get-me-a-date icon indicating copy to clipboard operation
get-me-a-date copied to clipboard

Published 20 hours ago verified publisher icon hfreire

[Snyk] Security upgrade sqlite3 from 5.0.2 to 5.1.5

Open hfreire opened this issue 1 year ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 691/1000
Why? Recently disclosed, Has a fix available, CVSS 8.1		 Arbitrary Code Execution
SNYK-JS-SQLITE3-3358947		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: sqlite3 The new version differs by 129 commits.
  • 6a806f8 v5.1.5
  • edb1934 Fixed code execution vulnerability due to Object coercion
  • 3a48888 Updated bundled SQLite to v3.41.1
  • c1440bd Fixed rpath linker option when using a custom sqlite (#1654)
  • 93affa4 Update microsoft/setup-msbuild action to v1.3
  • 6f6318e v5.1.4
  • aeafe25 Revert "Renamed `master` references to `main`"
  • 57ce2d4 Fixed glib compatibility by downgrading to Ubuntu 20
  • af8e567 Renamed `master` references to `main`
  • 8fd18a3 Extracted function checking code into macro
  • 5c94f75 v5.1.3
  • aec0d31 Updated bundled SQLite to v3.40.0
  • 1980f10 v5.1.2
  • 7aa29fe Updated bundled SQLite to v3.39.4
  • c4fca9f v5.1.1
  • ea71343 Added Darwin ARM64 to prebuilt binaries list in README
  • ec154ab Added Darwin ARM64 prebuilt binaries
  • 9290d8c v5.1.0
  • 9e9079d Updated types file
  • 946a3f6 Added ability to receive updates from `sqlite3_update_hook`
  • 97cc584 Added yarn.lock to gitignore
  • 572f05e Fixed importing `sqlite3#verbose` using destructuring syntax (#1632)
  • c366ef9 Fixed remaining method declarations (#1633)
  • f0090b8 Added `.configure('limit', ...` to library type file

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Arbitrary Code Execution

hfreire avatar Mar 15 '23 14:03 hfreire