Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: TryGhost/node-sqlite3
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v5.1.4
Choose a base ref
...
head repository: TryGhost/node-sqlite3
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v5.1.5
Choose a head ref
  • 5 commits
  • 9 files changed
  • 3 contributors

Commits on Feb 4, 2023

  1. Update microsoft/setup-msbuild action to v1.3

    @renovate @daniellockyer
    renovate[bot] authored and daniellockyer committed Feb 4, 2023
    Configuration menu
    Copy the full SHA
    93affa4 View commit details
    Browse the repository at this point in the history

  2. Fixed rpath linker option when using a custom sqlite (#1654) 

    It seems that an old refactoring (~8 years) made a mistake on the way conditions are expressed in gyp.
the "conditions" key cannot be set 2 times and the conditions should be all set in the "conditions" array.

The impact of this bug is that when sqlite3 is compiled against a custom sqlite3 source tree, the sqlite3 runtime keeps linking with the system sqlite3 instead of linking to the custom compiled sqlite3 library. In my case that lead to a SIGSEGV upon loading an extension.
    @jeromew
    jeromew authored Feb 4, 2023
    Configuration menu
    Copy the full SHA
    c1440bd View commit details
    Browse the repository at this point in the history

Commits on Mar 13, 2023

  1. Updated bundled SQLite to v3.41.1 

    refs https://www.sqlite.org/releaselog/3_41_1.html

- sha3-256sum: `38ecb6b086c5c1ee1e52b57556745055328ac912929ccade9deaefdd71033ddb`
    @daniellockyer
    daniellockyer committed Mar 13, 2023
    Configuration menu
    Copy the full SHA
    3a48888 View commit details
    Browse the repository at this point in the history

  2. Fixed code execution vulnerability due to Object coercion 

    refs GHSA-jqv5-7xpx-qj74
fixes https://github.com/TryGhost/Toolbox/issues/491

- when you call `ToString()` on `Napi::Value`, it calls
  `napi_coerce_to_string` underneath, which has the ability to run
  arbitrary JS code if the passed in value is a crafted object
- both remote code execution or denial-of-service are possible via
  this vulnerability
- `toString()` on an Object returns `[object Object]` so instead of
  calling the function, we're going to hardcode it to prevent this
  issue

Credits: Dave McDaniel of Cisco Talos
    @daniellockyer
    daniellockyer committed Mar 13, 2023
    5 Configuration menu
    Copy the full SHA
    edb1934 View commit details
    Browse the repository at this point in the history

  3. v5.1.5

    @daniellockyer
    daniellockyer committed Mar 13, 2023
    Configuration menu
    Copy the full SHA
    6a806f8 View commit details
    Browse the repository at this point in the history
Loading