[Snyk] Upgrade knex from 0.21.8 to 2.2.0

[MarcelRaschke]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade knex from 0.21.8 to 2.2.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

Warning: This is a major version upgrade, and may be a breaking change.

• The recommended version is 49 versions ahead of your current version.
• The recommended version was released a month ago, on 2022-07-18.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Arbitrary File Write SNYK-JS-TAR-1579155	425/1000 Why? CVSS 8.5	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579152	425/1000 Why? CVSS 8.5	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579147	425/1000 Why? CVSS 8.5	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	425/1000 Why? CVSS 8.5	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	425/1000 Why? CVSS 8.5	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579155	425/1000 Why? CVSS 8.5	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579152	425/1000 Why? CVSS 8.5	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579147	425/1000 Why? CVSS 8.5	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	425/1000 Why? CVSS 8.5	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	425/1000 Why? CVSS 8.5	No Known Exploit
	Information Exposure SNYK-JS-SIMPLEGET-2361683	425/1000 Why? CVSS 8.5	Proof of Concept
	Information Exposure SNYK-JS-SIMPLEGET-2361683	425/1000 Why? CVSS 8.5	Proof of Concept
	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	425/1000 Why? CVSS 8.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-NORMALIZEURL-1296539	425/1000 Why? CVSS 8.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	425/1000 Why? CVSS 8.5	Proof of Concept
	Directory Traversal SNYK-JS-MOMENT-2440688	425/1000 Why? CVSS 8.5	No Known Exploit
	Command Injection SNYK-JS-LODASH-1040724	425/1000 Why? CVSS 8.5	Proof of Concept
	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	425/1000 Why? CVSS 8.5	No Known Exploit
	Denial of Service (DoS) SNYK-JS-JPEGJS-2859218	425/1000 Why? CVSS 8.5	Proof of Concept
	Prototype Pollution SNYK-JS-INI-1048974	425/1000 Why? CVSS 8.5	Proof of Concept
	Remote Code Execution (RCE) SNYK-JS-EJS-2803307	425/1000 Why? CVSS 8.5	Proof of Concept
	Prototype Pollution SNYK-JS-CACHEDPATHRELATIVE-2342653	425/1000 Why? CVSS 8.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	425/1000 Why? CVSS 8.5	Proof of Concept
	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	425/1000 Why? CVSS 8.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	425/1000 Why? CVSS 8.5	Proof of Concept
	Denial of Service (DoS) SNYK-JS-NWSAPI-2841516	425/1000 Why? CVSS 8.5	No Known Exploit
	Information Exposure SNYK-JS-NODEFETCH-2342118	425/1000 Why? CVSS 8.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	425/1000 Why? CVSS 8.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1243891	425/1000 Why? CVSS 8.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1085627	425/1000 Why? CVSS 8.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	425/1000 Why? CVSS 8.5	Proof of Concept
	Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	425/1000 Why? CVSS 8.5	No Known Exploit
	Arbitrary Code Injection SNYK-JS-EJS-1049328	425/1000 Why? CVSS 8.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	425/1000 Why? CVSS 8.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	425/1000 Why? CVSS 8.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	425/1000 Why? CVSS 8.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	425/1000 Why? CVSS 8.5	No Known Exploit
	Cross-site Scripting (XSS) SNYK-JS-STRIPTAGS-1312310	425/1000 Why? CVSS 8.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: knex

• 2.2.0 - 2022-07-18
  

  New features:

  • Inline primary key creation for postgres flavours #5233
  • SQLite: Add warning for undefined connection file #5223
  • MSSQL: Add JSON parameter support for connection #5200

  Bug fixes:

  • PostgreSQL: add primaryKey option for uuid #5212

  Typings:

  • Add promisable and better types #5222
  • Update raw query bind parameter type #5208
• 2.1.0 - 2022-05-26
  

  2.1.0 - 26 May, 2022

  New features:

  • Improve bundling experience to safely import dialects while using static paths #5142
  • Implement extendable builders #5041
  • PostgreSQL: Refresh materialized view concurrently #5166

  Bug fixes:

  • Use correct paths in package.json browser field #5174
  • MariaDB: Fix 'NULL' returned instead of NULL on MariaDB 10.2.6+ #5181
  • MySQL: fix hasColumn Error (hasColumn ('a_id') is true, but hasColumn('a_Id') is false) #5148
  • MSSQL: Fix .hasTable result when using .withSchema #5176
  • Oracle: correctly INSERTS Buffer #4869

  Typings:

  • Update type definitions for pg connection #5139
• 2.0.0 - 2022-04-21
  

  2.0.0 - 21 April, 2022

  Breaking changes

  • Restore sqlite3 package #5136

  Test / internal changes:

  • Migrate Husky from 4 to 7 #5137
  • Migrate Jake to 10.8.5 #5138
• 1.0.7 - 2022-04-13
  

  1.0.7 - 13 March, 2022

  Bug fixes:

  • CLI: Fix cli migrate:make SQLite dependency #5106

  1.0.6 - 12 March, 2022

  Bug fixes:

  • PostgreSQL: Wait for search path to be set before returning connection #5107
  • CLI: No client override during migrate:make #5109
• 1.0.6 - 2022-04-12
• 1.0.5 - 2022-04-04
  

  New features:

  • Override knexfile options with CLI options #4047

  Bug fixes:

  • Stringify json value in update #5063
  • Fix isModuleType() for yarn #4447
  • Wrapped Unions Fixes #5072
  • SQLite: Fix @ vscode-sqlite3 error message #5081
  • CLI: Fix completed migration listing #5060

  Typings:

  • Make default generic parameters of Knex match the generic parameter types of knex #5021
  • Update knex types for TS 4.7 #5095
• 1.0.4 - 2022-03-13
  

  1.0.4 - 13 March, 2022

  New features:

  • Add whereLike functions #5044

  Bug fixes:

  • Fix orWhereJsonPath clause #5022
  • Subquery in on clause missing parenthesis #5049
  • Rework Union Wrapping #5030
  • Oracle: Fix batch inserts with DEFAULT values with OracleDB #2592 #5037

  Typings:

  • Fix types for "returning" methods #5031
  • createTableLike callback should be optional #5055

  Documentation:

  • Website URL changed to https://knex.github.io/documentation/
• 1.0.3 - 2022-02-10
  

  1.0.3 - 11 February, 2022

  Bug fixes:

  • Fix error message for missing migration files #4937
  • Add withMaterialized and withNotMaterialized to method-constants #5009
  • PostgreSQL: Fix whereJsonPath queries #5011
  • PostgreSQL: Fix delete joins #5016
  • CockroachDB: Fix whereJsonPath queries #5011
  • MySQL: Create primary keys in same statement #5017

  Typings:

  • Fix type definition for getMigration in MigrationSource #4998
  • Fix argument type of alter method #4996

  Improvements:

  • Use async / await syntax in seeds as default #5005

  Documentation:

  • Add Firebird dialect to ECOSYSTEM.md #5003

  1.0.2 - 02 February, 2022

  New features:

  • Support of MATERIALIZED and NOT MATERIALIZED with WITH/CTE #4940
  • Add raw support in onConflict clause #4960
  • Alter nullable constraint when alterNullable is set to true #4730
  • Add alterType parameter for alter function #4967
  • Support string json in json values #4988
  • MySQL: add with clause #4508

  Bug fixes:

  • Fix error message for missing migration files #4937
  • Move deferrable to after on update/on delete #4976
  • Do not use sys.tables to find if a table exists #2328
  • PostgreSQL: Fix Order nulls #4989
  • MySQL: Fix collation when renaming column #2666
  • SQLite: Same boolean handling in better-sqlite3 as in sqlite3 #4982

  Typings:

  • WhereILike - fix typo #4941
• 1.0.2 - 2022-02-01
• 1.0.1 - 2022-01-16
  

  Bug fixes:

  • Fix package.json metadata
• 1.0.0 - 2022-01-16
  Read more
• 0.95.15 - 2021-12-21
• 0.95.14 - 2021-11-08
  Read more
• 0.95.13 - 2021-11-02
• 0.95.12 - 2021-10-27
• 0.95.12-rc6 - 2021-10-27
• 0.95.12-rc5 - 2021-10-25
• 0.95.12-rc4 - 2021-10-20
• 0.95.12-rc3 - 2021-10-16
• 0.95.12-rc2 - 2021-10-15
• 0.95.12-rc1 - 2021-10-15
• 0.95.11 - 2021-09-03
• 0.95.10 - 2021-08-20
• 0.95.9 - 2021-07-31
• 0.95.8 - 2021-07-25
• 0.95.7 - 2021-07-10
• 0.95.6 - 2021-05-17
• 0.95.5 - 2021-05-11
• 0.95.4 - 2021-03-26
• 0.95.3 - 2021-03-25
• 0.95.2 - 2021-03-11
• 0.95.1 - 2021-03-04
• 0.95.0 - 2021-03-03
• 0.95.0-next3 - 2021-02-18
• 0.95.0-next2 - 2021-02-15
• 0.95.0-next1 - 2021-02-08
• 0.21.21 - 2021-08-10
• 0.21.20 - 2021-08-07
• 0.21.19 - 2021-03-02
• 0.21.18 - 2021-02-22
• 0.21.17 - 2021-01-30
• 0.21.16 - 2021-01-17
• 0.21.15 - 2020-12-26
• 0.21.14 - 2020-12-18
• 0.21.13 - 2020-12-11
• 0.21.12 - 2020-11-02
• 0.21.11 - 2020-11-01
• 0.21.10 - 2020-10-31
• 0.21.9 - 2020-10-29
• 0.21.8 - 2020-10-27

from knex GitHub release notes

Commit messages

Package name: knex

• 72065c1 Prepare to release 2.2.0
• 49ea2b5 Bump actions/setup-node from 3.4.0 to 3.4.1 (#5265)
• 707aa35 Bump actions/setup-node from 3.2.0 to 3.4.0 (#5261)
• f33768c Fix unclosed stream connections (#5243)
• aaada36 Bump tsd from 0.21.0 to 0.22.0 (#5247)
• 27be81a Bump @ types/node from 17.0.45 to 18.0.4 (#5262)
• 8b0dd49 feat: inline primary key creation for postgres flavours (#5233)
• d371c04 Bump colorette from 2.0.18 to 2.0.19 (#5226)
• a0c6947 Updating raw query bind parameter type (#5208)
• fbb774b Bump typescript from 4.7.3 to 4.7.4 (#5230)
• 19c0079 Add warning for undefined connection file (#5223)
• 49f90f4 Bump tsd from 0.20.0 to 0.21.0 (#5215)
• cd092cc Bump colorette from 2.0.17 to 2.0.18 (#5220)
• f80ec1c Added promisable and better types (#5222)
• 0918bf9 fix(postgresql): add primaryKey option for uuid (#5212)
• bb07d42 Bump typescript from 4.7.2 to 4.7.3 (#5209)
• 1dc0966 Bump colorette from 2.0.16 to 2.0.17 (#5210)
• 29ba203 chore: update docs reference in sqlite3 warning (#5207)
• 84af57a Bump lint-staged from 12.5.0 to 13.0.0 (#5204)
• 8a50dd7 feat: Add JSON parameter support for MSSQL connection (#5200)
• 8bb9e83 Update TypeScript
• ac4ba2b Add missing hook
• a581116 Prepare to release 2.1.0
• bd59d93 Bump sinon from 13.0.2 to 14.0.0 (#5169)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs