Open
Conversation
Snyk has created this PR to upgrade sqlite3 from 5.0.2 to 5.1.7. See this package in npm: sqlite3 See this project in Snyk: https://app.snyk.io/org/wesleyr10/project/00e1491a-608d-459f-92f4-1ffa2393ab68?utm_source=github&utm_medium=referral&page=upgrade-pr
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade sqlite3 from 5.0.2 to 5.1.7.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 18 versions ahead of your current version.
The recommended version was released on 8 months ago.
Issues fixed by the recommended upgrade:
SNYK-JS-ANSIREGEX-1583908
SNYK-JS-TAR-1579147
SNYK-JS-TAR-1579152
SNYK-JS-TAR-1579155
SNYK-JS-SQLITE3-2388645
SNYK-JS-SQLITE3-3358947
SNYK-JS-TAR-1536528
SNYK-JS-TAR-1536531
SNYK-JS-TAR-6476909
SNYK-JS-TAR-6476909
SNYK-JS-TOUGHCOOKIE-5672873
SNYK-JS-REQUEST-3361831
SNYK-JS-TAR-1536758
Release notes
Package name: sqlite3
-
5.1.7 - 2024-01-05
- Updated bundled SQLite to v3.44.2 by @ daniellockyer
- Replaced
- this should fix a lot of bundling issues reported by the community
- Improved
- Various minor code refactors and improvements (thanks @ zenon8adams!)
- @ zenon8adams made their first contribution in #1701
-
5.1.7-rc.0 - 2023-12-29
-
5.1.6 - 2023-03-14
- Fixed glibc compatibility by hardcoding lower version for
- Add generic type annotations for Statement and Database get/all/each methods callback rows by @ stevescruz in #1686
- @ stevescruz made their first contribution in #1686
-
5.1.5 - 2023-03-13
- 🔒 Fixed code execution vulnerability due to Object coercion by @ daniellockyer
- Updated bundled SQLite to v3.41.1 by @ daniellockyer
- Fixed rpath linker option when using a custom sqlite by @ jeromew in #1654
-
5.1.4 - 2022-12-12
- Fixed glibc compatibility by downgrading CI to Ubuntu 20 by @ daniellockyer in #1664
-
5.1.3 - 2022-12-12
- Updated bundled SQLite to v3.40.0 by @ daniellockyer
-
5.1.2 - 2022-10-03
- Updated bundled SQLite to v3.39.4 by @ daniellockyer
-
5.1.1 - 2022-09-15
- Added Darwin ARM64 binaries by @ daniellockyer in #1594
-
5.1.0 - 2022-09-14
- Updated bundled SQLite to v3.39.3 by @ daniellockyer
- Added ability to receive updates from
- Added support for setting SQLite limits by @ paulfitz in #1548
- Added library types file by @ bpasero in #1527
- Added
- Fixed remaining method declarations by @ alexanderfloh in #1633
- Fixed importing
- @ JoelEinbinder made their first contribution in #1628
- @ mahdi-farnia made their first contribution in #1632
- @ soukand made their first contribution in #1267
-
5.0.11 - 2022-07-31
- Restored compatibility for Alpine 3.15 by @ daniellockyer in #1626
-
5.0.10 - 2022-07-22
-
5.0.9 - 2022-07-14
-
5.0.8 - 2022-05-06
-
5.0.7 - 2022-05-05
-
5.0.6 - 2022-04-27
-
5.0.5 - 2022-04-22
-
5.0.4 - 2022-04-18
-
5.0.3 - 2022-04-13
-
5.0.2 - 2021-02-15
from sqlite3 GitHub release notesWhat's Changed
@ mapbox/node-pre-gypwithprebuild+prebuild-install(605c7f9) by @ daniellockyerRowToJSperformance by removingNapi::String::Newinstantiation by @ daniellockyerNew Contributors
Full Changelog: v5.1.6...v5.1.7
Please install
v5.1.7instead.Full Changelog: v5.1.6...v5.1.7-rc.0
What's Changed
log2by @ daniellockyerNew Contributors
Full Changelog: v5.1.5...v5.1.6
What's Changed
Full Changelog: v5.1.4...v5.1.5
What's Changed
Full Changelog: v5.1.3...v5.1.4
What's Changed
Full Changelog: v5.1.2...v5.1.3
What's Changed
Full Changelog: v5.1.1...v5.1.2
What's Changed
A huge thanks to MacStadium for providing an M1 Mac Mini so we can offer ARM64 binaries.
Full Changelog: v5.1.0...v5.1.1
✨ We're very excited to announce node-sqlite3's first minor release of v5, packed with features and improvements.
If you encounter any problems, please open a detailed issue using the templates.
What's Changed
sqlite3_update_hookby @ soukand in #1267package-lock.jsonto.gitignoreby @ JoelEinbinder in #1628sqlite3#verboseusing destructuring syntax by @ mahdi-farnia in #1632New Contributors
Full Changelog: v5.0.11...v5.1.0
What's Changed
Full Changelog: v5.0.10...v5.0.11
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"sqlite3","from":"5.0.2","to":"5.1.7"}],"env":"prod","hasFixes":true,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-ANSIREGEX-1583908","issue_id":"SNYK-JS-ANSIREGEX-1583908","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1579147","issue_id":"SNYK-JS-TAR-1579147","priority_score":639,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.5","score":425},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary File Write"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1579152","issue_id":"SNYK-JS-TAR-1579152","priority_score":639,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.5","score":425},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary File Write"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1579155","issue_id":"SNYK-JS-TAR-1579155","priority_score":639,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.5","score":425},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary File Write"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SQLITE3-2388645","issue_id":"SNYK-JS-SQLITE3-2388645","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-SQLITE3-3358947","issue_id":"SNYK-JS-SQLITE3-3358947","priority_score":619,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary Code Execution"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1536528","issue_id":"SNYK-JS-TAR-1536528","priority_score":624,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.2","score":410},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary File Overwrite"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1536531","issue_id":"SNYK-JS-TAR-1536531","priority_score":624,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.2","score":410},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary File Overwrite"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-TAR-6476909","issue_id":"SNYK-JS-TAR-6476909","priority_score":646,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Uncontrolled Resource Consumption ('Resource Exhaustion')"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-TAR-6476909","issue_id":"SNYK-JS-TAR-6476909","priority_score":646,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Uncontrolled Resource Consumption ('Resource Exhaustion')"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-TOUGHCOOKIE-5672873","issue_id":"SNYK-JS-TOUGHCOOKIE-5672873","priority_score":646,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-REQUEST-3361831","issue_id":"SNYK-JS-REQUEST-3361831","priority_score":646,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1536758","issue_id":"SNYK-JS-TAR-1536758","priority_score":410,"priority_score_factors":[{"type":"exploit","label":"Unproven","score":11},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Regular Expression Denial of Service (ReDoS)"}],"prId":"369d23ad-41db-4e40-9da5-fc75539714f8","prPublicId":"369d23ad-41db-4e40-9da5-fc75539714f8","packageManager":"npm","priorityScoreList":[696,639,639,639,696,619,624,624,646,646,646,410],"projectPublicId":"00e1491a-608d-459f-92f4-1ffa2393ab68","projectUrl":"https://app.snyk.io/org/wesleyr10/project/00e1491a-608d-459f-92f4-1ffa2393ab68?utm_source=github&utm_medium=referral&page=upgrade-pr","prType":"upgrade","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["priorityScore"],"type":"auto","upgrade":["SNYK-JS-ANSIREGEX-1583908","SNYK-JS-TAR-1579147","SNYK-JS-TAR-1579152","SNYK-JS-TAR-1579155","SNYK-JS-SQLITE3-2388645","SNYK-JS-SQLITE3-3358947","SNYK-JS-TAR-1536528","SNYK-JS-TAR-1536531","SNYK-JS-TAR-6476909","SNYK-JS-TAR-6476909","SNYK-JS-TOUGHCOOKIE-5672873","SNYK-JS-REQUEST-3361831","SNYK-JS-TAR-1536758"],"upgradeInfo":{"versionsDiff":18,"publishedDate":"2024-01-05T08:48:16.555Z"},"vulns":["SNYK-JS-ANSIREGEX-1583908","SNYK-JS-TAR-1579147","SNYK-JS-TAR-1579152","SNYK-JS-TAR-1579155","SNYK-JS-SQLITE3-2388645","SNYK-JS-SQLITE3-3358947","SNYK-JS-TAR-1536528","SNYK-JS-TAR-1536531","SNYK-JS-TAR-6476909","SNYK-JS-TAR-6476909","SNYK-JS-TOUGHCOOKIE-5672873","SNYK-JS-REQUEST-3361831","SNYK-JS-TAR-1536758"]}'