objection-find icon indicating copy to clipboard operation
objection-find copied to clipboard
verified publisher icon Vincit

Upgrade peer dependency for objection to 3.0.0

Open SandraShklyaeva opened this issue 4 years ago • 5 comments

Is there any plan to upgrade peer dependency for objection to 3.0.0 version?

SandraShklyaeva avatar Nov 22 '21 11:11 SandraShklyaeva

Will try to! Hopefully there are no major incompatibilities.

kibertoad avatar Nov 22 '21 11:11 kibertoad

Has there been any progress with this?

thisiskalnins avatar Aug 08 '22 23:08 thisiskalnins

It seems there is a security bug in knex that put most objection environments at risk.

hassan-jahan avatar Mar 12 '23 19:03 hassan-jahan

thanks, I need to work on the update

kibertoad avatar Mar 12 '23 19:03 kibertoad

Thanks! To give more context:

knex  <2.4.0
Severity: high
Knex.js has a limited SQL injection vulnerability - https://github.com/advisories/GHSA-4jv9-3563-23j3
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/knex
  objection  0.5.0-alpha.0 - 2.2.18
  Depends on vulnerable versions of knex
  node_modules/objection
    objection-find  0.3.0 - 0.9.0 || >=2.1.0
    Depends on vulnerable versions of objection
    node_modules/objection-find

hassan-jahan avatar Mar 12 '23 20:03 hassan-jahan