Release with Updated Knex Dependency

Question

Release with Updated Knex Dependency

Scott-Allen-Mind-Gyn opened this issue a year ago · 2 comments

Scott-Allen-Mind-Gyn commented a year ago

Knex.js has a limited SQL injection vulnerability - GHSA-4jv9-3563-23j3

Hey,

Not sure if this is the right way to contact about this, but I see the knex dependency has been increased to 2.4.2 on the main branch, but there has not been a versioned release since September.

This is throwing vulnerability errors on my project which uses kanel which uses this.

Is there plans for future releases?

Much appreciated,
Scott.

Answer 1 · 2023-03-14T12:22:40.000Z

I was time for an update. I've released a new version, I'll bump Kanel and Schemalint as well. Thanks for the heads-up!

Answer 2 · 2023-03-14T16:52:41.000Z

Legend! Thank you :)