Skip to content

build(deps): bump drizzle-orm from 0.45.1 to 0.45.2#3164

Closed
dependabot[bot] wants to merge 1 commit intoalphafrom
dependabot/npm_and_yarn/drizzle-orm-0.45.2
Closed

build(deps): bump drizzle-orm from 0.45.1 to 0.45.2#3164
dependabot[bot] wants to merge 1 commit intoalphafrom
dependabot/npm_and_yarn/drizzle-orm-0.45.2

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 8, 2026
edited
Loading

Bumps drizzle-orm from 0.45.1 to 0.45.2.

Release notes

Sourced from drizzle-orm's releases.

0.45.2

  • Fixed sql.identifier(), sql.as() escaping issues. Previously all the values passed to this functions were not properly escaped causing a possible SQL Injection (CWE-89) vulnerability

Thanks to @​EthanKim88, @​0x90sh and @​wgoodall01 for reaching out to us with a reproduction and suggested fix

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Apr 8, 2026
@dependabot dependabot Bot requested a review from a team as a code owner April 8, 2026 07:25
@socket-security
Copy link
Copy Markdown

socket-security Bot commented Apr 8, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updateddrizzle-orm@​0.45.1 ⏵ 0.45.298 +1100 +1688 +199100

View full report

@maxgfr maxgfr removed the request for review from a team April 8, 2026 14:32
@dependabot
chore(deps): bump drizzle-orm from 0.45.1 to 0.45.2
17ffce8 
Bumps [drizzle-orm](https://github.com/drizzle-team/drizzle-orm) from 0.45.1 to 0.45.2.
- [Release notes](https://github.com/drizzle-team/drizzle-orm/releases)
- [Commits](drizzle-team/drizzle-orm@0.45.1...0.45.2)

---
updated-dependencies:
- dependency-name: drizzle-orm
  dependency-version: 0.45.2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title chore(deps): bump drizzle-orm from 0.45.1 to 0.45.2 build(deps): bump drizzle-orm from 0.45.1 to 0.45.2 Apr 9, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/drizzle-orm-0.45.2 branch from 6c94587 to 17ffce8 Compare April 9, 2026 16:49
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Apr 13, 2026

Looks like drizzle-orm is up-to-date now, so this is no longer needed.

@dependabot dependabot Bot closed this Apr 13, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/drizzle-orm-0.45.2 branch April 13, 2026 14:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants