Skip to content

Commit 22e2cde

Browse files
waleedlatif1claude
waleedlatif1
and
claude
committed
fix(deps): bump drizzle-orm to 0.45.2 (GHSA-gpj5-g38j-94v9)
Resolves Dependabot alert #98. Drizzle ORM <0.45.2 improperly escaped quoted SQL identifiers, allowing SQL injection via untrusted input passed to APIs like sql.identifier() or .as(). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
1 parent 193f06f commit 22e2cde

5 files changed

Lines changed: 28 additions & 16 deletions

File tree

apps/docs/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@
2020
"@vercel/og": "^0.6.5",
2121
"class-variance-authority": "^0.7.1",
2222
"clsx": "^2.1.1",
23-
"drizzle-orm": "^0.44.5",
23+
"drizzle-orm": "^0.45.2",
2424
"fumadocs-core": "16.6.7",
2525
"fumadocs-mdx": "14.2.8",
2626
"fumadocs-openapi": "10.3.13",

apps/sim/package.json

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -63,7 +63,7 @@
6363
"@hookform/resolvers": "^4.1.3",
6464
"@linear/sdk": "40.0.0",
6565
"@marsidev/react-turnstile": "1.4.2",
66-
"@modelcontextprotocol/sdk": "1.20.2",
66+
"@modelcontextprotocol/sdk": "1.25.3",
6767
"@opentelemetry/api": "^1.9.0",
6868
"@opentelemetry/exporter-jaeger": "2.1.0",
6969
"@opentelemetry/exporter-trace-otlp-http": "^0.200.0",
@@ -121,7 +121,7 @@
121121
"decimal.js": "10.6.0",
122122
"docx": "^9.6.1",
123123
"docx-preview": "^0.3.7",
124-
"drizzle-orm": "^0.44.5",
124+
"drizzle-orm": "^0.45.2",
125125
"encoding": "0.1.13",
126126
"entities": "6.0.1",
127127
"es-toolkit": "1.45.1",
@@ -244,7 +244,7 @@
244244
"overrides": {
245245
"next": "16.1.6",
246246
"@next/env": "16.1.6",
247-
"drizzle-orm": "^0.44.5",
247+
"drizzle-orm": "^0.45.2",
248248
"postgres": "^3.4.5",
249249
"react-floater": {
250250
"react": "$react",

bun.lock

Lines changed: 22 additions & 10 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,7 @@
3838
"react-dom": "19.2.4",
3939
"next": "16.1.6",
4040
"@next/env": "16.1.6",
41-
"drizzle-orm": "^0.44.5",
41+
"drizzle-orm": "^0.45.2",
4242
"postgres": "^3.4.5"
4343
},
4444
"devDependencies": {

packages/db/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,7 @@
2929
"format:check": "biome format ."
3030
},
3131
"dependencies": {
32-
"drizzle-orm": "^0.44.5",
32+
"drizzle-orm": "^0.45.2",
3333
"postgres": "^3.4.5",
3434
"uuid": "^11.1.0",
3535
"zod": "^3.24.2"

0 commit comments

Comments
 (0)