[Snyk] Upgrade sqlite3 from 5.0.2 to 5.1.6

[antz-snyk]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade sqlite3 from 5.0.2 to 5.1.6.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 16 versions ahead of your current version.
• The recommended version was released 7 months ago, on 2023-03-14.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	40/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Unproven, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, Social Trends: No, Days since published: 785, Transitive dependency: Yes, Is Malicious: No, Provider Urgency: Low, Package Popularity Score: 99, Impact: 2.35, Likelihood: 1.69, Score Version: V4	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579147	40/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Unproven, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, Social Trends: No, Days since published: 785, Transitive dependency: Yes, Is Malicious: No, Provider Urgency: Low, Package Popularity Score: 99, Impact: 2.35, Likelihood: 1.69, Score Version: V4	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579152	40/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Unproven, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, Social Trends: No, Days since published: 785, Transitive dependency: Yes, Is Malicious: No, Provider Urgency: Low, Package Popularity Score: 99, Impact: 2.35, Likelihood: 1.69, Score Version: V4	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579155	40/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Unproven, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, Social Trends: No, Days since published: 785, Transitive dependency: Yes, Is Malicious: No, Provider Urgency: Low, Package Popularity Score: 99, Impact: 2.35, Likelihood: 1.69, Score Version: V4	No Known Exploit
	Denial of Service (DoS) SNYK-JS-SQLITE3-2388645	40/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Unproven, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, Social Trends: No, Days since published: 785, Transitive dependency: Yes, Is Malicious: No, Provider Urgency: Low, Package Popularity Score: 99, Impact: 2.35, Likelihood: 1.69, Score Version: V4	Proof of Concept
	Arbitrary Code Execution SNYK-JS-SQLITE3-3358947	40/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Unproven, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, Social Trends: No, Days since published: 785, Transitive dependency: Yes, Is Malicious: No, Provider Urgency: Low, Package Popularity Score: 99, Impact: 2.35, Likelihood: 1.69, Score Version: V4	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	40/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Unproven, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, Social Trends: No, Days since published: 785, Transitive dependency: Yes, Is Malicious: No, Provider Urgency: Low, Package Popularity Score: 99, Impact: 2.35, Likelihood: 1.69, Score Version: V4	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	40/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Unproven, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, Social Trends: No, Days since published: 785, Transitive dependency: Yes, Is Malicious: No, Provider Urgency: Low, Package Popularity Score: 99, Impact: 2.35, Likelihood: 1.69, Score Version: V4	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: sqlite3

• 5.1.6 - 2023-03-14
  

  What's Changed

  • Fixed glibc compatibility by hardcoding lower version for log2 by @ daniellockyer
  • Add generic type annotations for Statement and Database get/all/each methods callback rows by @ stevescruz in #1686

  New Contributors

  • @ stevescruz made their first contribution in #1686

  Full Changelog: v5.1.5...v5.1.6

• 5.1.5 - 2023-03-13
  

  What's Changed

  • 🔒 Fixed code execution vulnerability due to Object coercion by @ daniellockyer
  • Updated bundled SQLite to v3.41.1 by @ daniellockyer
  • Fixed rpath linker option when using a custom sqlite by @ jeromew in #1654

  Full Changelog: v5.1.4...v5.1.5

• 5.1.4 - 2022-12-12
  

  What's Changed

  • Fixed glibc compatibility by downgrading CI to Ubuntu 20 by @ daniellockyer in #1664

  Full Changelog: v5.1.3...v5.1.4

• 5.1.3 - 2022-12-12
  

  What's Changed

  • Updated bundled SQLite to v3.40.0 by @ daniellockyer

  Full Changelog: v5.1.2...v5.1.3

• 5.1.2 - 2022-10-03
  

  What's Changed

  • Updated bundled SQLite to v3.39.4 by @ daniellockyer

  Full Changelog: v5.1.1...v5.1.2

• 5.1.1 - 2022-09-15
  

  What's Changed

  • Added Darwin ARM64 binaries by @ daniellockyer in #1594

  A huge thanks to MacStadium for providing an M1 Mac Mini so we can offer ARM64 binaries.

  Full Changelog: v5.1.0...v5.1.1

• 5.1.0 - 2022-09-14
  

  ✨ We're very excited to announce node-sqlite3's first minor release of v5, packed with features and improvements.

  If you encounter any problems, please open a detailed issue using the templates.

  What's Changed

  • Updated bundled SQLite to v3.39.3 by @ daniellockyer
  • Added ability to receive updates from sqlite3_update_hook by @ soukand in #1267
  • Added support for setting SQLite limits by @ paulfitz in #1548
  • Added library types file by @ bpasero in #1527
  • Added package-lock.json to .gitignore by @ JoelEinbinder in #1628
  • Fixed remaining method declarations by @ alexanderfloh in #1633
  • Fixed importing sqlite3#verbose using destructuring syntax by @ mahdi-farnia in #1632

  New Contributors

  • @ JoelEinbinder made their first contribution in #1628
  • @ mahdi-farnia made their first contribution in #1632
  • @ soukand made their first contribution in #1267

  Full Changelog: v5.0.11...v5.1.0

• 5.0.11 - 2022-07-31
  

  What's Changed

  • Restored compatibility for Alpine 3.15 by @ daniellockyer in #1626

  Full Changelog: v5.0.10...v5.0.11

• 5.0.10 - 2022-07-22
  

  What's Changed

  • Updated bundled SQLite to v3.39.2 by @ daniellockyer
  • Addressed CodeQL warnings by @ bpasero in #1614

  New Contributors

  • @ bpasero made their first contribution in #1614

  Full Changelog: v5.0.9...v5.0.10

• 5.0.9 - 2022-07-14
  

  What's Changed

  • Updated bundled SQLite to v3.39.1 by @ daniellockyer
  • Fixed method declarations to conform with napi default for methods by @ alexanderfloh in #1510
  • Fixed propagation of async hook ids through callbacks by @ alexanderfloh in #1511
  • Updated sqlcipher homebrew CPPFLAGS location by @ frovere in #1613

  New Contributors

  • @ alexanderfloh made their first contribution in #1510
  • @ frovere made their first contribution in #1613

  Full Changelog: v5.0.8...v5.0.9

• 5.0.8 - 2022-05-06
• 5.0.7 - 2022-05-05
• 5.0.6 - 2022-04-27
• 5.0.5 - 2022-04-22
• 5.0.4 - 2022-04-18
• 5.0.3 - 2022-04-13
• 5.0.2 - 2021-02-15

from sqlite3 GitHub release notes

Commit messages

Package name: sqlite3

• 8598a9d v5.1.6
• d915c0c Fixed using Bash in shell command
• 1a206df Fixed glibc compatibility by hardcoding lower version for `log2`
• 776fc55 Updated README.md
• 46da1ab Added generic type annotations for Statement and Database get/all/each methods callback rows (temp hack before moving to matrix magic juice-shop/juice-shop#1686)
• 6a806f8 v5.1.5
• edb1934 Fixed code execution vulnerability due to Object coercion
• 3a48888 Updated bundled SQLite to v3.41.1
• c1440bd Fixed rpath linker option when using a custom sqlite ([🚀] Fixes for the coding challenges juice-shop/juice-shop#1654)
• 93affa4 Update microsoft/setup-msbuild action to v1.3
• 6f6318e v5.1.4
• aeafe25 Revert "Renamed `master` references to `main`"
• 57ce2d4 Fixed glib compatibility by downgrading to Ubuntu 20
• af8e567 Renamed `master` references to `main`
• 8fd18a3 Extracted function checking code into macro
• 5c94f75 v5.1.3
• aec0d31 Updated bundled SQLite to v3.40.0
• 1980f10 v5.1.2
• 7aa29fe Updated bundled SQLite to v3.39.4
• c4fca9f v5.1.1
• ea71343 Added Darwin ARM64 to prebuilt binaries list in README
• ec154ab Added Darwin ARM64 prebuilt binaries
• 9290d8c v5.1.0
• 9e9079d Updated types file

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs