[Snyk] Security upgrade knex from 0.95.15 to 2.4.0

Max Vorobyevrequested to merge
snyk-fix-2a2f0961638fcaa32d51899a3d2b5cfe into master

Created by: snyk-bot

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 823/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.6		 SQL Injection
SNYK-JS-KNEX-3175610 		Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: knex The new version differs by 203 commits.
  • 3475d81 Prepare to release 2.4.0
  • e97f922 Bump tsd from 0.24.1 to 0.25.0 (#5396)
  • e145322 1227: add assertion for basic where clause values (#5417)
  • 962bb0a Bump sinon from 14.0.2 to 15.0.1 (#5413)
  • ab45314 Add JSDoc (TS Flavour) to mjs stub file (#5390)
  • 72bd1f7 Fix: orWhereJson (#5361)
  • 4fc939a Fixes unexpected max acquire-timeout (#5377)
  • 5c4837c Fix lib/.gitignore path separator on Windows. (#5325)
  • 7dbbd00 Bump actions/setup-node from 3.4.1 to 3.5.1 (#5356)
  • d39051f fix: add missing type for 'expirationChecker' on PgConnectionConfig (#5334)
  • f7ccde8 Make compiling SQL in error message optional (#5282)
  • 82610ca Bump tsd from 0.23.0 to 0.24.1 (#5329)
  • cb5be88 Bump typescript from 4.8.2 to 4.8.3 (#5324)
  • dc6dbbf fix: insert array into json column (#5321)
  • 864530c feat: support partial unique indexes (#5316)
  • 6bed5e9 Fix changing the default value of a boolean column in SQLite (#5319)
  • f52b2c5 Merge remote-tracking branch 'origin/master'
  • 05c4707 Prepare to release 2.3.0
  • 13b61c0 Update dependencies (#5317)
  • 97fccdf Explicit jsonb support for custom pg clients (#5201)
  • 1cc1df9 chore: remove bindingHolder for proper scoping (#5235)
  • e0c0fa9 Implement mapBinding mssql dialect option (#5292)
  • 29283a1 Bump tsd from 0.22.0 to 0.23.0 (#5314)
  • 57692d3 Infer specific column value type in aggregations (#5297)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 SQL Injection

Merge request reports