@​29.7.0
	fast-base64-decode@​1.0.0
	domelementtype@​2.3.0
	@​jest/​test-sequencer@​29.7.0
	@​socialgouv/​eslint-config-react@​1.131.0
	@​types/​json5@​0.0.29
	eslint-module-utils@​2.8.2
	is-typedarray@​1.0.0
	@​types/​uuid@​8.3.4
	@​typescript-eslint/​visitor-keys@​5.62.0
	import-local@​3.2.0
	@​babel/​plugin-transform-nullish-coalescing-operator@​7.24.7
	@​svgr/​babel-plugin-remove-jsx-attribute@​8.0.0
	@​types/​react-native-indicators@​0.16.6
	eslint-config-prettier@​8.6.0
	callsites@​2.0.0
	@​types/​geojson@​7946.0.14
See 177 more rows in the dashboard

View full report

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud