fix(deps): update dependency knex to v0.19.5 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
knex (source)	0.16.3 -> 0.19.5

GitHub Vulnerability Alerts

CVE-2019-10757

knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. Identifiers are escaped incorrectly as part of the MSSQL dialect, allowing attackers to craft a malicious query to the host DB.

---

Release Notes

knex/knex

v0.19.5

Compare Source

New features:

• CLI: Migrations up/down commands - filename parameter #​3416
• Oracle: Support stored procedures #​3449

Bug fixes:

• MSSQL: Escape column ids correctly in all cases (reported by Snyk Security Research Team) #​3382
• SQLite: Fix handling of multiline SQL in SQLite3 schema #​3411
• Fix concurrent child transactions failing #​2213 #​3440

Typings:

• Add missing Migrator.list typing #​3460
• Fix Typescript type inference for to better support wildcard (*) calls #​3444
• Make options argument optional in timeout #​3442

Test / internal changes:

• Enable linting in CI #​3450

v0.19.4

Compare Source

New features:

• Add undefined columns to undefined binding(s) error #​3425

Typings:

• Add specific to SeederConfig type #​3429
• Fix some issues with QueryBuilder types #​3427

v0.19.3

Compare Source

Bug fixes:

• Fix migrations for native enums to use table schema #​3307

New features:

• Add ability to manually define schema for native enums #​3307
• Add SSL/TLS support for Postgres connection string #​3410
• CLI: new command that lists all migrations with status #​3390

Typings:

• Include schemaName in EnumOptions #​3415
• Allow ColumnBuilder.defaultTo() to be null #​3407

Changes:

• migrate: Refactor _lockMigrations to avoid forUpdate - makes migrations compatible with CockroachDB #​3395

v0.19.2

Compare Source

Changes:

• Make transaction rejection consistent across dialects #​3399
• More consistent handling of nested transactions #​3393

New features:

• Fallback to JSON when using JSONB in MySQL #​3394

v0.19.1

Compare Source

New features:

• Allow to extend knex query builder #​3334
• Add .isCompleted() to transaction #​3368
• Minor enhancements around aliasing of aggregates #​3354

Typings:

• Update configuration typings to allow for oracle db connectionstring #​3361
• Update Knex.raw type to be any by default because the actual type is dialect specific #​3349

v0.19.0

Compare Source

Changes:

• Pooling: tarn.js connection pool was updated to version 2.0.0. This fixes issue with destroying connections and introduces support for connection pool event handlers. Please see tarn.js documentation for more details #​3345
• Pooling: Passing unsupported pooling configuration options now throws an error
• Pooling: beforeDestroy configuration option was removed

v0.18.4

Compare Source

New features:

• Seeds: Option to run specific seed file #​3335
• Implement "skipLocked()" and "noWait()" #​2961

Bug fixes:

• CLI: Respect the knexfile stub option while generating a migration #​3337
• Fix mssql import not being ignored, breaking webpack builds #​3336

v0.18.3

Compare Source

New features:

• CLI: add --stub option to migration:make #​3316

Bug fixes:

• Fix return duplicate transaction promise for standalone transactions #​3328

v0.18.2

Compare Source

Bug fixes:

• Fix remove duplicate transaction rejection #​3324
• Fix issues around specifying default values for columns #​3318
• CLI: Fix empty --version output #​3312

v0.18.1

Compare Source

Bug fixes:

• Do not reject duplicate promise on transaction rollback #​3319

v0.18.0

Compare Source

Bug fixes:

• Do not reject promise on transaction rollback (by default only for new, non-callback, style of transactions for now to avoid breaking old code) #​3235

New features:

• Added doNotRejectOnRollback options for starting transactions, to prevent rejecting promises on rollback for callback-style transactions.
• Use extension from knexfile for generating migrations unless overriden #​3282
• Use migrations.extension from config when generating migration #​3242
• Expose executionPromise for transactors #​3297

Bug fixes:

• Oracle: Updated handling of connection errors for disposal #​2608
• Fix extension resolution from env configs #​3294

Test / internal changes:

• Drop support for Node.js 6 #​3227
• Remove Babel #​3227
• Remove Bluebird #​3290 #​3287 #​3285 #​3267 #​3266 #​3263
• Fix comments that were modified by find & replace #​3308

Typings:

• Add workarounds for degraded inference when strictNullChecks is set to false #​3275
• Add stub type definition for Migrator config #​3279
• Add stub to seeds type #​3296
• Fix MSSQL config typings #​3269
• Add pgsql specific table builder method typings #​3146

v0.17.6

Compare Source

v0.17.5

Compare Source

Typings:

• Include result.d.ts in published package #​3271

v0.17.4

Compare Source

Typings:

• Fix some cases of left-to-right inference causing type mismatch #​3265
• Improve count typings #​3249

Bug fixes:

• Fix error message bubbling up on seed error #​3248

v0.17.3

Compare Source

Typings:

• Improve typings for aggregations #​3245
• Add decimalNumbers to MySqlConnectionConfig interface #​3244

v0.17.2

Compare Source

Typings

• Improve count typings #​3239

Bug fixes:

• "colorette" dependency breaks browserify builds #​3238

v0.17.1

Compare Source

New features:

• Add migrate:down functionality #​3228

Typings:

• Update type of aggregation results to not be arrays when first has been invoked before #​3237
• Include undefined in type of single row results #​3231
• Fix incorrect type definitions for single row queries #​3230

v0.17.0

Compare Source

New features:

• Add support for returning started transaction without immediately executing it #​3099
• Add support for passing transaction around with only starting it when needed #​3099
• Add clearHaving function #​3141
• Add --all flag for rollback in CLI #​3187
• Add error detail log to knex CLI #​3149
• Support multi-column whereIn in sqlite through values clause #​3220
• Allow users to specify the migrations "tableName" parameter via the CLI #​3214
• Unify object options handling for datetime/timestamp across dialects #​3181
• Add "up" command for migrations #​3205

Typings:

• Add default values for generic types (fixes backwards compatibility broken by 0.16.6) #​3189
• Make function types generic in type definitions #​3168
• Add missing types to MigratorConfig #​3174
• Add types for havingBetween, orHavingBetween, havingNotBetween and orHavingNotBetween #​3144
• Update Knex.Config types to include log #​3221
• Fix some more cases of missing typings #​3223
• Support type safe refs #​3215
• Expose some utility types #​3211
• Fix issues with typings of joins and some conflicts with Bluebird typings #​3209

Bug fixes:

• Fix order of migration rollback #​3172

Test / internal changes:

• Execute CI tests on Node.js 12 #​3171
• Docker-based test dbs #​3157
• Use cli-testlab for testing CLI #​3191

v0.16.5

Compare Source

• Bundle polyfills with knex for 0.16.x line again #​3139

v0.16.4

Compare Source

New features:

• Boolean param for rollback() to rollback all migrations #​2968
• seed:run print the file name of the failing seed #​2972 #​2973
• verbose option to CLI commands #​2887
• add intersect() #​3023
• Improved format for TS stubs #​3080
• MySQL: Support nullable timestamps #​3100
• MySQL: Warn .returning() does not have any effect #​3039

Bug fixes:

• Respect "loadExtensions" configuration #​2969
• Fix event listener duplication when using Migrator #​2982
• Fix fs-migrations breaking docs #​3022
• Fix sqlite3 drop/renameColumn() breaks with postProcessResponse #​3040
• Fix transaction support for migrations #​3084
• Fix queryContext not being passed to raw queries #​3111
• Typings: Allow to pass query builders, identifiers and raw in various places as parameters #​2960
• Typings: toNative() definition #​2996
• Typings: asCallback() definition #​2963
• Typings: queryContext() type definition Knex.Raw #​3002
• Typings: Add "constraintName" arg to primary() definition #​3006
• Typings: Add missing schemaName in MigratorConfig #​3016
• Typings: Add missing supported parameter types and toSQL method #​2960
• Typings: Update enum arguments to reflect latest signature #​3043
• Typings: Add size parameter to integer method #​3074
• Typings: Add 'string' as accepted Knex constructor type definition #​3105
• Typings: Add boolean as a column name in join #​3121
• Typings: Add missing clearOrder & clearCounters types #​3109
• Dependencies: Fix security warning #​3082
• Do not use unsupported column width/length arguments on data types int and tinyint in MSSQL #​2738

Changes:

• Make unionAll()'s call signature match union() #​3055

Test / internal changes:

• Swap chalk→colorette / minimist→getopts #​2718
• Always use well documented pg client query() config argument #​3004
• Do not bundle polyfills with knex #​3024

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[renovate]

Branch automerge failure

This PR was configured for branch automerge, however this is not possible so it has been raised as a PR instead.

---

• Branch has one or more failed status checks

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.