Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: update dependency sqlite3 to v5.1.5 [security] #9349

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore: update dependency sqlite3 to v5.1.5 [security] #9349

wants to merge 1 commit into from
+38 −12

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Mar 22, 2023
edited

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
sqlite3 5.1.4 -> 5.1.5 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2022-43441

Impact

Due to the underlying implementation of .ToString(), it's possible to execute arbitrary JavaScript, or to achieve a denial-of-service, if a binding parameter is a crafted Object.

Users of sqlite3 v5.0.0 - v5.1.4 are affected by this.

Patches

Fixed in v5.1.5. All users are recommended to upgrade to v5.1.5 or later.

Workarounds

  • Ensure there is sufficient sanitization in the parent application to protect against invalid values being supplied to binding parameters.

References

For more information

If you have any questions or comments about this advisory:

Credits: Dave McDaniel of Cisco Talos

Release Notes

TryGhost/node-sqlite3 (sqlite3)

v5.1.5

Compare Source

What's Changed

Full Changelog: TryGhost/node-sqlite3@v5.1.4...v5.1.5

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot requested a review from samarpanB as a code owner March 22, 2023 17:53
@renovate renovate bot added dependencies Pull requests that update a dependency file SECURITY labels Mar 22, 2023
@renovate renovate bot requested a review from a team March 22, 2023 17:53
@renovate renovate bot force-pushed the renovate/npm-sqlite3-vulnerability branch from 12031d6 to 9bbb278 Compare March 22, 2023 18:05
@renovate renovate bot changed the title chore: update dependency sqlite3 [security] chore: update dependency sqlite3 to v5.1.5 [security] Mar 22, 2023
@renovate renovate bot changed the title chore: update dependency sqlite3 to v5.1.5 [security] chore: update dependency sqlite3 to 5.1.5 [security] Mar 22, 2023
@renovate renovate bot changed the title chore: update dependency sqlite3 to 5.1.5 [security] chore: update dependency sqlite3 to v5.1.5 [security] Mar 22, 2023
@renovate renovate bot changed the title chore: update dependency sqlite3 to v5.1.5 [security] chore: update dependency sqlite3 to 5.1.5 [security] Mar 23, 2023
@renovate renovate bot changed the title chore: update dependency sqlite3 to 5.1.5 [security] chore: update dependency sqlite3 to v5.1.5 [security] Mar 23, 2023
@renovate renovate bot changed the title chore: update dependency sqlite3 to v5.1.5 [security] chore: update dependency sqlite3 to 5.1.5 [security] Mar 23, 2023
@renovate renovate bot changed the title chore: update dependency sqlite3 to 5.1.5 [security] chore: update dependency sqlite3 to ^5.1.6 [security] Mar 23, 2023
@renovate renovate bot force-pushed the renovate/npm-sqlite3-vulnerability branch from 9bbb278 to fc90a3a Compare March 23, 2023 04:05
@shubhamp-sf
Copy link
Contributor

shubhamp-sf commented Mar 23, 2023
edited

Merging this would lead to breaking tests as reported here: TryGhost/node-sqlite3#1694

Waiting for explanation from node-sqlite3 maintainers about this, I'll make necessary modification in the tests after that.

@renovate renovate bot changed the title chore: update dependency sqlite3 to ^5.1.6 [security] chore: update dependency sqlite3 to ^5.1.5 [security] Mar 23, 2023
@renovate renovate bot force-pushed the renovate/npm-sqlite3-vulnerability branch from fc90a3a to f0feefe Compare March 23, 2023 07:09
@renovate renovate bot changed the title chore: update dependency sqlite3 to ^5.1.5 [security] chore: update dependency sqlite3 to 5.1.5 [security] Mar 23, 2023
@renovate renovate bot changed the title chore: update dependency sqlite3 to 5.1.5 [security] chore: update dependency sqlite3 to ^5.1.6 [security] Mar 23, 2023
@renovate renovate bot force-pushed the renovate/npm-sqlite3-vulnerability branch 2 times, most recently from 65f2138 to 7b46fe7 Compare March 23, 2023 08:45
@renovate renovate bot changed the title chore: update dependency sqlite3 to ^5.1.6 [security] chore: update dependency sqlite3 to ^5.1.5 [security] Mar 23, 2023
@renovate renovate bot force-pushed the renovate/npm-sqlite3-vulnerability branch from 7b46fe7 to 8d264e8 Compare March 23, 2023 10:20
@renovate renovate bot changed the title chore: update dependency sqlite3 to ^5.1.5 [security] chore: update dependency sqlite3 to 5.1.5 [security] Mar 23, 2023
@renovate renovate bot changed the title chore: update dependency sqlite3 to 5.1.5 [security] chore: update dependency sqlite3 to ^5.1.6 [security] Mar 23, 2023
@renovate renovate bot force-pushed the renovate/npm-sqlite3-vulnerability branch from 8d264e8 to d2edf8d Compare March 23, 2023 12:17
@renovate renovate bot changed the title chore: update dependency sqlite3 to ^5.1.6 [security] chore: update dependency sqlite3 to 5.1.5 [security] Mar 23, 2023
@renovate renovate bot changed the title chore: update dependency sqlite3 to 5.1.5 [security] chore: update dependency sqlite3 to ^5.1.6 [security] Mar 23, 2023
@renovate renovate bot force-pushed the renovate/npm-sqlite3-vulnerability branch from d2edf8d to 03523bc Compare March 23, 2023 14:27
@renovate renovate bot changed the title chore: update dependency sqlite3 to ^5.1.6 [security] chore: update dependency sqlite3 to ^5.1.5 [security] Mar 23, 2023
@renovate renovate bot force-pushed the renovate/npm-sqlite3-vulnerability branch from 03523bc to 028fe27 Compare March 23, 2023 16:30
@renovate renovate bot force-pushed the renovate/npm-sqlite3-vulnerability branch 10 times, most recently from 69f5eab to 47d60ed Compare May 17, 2024 00:22
@renovate renovate bot force-pushed the renovate/npm-sqlite3-vulnerability branch 8 times, most recently from 0c4954b to 810c30b Compare May 28, 2024 19:39
@renovate renovate bot force-pushed the renovate/npm-sqlite3-vulnerability branch 10 times, most recently from fefc447 to 8cdb420 Compare June 6, 2024 16:08
@renovate
chore: update dependency sqlite3 to v5.1.5 [security]
2d254ab 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate renovate bot force-pushed the renovate/npm-sqlite3-vulnerability branch from 8cdb420 to 2d254ab Compare June 6, 2024 16:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@samarpanB samarpanB Awaiting requested review from samarpanB samarpanB is a code owner

@raymondfeng raymondfeng Awaiting requested review from raymondfeng raymondfeng is a code owner

@achrinza achrinza Awaiting requested review from achrinza

@dhmlau dhmlau Awaiting requested review from dhmlau

@nflaig nflaig Awaiting requested review from nflaig

@nabdelgadir nabdelgadir Awaiting requested review from nabdelgadir

@marioestradarosa marioestradarosa Awaiting requested review from marioestradarosa

@mschnee mschnee Awaiting requested review from mschnee

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file SECURITY
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@shubhamp-sf @coveralls