Skip to content
This repository has been archived by the owner on Mar 4, 2024. It is now read-only.

chore(deps): update dependency sqlite3 to v5.1.5 [security] #30

Closed
wants to merge 1 commit into from
Closed

chore(deps): update dependency sqlite3 to v5.1.5 [security] #30

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Dec 9, 2022
edited
Loading

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
sqlite3 5.0.2 -> 5.1.5 age adoption passing confidence

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2022-21227

Affected versions of sqlite3 will experience a fatal error when supplying a specific object in the parameter array. This error causes the application to crash and could not be caught. Users of sqlite3 v5.0.0, v5.0.1 and v5.0.2 are affected by this. This issue is fixed in v5.0.3. All users are recommended to upgrade to v5.0.3 or later. Ensure there is sufficient sanitization in the parent application to protect against invalid values being supplied to binding parameters as a workaround.

CVE-2022-43441

Impact

Due to the underlying implementation of .ToString(), it's possible to execute arbitrary JavaScript, or to achieve a denial-of-service, if a binding parameter is a crafted Object.

Users of sqlite3 v5.0.0 - v5.1.4 are affected by this.

Patches

Fixed in v5.1.5. All users are recommended to upgrade to v5.1.5 or later.

Workarounds

  • Ensure there is sufficient sanitization in the parent application to protect against invalid values being supplied to binding parameters.

References

For more information

If you have any questions or comments about this advisory:

Credits: Dave McDaniel of Cisco Talos

Release Notes

TryGhost/node-sqlite3 (sqlite3)

v5.1.5

Compare Source

What's Changed

Full Changelog: TryGhost/node-sqlite3@v5.1.4...v5.1.5

v5.1.4

Compare Source

What's Changed

Full Changelog: TryGhost/node-sqlite3@v5.1.3...v5.1.4

v5.1.3

Compare Source

What's Changed

Full Changelog: TryGhost/node-sqlite3@v5.1.2...v5.1.3

v5.1.2

Compare Source

What's Changed

Full Changelog: TryGhost/node-sqlite3@v5.1.1...v5.1.2

v5.1.1

Compare Source

What's Changed

A huge thanks to MacStadium for providing an M1 Mac Mini so we can offer ARM64 binaries.

Full Changelog: TryGhost/node-sqlite3@v5.1.0...v5.1.1

v5.1.0

Compare Source

✨ We're very excited to announce node-sqlite3's first minor release of v5, packed with features and improvements.

If you encounter any problems, please open a detailed issue using the templates.

What's Changed

New Contributors

Full Changelog: TryGhost/node-sqlite3@v5.0.11...v5.1.0

v5.0.11

Compare Source

What's Changed

Full Changelog: TryGhost/node-sqlite3@v5.0.10...v5.0.11

v5.0.10

Compare Source

What's Changed

New Contributors

Full Changelog: TryGhost/node-sqlite3@v5.0.9...v5.0.10

v5.0.9

Compare Source

What's Changed

New Contributors

Full Changelog: TryGhost/node-sqlite3@v5.0.8...v5.0.9

v5.0.8

Compare Source

What's Changed

Full Changelog: TryGhost/node-sqlite3@v5.0.7...v5.0.8

v5.0.7

Compare Source

What's Changed

Full Changelog: TryGhost/node-sqlite3@v5.0.6...v5.0.7

v5.0.6

Compare Source

What's Changed

Full Changelog: TryGhost/node-sqlite3@v5.0.5...v5.0.6

v5.0.5

Compare Source

What's Changed

Thank you to everyone reporting issues with building sqlite3 or the prebuilt binaries 🙂 If you encounter an problem, please search open and closed issues for existing reports or open a new issue with as much system information as possible.

Full Changelog: TryGhost/node-sqlite3@v5.0.4...v5.0.5

v5.0.4

Compare Source

What's Changed

Full Changelog: TryGhost/node-sqlite3@v5.0.3...v5.0.4

v5.0.3

Compare Source

What's Changed

Known Problems

  • https://github.com/TryGhost/node-sqlite3/issues/1578 - the minimum glibc version for prebuilt binaries was bumped to 2.29. We hope to bring this back down within the next few releases but you will need to compile from source if your system ships with a lower version.
  • Prebuilt binaries for Linux do not work on musl systems. This should be fixed with TryGhost/node-sqlite3@8b2cdd9 but you will need to compile from source to use v5.0.3.

Full Changelog: TryGhost/node-sqlite3@v5.0.2...v5.0.3

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot changed the title chore(deps): update dependency sqlite3 to v5.0.3 [security] Update dependency sqlite3 to v5.0.3 [SECURITY] Dec 17, 2022
@renovate renovate bot changed the title Update dependency sqlite3 to v5.0.3 [SECURITY] chore(deps): update dependency sqlite3 to v5.0.3 [security] Dec 17, 2022
@renovate renovate bot force-pushed the renovate/npm-sqlite3-vulnerability branch from 5b24816 to 7b1ea99 Compare January 15, 2023 10:31
@codecov-commenter
Copy link

codecov-commenter commented Jan 15, 2023
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 86.51%. Comparing base (4652021) to head (aace14c).

Additional details and impacted files

Impacted file tree graph

@@           Coverage Diff           @@
##             main      #30   +/-   ##
=======================================
  Coverage   86.51%   86.51%           
=======================================
  Files          11       11           
  Lines         178      178           
  Branches       30       30           
=======================================
  Hits          154      154           
  Misses         24       24

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 4652021...aace14c. Read the comment docs.

@renovate renovate bot force-pushed the renovate/npm-sqlite3-vulnerability branch from 7b1ea99 to adfca1b Compare January 21, 2023 05:55
@renovate renovate bot force-pushed the renovate/npm-sqlite3-vulnerability branch from adfca1b to dc918f1 Compare February 1, 2023 08:02
@renovate renovate bot force-pushed the renovate/npm-sqlite3-vulnerability branch from dc918f1 to 73b416c Compare February 15, 2023 08:02
@renovate renovate bot changed the title chore(deps): update dependency sqlite3 to v5.0.3 [security] chore(deps): update dependency sqlite3 to v5.1.5 [security] Mar 16, 2023
@renovate renovate bot force-pushed the renovate/npm-sqlite3-vulnerability branch 2 times, most recently from 5e2aa93 to abf8eb9 Compare March 16, 2023 19:59
@renovate renovate bot force-pushed the renovate/npm-sqlite3-vulnerability branch from abf8eb9 to 17cd1c2 Compare April 27, 2023 17:22
@renovate renovate bot force-pushed the renovate/npm-sqlite3-vulnerability branch from 17cd1c2 to c6448dc Compare May 28, 2023 17:50
@renovate renovate bot force-pushed the renovate/npm-sqlite3-vulnerability branch 10 times, most recently from 624847f to 467e391 Compare June 15, 2023 19:36
@renovate renovate bot force-pushed the renovate/npm-sqlite3-vulnerability branch from 467e391 to 31166f6 Compare June 16, 2023 17:54
@renovate renovate bot force-pushed the renovate/npm-sqlite3-vulnerability branch from 31166f6 to 246ac2c Compare June 29, 2023 10:39
@renovate renovate bot force-pushed the renovate/npm-sqlite3-vulnerability branch 6 times, most recently from 56a249e to 50da0a1 Compare July 12, 2023 20:36
@renovate renovate bot force-pushed the renovate/npm-sqlite3-vulnerability branch 2 times, most recently from c1a4ca6 to b8d7321 Compare July 19, 2023 10:01
@renovate renovate bot force-pushed the renovate/npm-sqlite3-vulnerability branch 2 times, most recently from 5c36628 to c3e8729 Compare August 27, 2023 12:08
@renovate renovate bot force-pushed the renovate/npm-sqlite3-vulnerability branch 2 times, most recently from 1ca9441 to 546bb12 Compare August 31, 2023 05:24
@renovate renovate bot force-pushed the renovate/npm-sqlite3-vulnerability branch from 546bb12 to a683dfe Compare October 13, 2023 15:33
@renovate renovate bot force-pushed the renovate/npm-sqlite3-vulnerability branch from a683dfe to 68a3145 Compare October 23, 2023 15:19
@renovate renovate bot force-pushed the renovate/npm-sqlite3-vulnerability branch from 68a3145 to bcdc34e Compare November 5, 2023 00:41
@renovate renovate bot force-pushed the renovate/npm-sqlite3-vulnerability branch from bcdc34e to 2bf8ea6 Compare January 28, 2024 12:06
@renovate renovate bot force-pushed the renovate/npm-sqlite3-vulnerability branch from 2bf8ea6 to aace14c Compare February 25, 2024 10:04
@silasbw silasbw closed this Mar 4, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@codecov-commenter @silasbw