From 66ca4f3c87c204ad9efc43bde64172d453945d1a Mon Sep 17 00:00:00 2001
From: Hans Ott <hansott@hotmail.be>
Date: Fri, 12 Dec 2025 14:30:16 +0100
Subject: [PATCH 1/2] Update zen internals to 0.1.55

---
 scripts/build.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/build.js b/scripts/build.js
index e044d2629..1540d725a 100644
--- a/scripts/build.js
+++ b/scripts/build.js
@@ -23,7 +23,7 @@ async function execAsyncWithPipe(command, options) {
 }
 
 // Zen Internals configuration
-const INTERNALS_VERSION = "v0.1.50";
+const INTERNALS_VERSION = "v0.1.55";
 const INTERNALS_URL = `https://github.com/AikidoSec/zen-internals/releases/download/${INTERNALS_VERSION}`;
 // ---
 

From 1bb7974c3c5b0b11031cb75ce84a1011c7ebd022 Mon Sep 17 00:00:00 2001
From: Hans Ott <hansott@hotmail.be>
Date: Fri, 12 Dec 2025 14:33:52 +0100
Subject: [PATCH 2/2] Add test case

---
 .../sql-injection/detectSQLInjection.test.ts               | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/library/vulnerabilities/sql-injection/detectSQLInjection.test.ts b/library/vulnerabilities/sql-injection/detectSQLInjection.test.ts
index 096336f25..4cd80f859 100644
--- a/library/vulnerabilities/sql-injection/detectSQLInjection.test.ts
+++ b/library/vulnerabilities/sql-injection/detectSQLInjection.test.ts
@@ -211,6 +211,13 @@ t.test("It does not flag key keyword as SQL injection", async () => {
   isNotSqlInjection(query, "UPDATE");
   isNotSqlInjection(query, "INSERT");
   isNotSqlInjection(query, "INTO");
+  isNotSqlInjection(
+    `
+    SELECT * FROM users u
+    WHERE u.status NOT IN ('active', 'pending')
+  `,
+    "not in"
+  );
 });
 
 t.test("It flags function calls as SQL injections", async () => {