[Snyk] Upgrade sqlite3 from 5.0.2 to 5.1.7 #135

marcos-test-dev · 2024-05-20T21:54:37Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade sqlite3 from 5.0.2 to 5.1.7.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 18 versions ahead of your current version.
The recommended version was released 5 months ago, on 2024-01-05.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Denial of Service (DoS) SNYK-JS-SQLITE3-2388645	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
Arbitrary Code Execution SNYK-JS-SQLITE3-3358947	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536528	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536531	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579147	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579152	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579155	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: sqlite3

5.1.7 - 2024-01-05
What's Changed
- Updated bundled SQLite to v3.44.2 by @ daniellockyer
- Replaced @ mapbox/node-pre-gyp with prebuild + prebuild-install (605c7f9) by @ daniellockyer
  - this should fix a lot of bundling issues reported by the community
- Improved RowToJS performance by removing Napi::String::New instantiation by @ daniellockyer
- Various minor code refactors and improvements (thanks @ zenon8adams!)
New Contributors
- @ zenon8adams made their first contribution in #1701
Full Changelog: v5.1.6...v5.1.7
5.1.7-rc.0 - 2023-12-29
Please install v5.1.7 instead.

Full Changelog: v5.1.6...v5.1.7-rc.0
5.1.6 - 2023-03-14
What's Changed
- Fixed glibc compatibility by hardcoding lower version for log2 by @ daniellockyer
- Add generic type annotations for Statement and Database get/all/each methods callback rows by @ stevescruz in #1686
New Contributors
- @ stevescruz made their first contribution in #1686
Full Changelog: v5.1.5...v5.1.6
5.1.5 - 2023-03-13
What's Changed
- 🔒 Fixed code execution vulnerability due to Object coercion by @ daniellockyer
- Updated bundled SQLite to v3.41.1 by @ daniellockyer
- Fixed rpath linker option when using a custom sqlite by @ jeromew in #1654
Full Changelog: v5.1.4...v5.1.5
5.1.4 - 2022-12-12
What's Changed
- Fixed glibc compatibility by downgrading CI to Ubuntu 20 by @ daniellockyer in #1664
Full Changelog: v5.1.3...v5.1.4
5.1.3 - 2022-12-12
What's Changed
- Updated bundled SQLite to v3.40.0 by @ daniellockyer
Full Changelog: v5.1.2...v5.1.3
5.1.2 - 2022-10-03
What's Changed
- Updated bundled SQLite to v3.39.4 by @ daniellockyer
Full Changelog: v5.1.1...v5.1.2
5.1.1 - 2022-09-15
What's Changed
- Added Darwin ARM64 binaries by @ daniellockyer in #1594
A huge thanks to MacStadium for providing an M1 Mac Mini so we can offer ARM64 binaries.

Full Changelog: v5.1.0...v5.1.1
5.1.0 - 2022-09-14
✨ We're very excited to announce node-sqlite3's first minor release of v5, packed with features and improvements.

If you encounter any problems, please open a detailed issue using the templates.

What's Changed
- Updated bundled SQLite to v3.39.3 by @ daniellockyer
- Added ability to receive updates from sqlite3_update_hook by @ soukand in #1267
- Added support for setting SQLite limits by @ paulfitz in #1548
- Added library types file by @ bpasero in #1527
- Added package-lock.json to .gitignore by @ JoelEinbinder in #1628
- Fixed remaining method declarations by @ alexanderfloh in #1633
- Fixed importing sqlite3#verbose using destructuring syntax by @ mahdi-farnia in #1632
New Contributors
- @ JoelEinbinder made their first contribution in #1628
- @ mahdi-farnia made their first contribution in #1632
- @ soukand made their first contribution in #1267
Full Changelog: v5.0.11...v5.1.0
5.0.11 - 2022-07-31
What's Changed
- Restored compatibility for Alpine 3.15 by @ daniellockyer in #1626
Full Changelog: v5.0.10...v5.0.11
5.0.10 - 2022-07-22
5.0.9 - 2022-07-14
5.0.8 - 2022-05-06
5.0.7 - 2022-05-05
5.0.6 - 2022-04-27
5.0.5 - 2022-04-22
5.0.4 - 2022-04-18
5.0.3 - 2022-04-13
5.0.2 - 2021-02-15

from sqlite3 GitHub release notes

Commit messages

Package name: sqlite3

ba4ba07 v5.1.7
d04c1fb Removed Node version from matrix title
03d6e75 v5.1.7-rc.0
8398daa Fixed uploading assets from Docker
8b86e41 Fixed uploading release assets on Windows
83c8c0a Configured releases to be created as prereleases
f792f69 Update dependency node-addon-api to v7
4ef11bf Removed extraneous parameter to event emit function
e99160a Inlined `init()` functions into class header files
3372130 Improved `RowToJS` performance by removing `Napi::String::New` instantiation
77b327c Increased number of rows inserted into benchmark database
603e468 Fixed minor linting warning
8bda876 Refactored Database to use macros for method definitions
5809f62 Fixed uploading prebuilt binaries from Docker
aabd297 Update actions/setup-node action to v4
c775b81 Extracted common Node-API queuing code into macro
2595304 Updated list of supported targets
605c7f9 Replaced `@ mapbox/node-pre-gyp` in favor of `prebuild` + `prebuild-install`
a2cee71 Update dependency mocha to v10
7674271 Update dependency eslint to v8
83e282d Update actions/checkout digest to b4ffde6
8482aaf Update docker/setup-buildx-action action to v3
c74f267 Update docker/setup-qemu-action action to v3
9e8b2ee Reworked CI versions

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Note: This is a default PR template raised by Snyk. Find out more about how you can customise Snyk PRs in our documentation.

Snyk has created this PR to upgrade sqlite3 from 5.0.2 to 5.1.7. See this package in npm: sqlite3 See this project in Snyk: https://app.snyk.io/org/marcosmisc07-rxs/project/a9071cd2-3faf-44bf-8bb4-5f11fdd7a2ec?utm_source=github&utm_medium=referral&page=upgrade-pr

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade sqlite3 from 5.0.2 to 5.1.7 #135

[Snyk] Upgrade sqlite3 from 5.0.2 to 5.1.7 #135

marcos-test-dev commented May 20, 2024

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

What's Changed

What's Changed

What's Changed

What's Changed

What's Changed

New Contributors

What's Changed

[Snyk] Upgrade sqlite3 from 5.0.2 to 5.1.7 #135

Are you sure you want to change the base?

[Snyk] Upgrade sqlite3 from 5.0.2 to 5.1.7 #135

Conversation

marcos-test-dev commented May 20, 2024

Snyk has created this PR to upgrade sqlite3 from 5.0.2 to 5.1.7.

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

What's Changed

What's Changed

What's Changed

What's Changed

What's Changed

New Contributors

What's Changed