[Snyk] Upgrade mssql from 8.1.4 to 10.0.2 #498
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade mssql from 8.1.4 to 10.0.2. See this package in npm: https://www.npmjs.com/package/mssql See this project in Snyk: https://app.snyk.io/org/dlminvestments/project/0cb867e9-c4e1-4c50-91dc-45fa91b7a76f?utm_source=github&utm_medium=referral&page=upgrade-pr
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Scan Summary
| Tool | Critical | High | Medium | Low | Status |
|---|---|---|---|---|---|
| Dependency Scan (universal) | 5 | 14 | 11 | 1 | ❌ |
| Security Audit for Infrastructure | 12 | 54 | 0 | 56 | ❌ |
| Secrets Audit | 0 | 4 | 0 | 0 | ❌ |
| Shell Script Analysis | 0 | 0 | 0 | 0 | ✅ |
Recommendation
Please review the findings from Code scanning alerts before approving this pull request. You can also configure the build rules or add suppressions to customize this bot 👍
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade mssql from 8.1.4 to 10.0.2.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
Warning: This is a major version upgrade, and may be a breaking change.
Release notes
Package name: mssql
-
10.0.2 - 2024-01-16
- from now _acquire return always a promise to avoid uncatchable exception (55f5a9f)
-
10.0.1 - 2023-09-12
- use
-
10.0.0 - 2023-09-06
- upgrade tedious to v16 and drop Node 14 support (cd0bc02)
- Drop support for NodeJS <= 14. Upgrade tedious version. Update CI to test NodeJS 20.
-
9.3.2 - 2023-09-06
- msnodesqlv8 connection string uses correct instance name (eb3e4d0)
-
9.3.1 - 2023-09-06
-
9.3.0 - 2023-09-04
- add AAD authentication support to connection strings (59aea21)
-
9.2.1 - 2023-09-05
- msnodesqlv8 connection string uses correct instance name (eb3e4d0)
-
9.2.0 - 2023-08-28
- use @ tediousjs/connection-string to build msnodesqlv8 connection string (71357e2)
-
9.1.3 - 2023-08-08
- quote sqlv8 values (75b74f6)
-
9.1.2 - 2023-08-02
- Fix README header for 8.x to 9.x upgrades by @ jordanjennings in #1464
- Fix README to show node 12 no longer supported with 9.x by @ jordanjennings in #1465
- Bump xml2js and @ azure/keyvault-keys by @ dependabot in #1485
- Add automated release workflows by @ dhensby in #1502
- chore(ci): prevent dependabot pushes triggering appveyor events by @ dhensby in #1508
- Bump @ semantic-release/github from 9.0.3 to 9.0.4 by @ dependabot in #1506
- Bump mocha from 10.0.0 to 10.2.0 by @ dependabot in #1504
- Bump @ tediousjs/connection-string from 0.4.1 to 0.4.2 by @ dependabot in #1505
- Bump commander from 9.4.0 to 11.0.0 by @ dependabot in #1507
- chore(ci): keep release jobs in a single concurrency group by @ dhensby in #1509
- chore(deps-dev): bump word-wrap from 1.2.3 to 1.2.4 by @ dependabot in #1510
- chore(ci): publish gh-pages with workflow by @ dhensby in #1511
- chore(deps-dev): bump @ commitlint/config-conventional from 17.6.6 to 17.6.7 by @ dependabot in #1512
- chore(deps-dev): bump standard from 17.0.0 to 17.1.0 by @ dependabot in #1513
- chore(deps-dev): bump @ commitlint/cli from 17.6.6 to 17.6.7 by @ dependabot in #1514
- chore(ci): fix page branch update by @ dhensby in #1516
- Support named instances with ports by @ dhensby in #1520
- @ jordanjennings made their first contribution in #1464
-
9.1.1 - 2023-01-18
-
9.1.0 - 2023-01-17
-
9.0.1 - 2022-08-18
-
9.0.0 - 2022-08-09
-
8.1.4 - 2022-08-18
from mssql GitHub release notes10.0.2 (2024-01-16)
Bug Fixes
10.0.1 (2023-09-12)
Performance Improvements
node:prefix to bypass require.cache call for builtins (145d562)10.0.0 (2023-09-06)
Features
BREAKING CHANGES
9.3.2 (2023-09-06)
Bug Fixes
Merge branch '9.3.x'
9.3.0 (2023-09-04)
Features
9.2.1 (2023-09-05)
Bug Fixes
9.2.0 (2023-08-28)
Features
9.1.3 (2023-08-08)
Bug Fixes
What's Changed
New Contributors
Full Changelog: v9.1.1...v9.1.2
Commit messages
Package name: mssql
Compare
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs