chore(deps): update dependency knex to v2 [security]

[renovate-bot]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
knex (source)	0.95.9 -> 2.4.0

GitHub Vulnerability Alerts

CVE-2016-20018

Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query. This vulnerability has been fixed in version 2.4.0.

---

Release Notes

knex/knex

v2.4.0

Compare Source

New features:

• Support partial unique indexes #​5316
• Make compiling SQL in error message optional #​5282

Bug fixes

• Insert array into json column #​5321
• Fix unexpected max acquire-timeout #​5377
• Fix: orWhereJson #​5361
• MySQL: Add assertion for basic where clause not to be object or array #​1227
• SQLite: Fix changing the default value of a boolean column in SQLite #​5319

Typings:

• add missing type for 'expirationChecker' on PgConnectionConfig #​5334

v2.3.0

Compare Source

New features:

• PostgreSQL: Explicit jsonb support for custom pg clients #​5201
• SQLite: Support returning with sqlite3 and better-sqlite3 #​5285
• MSSQL: Implement mapBinding mssql dialect option #​5292

Typings:

• Update types for TS 4.8 #​5279
• Fix typo #​5267
• Fix WhereJsonObject withCompositeTableType #​5306
• Fix AnalyticFunction type #​5304
• Infer specific column value type in aggregations #​5297

v2.2.0

Compare Source

New features:

• Inline primary key creation for postgres flavours #​5233
• SQLite: Add warning for undefined connection file #​5223
• MSSQL: Add JSON parameter support for connection #​5200

Bug fixes:

• PostgreSQL: add primaryKey option for uuid #​5212

Typings:

• Add promisable and better types #​5222
• Update raw query bind parameter type #​5208

v2.1.0

Compare Source

New features:

• Improve bundling experience to safely import dialects while using static paths #​5142
• Implement extendable builders #​5041
• PostgreSQL: Refresh materialized view concurrently #​5166

Bug fixes:

• Use correct paths in package.json browser field #​5174
• MariaDB: Fix 'NULL' returned instead of NULL on MariaDB 10.2.6+ #​5181
• MySQL: fix hasColumn Error (hasColumn ('a_id') is true, but hasColumn('a_Id') is false) #​5148
• MSSQL: Fix .hasTable result when using .withSchema #​5176
• Oracle: correctly INSERTS Buffer #​4869

Typings:

• Update type definitions for pg connection #​5139

v2.0.0

Compare Source

Breaking changes

• Restore sqlite3 package #​5136

Test / internal changes:

• Migrate Husky from 4 to 7 #​5137
• Migrate Jake to 10.8.5 #​5138

v1.0.7

Compare Source

Bug fixes:

• CLI: Fix cli migrate:make SQLite dependency #​5106

v1.0.6

Compare Source

Bug fixes:

• PostgreSQL: Wait for search path to be set before returning connection #​5107
• CLI: No client override during migrate:make #​5109

v1.0.5

Compare Source

New features:

• Override knexfile options with CLI options #​4047

Bug fixes:

• Stringify json value in update #​5063
• Fix isModuleType() for yarn #​4447
• Wrapped Unions Fixes #​5072
• SQLite: Fix @​vscode-sqlite3 error message #​5081
• CLI: Fix completed migration listing #​5060

Typings:

• Make default generic parameters of Knex match the generic parameter types of knex #​5021
• Update knex types for TS 4.7 #​5095

v1.0.4

Compare Source

New features:

• Add whereLike functions #​5044

Bug fixes:

• Fix orWhereJsonPath clause #​5022
• Subquery in on clause missing parenthesis #​5049
• Rework Union Wrapping #​5030
• Oracle: Fix batch inserts with DEFAULT values with OracleDB #​2592 #​5037

Typings:

• Fix types for "returning" methods #​5031
• createTableLike callback should be optional #​5055

Documentation:

• Website URL changed to https://knex.github.io/documentation/

v1.0.3

Compare Source

Bug fixes:

• Fix error message for missing migration files #​4937
• Add withMaterialized and withNotMaterialized to method-constants #​5009
• PostgreSQL: Fix whereJsonPath queries #​5011
• PostgreSQL: Fix delete joins #​5016
• CockroachDB: Fix whereJsonPath queries #​5011
• MySQL: Create primary keys in same statement #​5017

Typings:

• Fix type definition for getMigration in MigrationSource #​4998
• Fix argument type of alter method #​4996

Improvements:

• Use async / await syntax in seeds as default #​5005

Documentation:

• Add Firebird dialect to ECOSYSTEM.md #​5003

v1.0.2

Compare Source

New features:

• Support of MATERIALIZED and NOT MATERIALIZED with WITH/CTE #​4940
• Add raw support in onConflict clause #​4960
• Alter nullable constraint when alterNullable is set to true #​4730
• Add alterType parameter for alter function #​4967
• Support string json in json values #​4988
• MySQL: add with clause #​4508

Bug fixes:

• Fix error message for missing migration files #​4937
• Move deferrable to after on update/on delete #​4976
• Do not use sys.tables to find if a table exists #​2328
• PostgreSQL: Fix Order nulls #​4989
• MySQL: Fix collation when renaming column #​2666
• SQLite: Same boolean handling in better-sqlite3 as in sqlite3 #​4982

Typings:

• WhereILike - fix typo #​4941

v1.0.1

Compare Source

Bug fixes:

• Fix package.json metadata

v1.0.0

Compare Source

Breaking changes

• Dropped support for Node 10;
• Replaced unsupported sqlite3 driver with @vscode/sqlite3;
• Changed data structure from RETURNING operation to be consistent with SELECT;
• Changed Migrator to return list of migrations as objects consistently.

New features:

• Support fromRaw #​4781
• Support zero precision in timestamp/datetime #​4784
• Support whereLike and whereILike #​4779
• Add JSDoc (TS flavor) to stub files #​4809
• Allow skip binding in limit and offset #​4811
• Support creating a new table in the database based on another table #​4821
• Accept Raw on onIn joins #​4830
• Implement support for custom seed sources #​4842
• Add binary uuid option #​4836
• ForUpdate array parameter #​4882
• Add camel case to timestamps method #​4803
• Advanced JSON support #​4859
• Add type to TypeScript knexfile #​4909
• Checks Constraints Support #​4874
• Support creating multiple PKs with increments #​4903
• Enable wrapIdentifier for SQLite .hasTable #​4915
• MSSQL: Add support for unique constraint #​4887
• SQLite: New dialect, using better-sqlite3 driver #​4871
• SQLite: Switch to @​vscode/sqlite3 #​4866
• SQLite: Support createViewOrReplace #​4856
• SQLite: Support RETURNING statements for better-sqlite3 driver #​4934
• PostgreSQL: Support JOIN and USING syntax for Delete Statement #​4800

Bug fixes:

• Fix overzealous warning on use of whereNot with "in" or "between" #​4780
• Fix Union all + first syntax error #​4799
• Make view columns optional in create view like #​4829
• Insert lock row fix during migration #​4865
• Fix for createViewOrReplace #​4856
• SQLite: Fix foreign key constraints when altering a table #​4189
• MySQL: Validate connection fix #​4794
• MySQL: Set comment size warning limit to 1024 #​4867

Typings:

• Allow string indexType in index creation #​4791
• Add missing ints typings #​4832
• Returning method types #​4881
• Improve columnInfo type #​4868

v0.95.15

Compare Source

Bug fixes:

• Oracle:
• MariaDB: lock row fix during migration in MariaDB and Oracle #​4865

v0.95.14

Compare Source

Bug fixes:

• MySQL: mysql2 dialect validate connection fix #​4794

v0.95.13

Compare Source

Bug fixes:

• PostgreSQL: Support zero precision in timestamp/datetime #​4784

Typings:

• Allow string indexType in index creation #​4791

v0.95.12

Compare Source

New features:

• New dialect: CockroachDB #​4742
• New dialect: pg-native #​4327
• CockroachDB: add support for upsert #​4767
• PostgreSQL: Support SELECT .. FOR NO KEY UPDATE / KEY SHARE row level locking clauses #​4755
• PostgreSQL: Add support for 'CASCADE' in PostgreSQL 'DROP SCHEMA' queries #​4713
• MySQL: Add storage engine index Type support to index() and unique() schema #​4756
• MSSQL: Support table.primary, table.unique variant with options object #​4710
• SQLite: Add setNullable support to SQLite #​4684
• Add geometry column building #​4776
• Add support for creating table copies #​1373
• Implement support for views and materialized views #​1626
• Implement partial index support #​4768
• Support for 'is null' in 'order by' #​3667

Bug fixes:

• Fix support for Oracle connections passed via knex.connection() #​4757
• Avoid inserting multiple locks if a migration lock already exists #​4694

Typings:

• Some TableBuilder methods return wrong types #​4764
• Update JoinRaw bindings type to accept arrays #​4752
• fix onDelete/onUpdate for ColumnBuilder #​4656

v0.95.11

Compare Source

New features:

• Add support for nullability modification via schema builder (table.setNullable() and table.dropNullable()) #​4657
• MySQL: Add support for mysql/mariadb-client JSON parameters in connectionURIs #​4629
• MSSQL: Support comments as MS_Description properties #​4632

Bug fixes:

• Fix Analytic orderBy and partitionBy to follow the SQL documentation #​4602
• CLI: fix migrate:up for migrations disabling transactions #​4550
• SQLite: Fix adding a column with a foreign key constraint in SQLite #​4649
• MSSQL: columnInfo() support case-sensitive database collations #​4633
• MSSQL: Generate valid SQL for withRecursive() #​4514
• Oracle: withRecursive: omit invalid RECURSIVE keyword, include column list #​4514

Improvements:

• Add .mjs migration and seed stubs #​4631
• SQLite: Clean up DDL handling and move all operations to the parser-based approach #​4648

v0.95.10

Compare Source

Improvements:

• Use sys info function instead of connection db name #​4623

Typings:

• Deferrable and withkeyName should not be in ColumnBuilder #​4600

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[codecov]

Codecov Report

Merging #1350 (ffa5175) into main (8b8bfeb) will increase coverage by 0.08%.
The diff coverage is n/a.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1350      +/-   ##
==========================================
+ Coverage   96.08%   96.16%   +0.08%     
==========================================
  Files          14       18       +4     
  Lines         893     1069     +176     
  Branches      191      221      +30     
==========================================
+ Hits          858     1028     +170     
- Misses         35       41       +6     

Impacted Files	Coverage Δ
...de/opentelemetry-instrumentation-knex/src/utils.ts	88.88% <0.00%> (ø)
...emetry-instrumentation-knex/src/instrumentation.ts	98.78% <0.00%> (ø)
...pentelemetry-instrumentation-knex/src/constants.ts	100.00% <0.00%> (ø)
...tapackages/auto-instrumentations-node/src/utils.ts	98.21% <0.00%> (ø)

[blumamir]

Should be supported in instrumentation code. I am not sure how tests passed.
related issue #861

[forking-renovate]

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update. You will not get PRs for any future 2.x releases. But if you manually upgrade to 2.x then Renovate will re-enable minor and patch updates automatically.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.