Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: update dependency sqlite3 to v5.1.5 [security] #9349

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Mar 22, 2023

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
sqlite3 5.1.4 -> 5.1.5 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2022-43441

Impact

Due to the underlying implementation of .ToString(), it's possible to execute arbitrary JavaScript, or to achieve a denial-of-service, if a binding parameter is a crafted Object.

Users of sqlite3 v5.0.0 - v5.1.4 are affected by this.

Patches

Fixed in v5.1.5. All users are recommended to upgrade to v5.1.5 or later.

Workarounds

  • Ensure there is sufficient sanitization in the parent application to protect against invalid values being supplied to binding parameters.

References

For more information

If you have any questions or comments about this advisory:

Credits: Dave McDaniel of Cisco Talos


Release Notes

TryGhost/node-sqlite3 (sqlite3)

v5.1.5

Compare Source

What's Changed

Full Changelog: TryGhost/node-sqlite3@v5.1.4...v5.1.5


Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested a review from samarpanB as a code owner March 22, 2023 17:53
@renovate renovate bot added dependencies Pull requests that update a dependency file SECURITY labels Mar 22, 2023
@renovate renovate bot requested a review from a team March 22, 2023 17:53
@renovate renovate bot force-pushed the renovate/npm-sqlite3-vulnerability branch from 12031d6 to 9bbb278 Compare March 22, 2023 18:05
@renovate renovate bot changed the title chore: update dependency sqlite3 [security] chore: update dependency sqlite3 to v5.1.5 [security] Mar 22, 2023
@renovate renovate bot changed the title chore: update dependency sqlite3 to v5.1.5 [security] chore: update dependency sqlite3 to 5.1.5 [security] Mar 22, 2023
@renovate renovate bot changed the title chore: update dependency sqlite3 to 5.1.5 [security] chore: update dependency sqlite3 to v5.1.5 [security] Mar 22, 2023
@renovate renovate bot changed the title chore: update dependency sqlite3 to v5.1.5 [security] chore: update dependency sqlite3 to 5.1.5 [security] Mar 23, 2023
@renovate renovate bot changed the title chore: update dependency sqlite3 to 5.1.5 [security] chore: update dependency sqlite3 to v5.1.5 [security] Mar 23, 2023
@renovate renovate bot changed the title chore: update dependency sqlite3 to v5.1.5 [security] chore: update dependency sqlite3 to 5.1.5 [security] Mar 23, 2023
@renovate renovate bot changed the title chore: update dependency sqlite3 to 5.1.5 [security] chore: update dependency sqlite3 to ^5.1.6 [security] Mar 23, 2023
@renovate renovate bot force-pushed the renovate/npm-sqlite3-vulnerability branch from 9bbb278 to fc90a3a Compare March 23, 2023 04:05
@shubhamp-sf
Copy link
Contributor

shubhamp-sf commented Mar 23, 2023

Merging this would lead to breaking tests as reported here: TryGhost/node-sqlite3#1694

Waiting for explanation from node-sqlite3 maintainers about this, I'll make necessary modification in the tests after that.

@renovate renovate bot changed the title chore: update dependency sqlite3 to ^5.1.6 [security] chore: update dependency sqlite3 to ^5.1.5 [security] Mar 23, 2023
@renovate renovate bot force-pushed the renovate/npm-sqlite3-vulnerability branch from fc90a3a to f0feefe Compare March 23, 2023 07:09
@renovate renovate bot changed the title chore: update dependency sqlite3 to ^5.1.5 [security] chore: update dependency sqlite3 to 5.1.5 [security] Mar 23, 2023
@renovate renovate bot changed the title chore: update dependency sqlite3 to 5.1.5 [security] chore: update dependency sqlite3 to ^5.1.6 [security] Mar 23, 2023
@renovate renovate bot force-pushed the renovate/npm-sqlite3-vulnerability branch 2 times, most recently from 65f2138 to 7b46fe7 Compare March 23, 2023 08:45
@renovate renovate bot changed the title chore: update dependency sqlite3 to ^5.1.6 [security] chore: update dependency sqlite3 to ^5.1.5 [security] Mar 23, 2023
@renovate renovate bot force-pushed the renovate/npm-sqlite3-vulnerability branch from 7b46fe7 to 8d264e8 Compare March 23, 2023 10:20
@renovate renovate bot changed the title chore: update dependency sqlite3 to ^5.1.5 [security] chore: update dependency sqlite3 to 5.1.5 [security] Mar 23, 2023
@renovate renovate bot changed the title chore: update dependency sqlite3 to 5.1.5 [security] chore: update dependency sqlite3 to ^5.1.6 [security] Mar 23, 2023
@renovate renovate bot force-pushed the renovate/npm-sqlite3-vulnerability branch from 8d264e8 to d2edf8d Compare March 23, 2023 12:17
@renovate renovate bot changed the title chore: update dependency sqlite3 to ^5.1.6 [security] chore: update dependency sqlite3 to 5.1.5 [security] Mar 23, 2023
@renovate renovate bot changed the title chore: update dependency sqlite3 to 5.1.5 [security] chore: update dependency sqlite3 to ^5.1.6 [security] Mar 23, 2023
@renovate renovate bot force-pushed the renovate/npm-sqlite3-vulnerability branch from d2edf8d to 03523bc Compare March 23, 2023 14:27
@renovate renovate bot changed the title chore: update dependency sqlite3 to ^5.1.6 [security] chore: update dependency sqlite3 to ^5.1.5 [security] Mar 23, 2023
@renovate renovate bot force-pushed the renovate/npm-sqlite3-vulnerability branch from 03523bc to 028fe27 Compare March 23, 2023 16:30
@renovate renovate bot force-pushed the renovate/npm-sqlite3-vulnerability branch 12 times, most recently from 80adcd8 to b17ddfe Compare November 19, 2024 13:45
@renovate renovate bot force-pushed the renovate/npm-sqlite3-vulnerability branch from b17ddfe to 37cbb48 Compare November 19, 2024 17:16
@renovate renovate bot force-pushed the renovate/npm-sqlite3-vulnerability branch 12 times, most recently from 8253b1d to f6459d4 Compare December 12, 2024 14:22
@renovate renovate bot force-pushed the renovate/npm-sqlite3-vulnerability branch 3 times, most recently from 677414a to abfc30d Compare December 19, 2024 17:38
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate renovate bot force-pushed the renovate/npm-sqlite3-vulnerability branch from abfc30d to 71aedea Compare December 19, 2024 17:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file SECURITY
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants