[Snyk] Upgrade sqlite3 from 5.0.2 to 5.1.7

[irklva]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade sqlite3 from 5.0.2 to 5.1.7.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 18 versions ahead of your current version.

• The recommended version was released 5 months ago, on 2024-01-05.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Arbitrary File Write SNYK-JS-TAR-1579152	639/1000 Why? Has a fix available, CVSS 8.5	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579155	639/1000 Why? Has a fix available, CVSS 8.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	639/1000 Why? Has a fix available, CVSS 8.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	639/1000 Why? Has a fix available, CVSS 8.5	Proof of Concept
	Denial of Service (DoS) SNYK-JS-SQLITE3-2388645	639/1000 Why? Has a fix available, CVSS 8.5	Proof of Concept
	Arbitrary Code Execution SNYK-JS-SQLITE3-3358947	639/1000 Why? Has a fix available, CVSS 8.5	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	639/1000 Why? Has a fix available, CVSS 8.5	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	639/1000 Why? Has a fix available, CVSS 8.5	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579147	639/1000 Why? Has a fix available, CVSS 8.5	No Known Exploit
	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	639/1000 Why? Has a fix available, CVSS 8.5	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	639/1000 Why? Has a fix available, CVSS 8.5	Proof of Concept
	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	639/1000 Why? Has a fix available, CVSS 8.5	Proof of Concept
	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	639/1000 Why? Has a fix available, CVSS 8.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	639/1000 Why? Has a fix available, CVSS 8.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	639/1000 Why? Has a fix available, CVSS 8.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: sqlite3

• 5.1.7 - 2024-01-05
  

  What's Changed

  • Updated bundled SQLite to v3.44.2 by @ daniellockyer
  • Replaced @ mapbox/node-pre-gyp with prebuild + prebuild-install (605c7f9) by @ daniellockyer
    • this should fix a lot of bundling issues reported by the community
  • Improved RowToJS performance by removing Napi::String::New instantiation by @ daniellockyer
  • Various minor code refactors and improvements (thanks @ zenon8adams!)

  New Contributors

  • @ zenon8adams made their first contribution in #1701

  Full Changelog: v5.1.6...v5.1.7

• 5.1.7-rc.0 - 2023-12-29
  

  Please install v5.1.7 instead.

  Full Changelog: v5.1.6...v5.1.7-rc.0

• 5.1.6 - 2023-03-14
  

  What's Changed

  • Fixed glibc compatibility by hardcoding lower version for log2 by @ daniellockyer
  • Add generic type annotations for Statement and Database get/all/each methods callback rows by @ stevescruz in #1686

  New Contributors

  • @ stevescruz made their first contribution in #1686

  Full Changelog: v5.1.5...v5.1.6

• 5.1.5 - 2023-03-13
  

  What's Changed

  • 🔒 Fixed code execution vulnerability due to Object coercion by @ daniellockyer
  • Updated bundled SQLite to v3.41.1 by @ daniellockyer
  • Fixed rpath linker option when using a custom sqlite by @ jeromew in #1654

  Full Changelog: v5.1.4...v5.1.5

• 5.1.4 - 2022-12-12
  

  What's Changed

  • Fixed glibc compatibility by downgrading CI to Ubuntu 20 by @ daniellockyer in #1664

  Full Changelog: v5.1.3...v5.1.4

• 5.1.3 - 2022-12-12
  

  What's Changed

  • Updated bundled SQLite to v3.40.0 by @ daniellockyer

  Full Changelog: v5.1.2...v5.1.3

• 5.1.2 - 2022-10-03
  

  What's Changed

  • Updated bundled SQLite to v3.39.4 by @ daniellockyer

  Full Changelog: v5.1.1...v5.1.2

• 5.1.1 - 2022-09-15
  

  What's Changed

  • Added Darwin ARM64 binaries by @ daniellockyer in #1594

  A huge thanks to MacStadium for providing an M1 Mac Mini so we can offer ARM64 binaries.

  Full Changelog: v5.1.0...v5.1.1

• 5.1.0 - 2022-09-14
  

  ✨ We're very excited to announce node-sqlite3's first minor release of v5, packed with features and improvements.

  If you encounter any problems, please open a detailed issue using the templates.

  What's Changed

  • Updated bundled SQLite to v3.39.3 by @ daniellockyer
  • Added ability to receive updates from sqlite3_update_hook by @ soukand in #1267
  • Added support for setting SQLite limits by @ paulfitz in #1548
  • Added library types file by @ bpasero in #1527
  • Added package-lock.json to .gitignore by @ JoelEinbinder in #1628
  • Fixed remaining method declarations by @ alexanderfloh in #1633
  • Fixed importing sqlite3#verbose using destructuring syntax by @ mahdi-farnia in #1632

  New Contributors

  • @ JoelEinbinder made their first contribution in #1628
  • @ mahdi-farnia made their first contribution in #1632
  • @ soukand made their first contribution in #1267

  Full Changelog: v5.0.11...v5.1.0

• 5.0.11 - 2022-07-31
  

  What's Changed

  • Restored compatibility for Alpine 3.15 by @ daniellockyer in #1626

  Full Changelog: v5.0.10...v5.0.11

• 5.0.10 - 2022-07-22
• 5.0.9 - 2022-07-14
• 5.0.8 - 2022-05-06
• 5.0.7 - 2022-05-05
• 5.0.6 - 2022-04-27
• 5.0.5 - 2022-04-22
• 5.0.4 - 2022-04-18
• 5.0.3 - 2022-04-13
• 5.0.2 - 2021-02-15

from sqlite3 GitHub release notes

Commit messages

Package name: sqlite3

• ba4ba07 v5.1.7
• d04c1fb Removed Node version from matrix title
• 03d6e75 v5.1.7-rc.0
• 8398daa Fixed uploading assets from Docker
• 8b86e41 Fixed uploading release assets on Windows
• 83c8c0a Configured releases to be created as prereleases
• f792f69 Update dependency node-addon-api to v7
• 4ef11bf Removed extraneous parameter to event emit function
• e99160a Inlined `init()` functions into class header files
• 3372130 Improved `RowToJS` performance by removing `Napi::String::New` instantiation
• 77b327c Increased number of rows inserted into benchmark database
• 603e468 Fixed minor linting warning
• 8bda876 Refactored Database to use macros for method definitions
• 5809f62 Fixed uploading prebuilt binaries from Docker
• aabd297 Update actions/setup-node action to v4
• c775b81 Extracted common Node-API queuing code into macro
• 2595304 Updated list of supported targets
• 605c7f9 Replaced `@ mapbox/node-pre-gyp` in favor of `prebuild` + `prebuild-install`
• a2cee71 Update dependency mocha to v10
• 7674271 Update dependency eslint to v8
• 83e282d Update actions/checkout digest to b4ffde6
• 8482aaf Update docker/setup-buildx-action action to v3
• c74f267 Update docker/setup-qemu-action action to v3
• 9e8b2ee Reworked CI versions

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Note: This is a default PR template raised by Snyk. Find out more about how you can customise Snyk PRs in our documentation.