Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade peer dependency for objection to 3.0.0 #90

Open
SandraShklyaeva opened this issue Nov 22, 2021 · 5 comments
Open

Upgrade peer dependency for objection to 3.0.0 #90

SandraShklyaeva opened this issue Nov 22, 2021 · 5 comments

Comments

@SandraShklyaeva
Copy link

Is there any plan to upgrade peer dependency for objection to 3.0.0 version?

@kibertoad
Copy link
Collaborator

Will try to! Hopefully there are no major incompatibilities.

@hassan-jahan
Copy link

It seems there is a security bug in knex that put most objection environments at risk.

@kibertoad
Copy link
Collaborator

thanks, I need to work on the update

@hassan-jahan
Copy link

Thanks! To give more context:

knex  <2.4.0
Severity: high
Knex.js has a limited SQL injection vulnerability - https://github.com/advisories/GHSA-4jv9-3563-23j3
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/knex
  objection  0.5.0-alpha.0 - 2.2.18
  Depends on vulnerable versions of knex
  node_modules/objection
    objection-find  0.3.0 - 0.9.0 || >=2.1.0
    Depends on vulnerable versions of objection
    node_modules/objection-find

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants
@hassan-jahan @kibertoad @SandraShklyaeva and others