Skip to content

chore(deps): bump drizzle-orm from 0.45.1 to 0.45.2#86

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/drizzle-orm-0.45.2
Open

chore(deps): bump drizzle-orm from 0.45.1 to 0.45.2#86
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/drizzle-orm-0.45.2

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 8, 2026
edited
Loading

Bumps drizzle-orm from 0.45.1 to 0.45.2.

Release notes

Sourced from drizzle-orm's releases.

0.45.2

  • Fixed sql.identifier(), sql.as() escaping issues. Previously all the values passed to this functions were not properly escaped causing a possible SQL Injection (CWE-89) vulnerability

Thanks to @​EthanKim88, @​0x90sh and @​wgoodall01 for reaching out to us with a reproduction and suggested fix

Commits

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Apr 8, 2026

Labels

The following labels could not be found: npm. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot requested a review from 0-sayed as a code owner April 8, 2026 07:16
@greptile-apps
Copy link
Copy Markdown

greptile-apps Bot commented Apr 8, 2026

PR author is in the excluded authors list.

devin-ai-integration[bot]
devin-ai-integration Bot reviewed Apr 8, 2026
View reviewed changes
Copy link
Copy Markdown

@devin-ai-integration devin-ai-integration Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no bugs or issues to report.

Open in Devin Review

@dependabot
chore(deps): bump drizzle-orm from 0.45.1 to 0.45.2
7b3bb6e 
Bumps [drizzle-orm](https://github.com/drizzle-team/drizzle-orm) from 0.45.1 to 0.45.2.
- [Release notes](https://github.com/drizzle-team/drizzle-orm/releases)
- [Commits](drizzle-team/drizzle-orm@0.45.1...0.45.2)

---
updated-dependencies:
- dependency-name: drizzle-orm
  dependency-version: 0.45.2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/drizzle-orm-0.45.2 branch from a878ffa to 7b3bb6e Compare April 22, 2026 17:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@devin-ai-integration devin-ai-integration[bot] devin-ai-integration[bot] left review comments

@0-sayed 0-sayed Awaiting requested review from 0-sayed 0-sayed is a code owner

Assignees

No one assigned

Labels

dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants