knex 3.2.5 → 3.2.7

package/CHANGELOG.md

@@ -1,10 +1,33 @@
 # Master (Unreleased)
 
+# 3.2.7 - 27 March, 2026
+
+### Bug fixes
+
+- fix sqlite DDL operations failing inside transactions [#6408](https://github.com/knex/knex/issues/6408)
+- fix: handle lowercase INFORMATION_SCHEMA keys in MySQL renameColumn [#6407](https://github.com/knex/knex/issues/6407)
+- fix: clone config in client constructor [#5633](https://github.com/knex/knex/issues/5633)
+- fix: remove \_\_knexTxId from transaction connection on release [#5288](https://github.com/knex/knex/issues/5288)
+- fix: correct binding order in delete with subquery join [#6412](https://github.com/knex/knex/issues/6412)
+- chore: omit ./scripts from published package [#6356](https://github.com/knex/knex/issues/6356)
+
+# 3.2.6 - 24 March, 2026
+
+### Bug fixes
+
+- Fix module exports [#6406](https://github.com/knex/knex/issues/6406)
+
+# 3.2.5 - 23 March, 2026
+
+### Bug fixes
+
+- Fix ESM exports [#6405](https://github.com/knex/knex/issues/6405)
+
 # 3.2.4 - 23 March, 2026
 
 ### Bug fixes
 
-- Fix ESM type exports
+- Fix ESM type exports [#6404](https://github.com/knex/knex/issues/6404)
 
 # 3.2.1 - 22 March, 2026
 

package/lib/client.js

@@ -41,11 +41,14 @@ const debug = require('debug')('knex:client');
 class Client extends EventEmitter {
   constructor(config = {}) {
     super();
-    this.config = config;
-    this.logger = new Logger(config);
+    this.config = { ...config };
+    if (config.connection && typeof config.connection === 'object') {
+      this.config.connection = { ...config.connection };
+    }
+    this.logger = new Logger(this.config);
 
-    if (this.config.connection && this.config.connection.password) {
-      setHiddenProperty(this.config.connection);
+    if (this.config.connection && config.connection.password) {
+      setHiddenProperty(this.config.connection, config.connection);
     }
 
     //Client is a required field, so throw error if it's not supplied.
@@ -70,19 +73,19 @@ class Client extends EventEmitter {
     }
 
     if (config.connection && config.connection instanceof Function) {
-      this.connectionConfigProvider = config.connection;
+      this.connectionConfigProvider = this.config.connection;
       this.connectionConfigExpirationChecker = () => true; // causes the provider to be called on first use
     } else {
-      this.connectionSettings = cloneDeep(config.connection || {});
+      this.connectionSettings = cloneDeep(this.config.connection || {});
       if (config.connection && config.connection.password) {
-        setHiddenProperty(this.connectionSettings, config.connection);
+        setHiddenProperty(this.connectionSettings, this.config.connection);
       }
       this.connectionConfigExpirationChecker = null;
     }
     if (this.driverName && config.connection) {
       this.initializeDriver();
       if (!config.pool || (config.pool && config.pool.max !== 0)) {
-        this.initializePool(config);
+        this.initializePool(this.config);
       }
     }
     this.valueForUndefined = this.raw('DEFAULT');

package/lib/dialects/mysql/schema/mysql-tablecompiler.js

@@ -125,11 +125,19 @@ class TableCompiler_MySQL extends TableCompiler {
               return compiler.createFKRefs(
                 runner,
                 refs.map(function (ref) {
-                  if (ref.REFERENCED_COLUMN_NAME === from) {
-                    ref.REFERENCED_COLUMN_NAME = to;
+                  const refColKey =
+                    ref.REFERENCED_COLUMN_NAME !== undefined
+                      ? 'REFERENCED_COLUMN_NAME'
+                      : 'referenced_column_name';
+                  const colKey =
+                    ref.COLUMN_NAME !== undefined
+                      ? 'COLUMN_NAME'
+                      : 'column_name';
+                  if (ref[refColKey] === from) {
+                    ref[refColKey] = to;
                   }
-                  if (ref.COLUMN_NAME === from) {
-                    ref.COLUMN_NAME = to;
+                  if (ref[colKey] === from) {
+                    ref[colKey] = to;
                   }
                   return ref;
                 })
@@ -187,7 +195,7 @@ class TableCompiler_MySQL extends TableCompiler {
       '       RC.UPDATE_RULE, RC.DELETE_RULE ' +
       'FROM INFORMATION_SCHEMA.KEY_COLUMN_USAGE AS KCU ' +
       'JOIN INFORMATION_SCHEMA.REFERENTIAL_CONSTRAINTS AS RC ' +
-      '       USING(CONSTRAINT_NAME)' +
+      '       USING(CONSTRAINT_NAME) ' +
       'WHERE KCU.REFERENCED_TABLE_NAME = ' +
       this.client.parameter(
         this.tableNameRaw,
@@ -220,8 +228,10 @@ class TableCompiler_MySQL extends TableCompiler {
 
     return Promise.all(
       refs.map(function (ref) {
-        const constraintName = formatter.wrap(ref.CONSTRAINT_NAME);
-        const tableName = formatter.wrap(ref.TABLE_NAME);
+        const constraintName = formatter.wrap(
+          ref.CONSTRAINT_NAME || ref.constraint_name
+        );
+        const tableName = formatter.wrap(ref.TABLE_NAME || ref.table_name);
         return runner.query({
           sql: `alter table ${tableName} drop foreign key ${constraintName}`,
         });
@@ -234,13 +244,19 @@ class TableCompiler_MySQL extends TableCompiler {
 
     return Promise.all(
       refs.map(function (ref) {
-        const tableName = formatter.wrap(ref.TABLE_NAME);
-        const keyName = formatter.wrap(ref.CONSTRAINT_NAME);
-        const column = formatter.columnize(ref.COLUMN_NAME);
-        const references = formatter.columnize(ref.REFERENCED_COLUMN_NAME);
-        const inTable = formatter.wrap(ref.REFERENCED_TABLE_NAME);
-        const onUpdate = ` ON UPDATE ${ref.UPDATE_RULE}`;
-        const onDelete = ` ON DELETE ${ref.DELETE_RULE}`;
+        const tableName = formatter.wrap(ref.TABLE_NAME || ref.table_name);
+        const keyName = formatter.wrap(
+          ref.CONSTRAINT_NAME || ref.constraint_name
+        );
+        const column = formatter.columnize(ref.COLUMN_NAME || ref.column_name);
+        const references = formatter.columnize(
+          ref.REFERENCED_COLUMN_NAME || ref.referenced_column_name
+        );
+        const inTable = formatter.wrap(
+          ref.REFERENCED_TABLE_NAME || ref.referenced_table_name
+        );
+        const onUpdate = ` ON UPDATE ${ref.UPDATE_RULE || ref.update_rule}`;
+        const onDelete = ` ON DELETE ${ref.DELETE_RULE || ref.delete_rule}`;
 
         return runner.query({
           sql:

package/lib/dialects/sqlite3/execution/sqlite-transaction.js

@@ -88,7 +88,7 @@ class Transaction_Sqlite extends Transaction {
       if (
         strictForeignKeyPragma &&
         hasOuterTransaction &&
-        restoreForeignCheck !== undefined
+        restoreForeignCheck != null
       ) {
         throw new Error(
           `Refusing to create transaction: unable to change \`foreign_keys\` pragma inside a nested transaction`

package/lib/dialects/sqlite3/schema/ddl.js

@@ -334,6 +334,10 @@ class SQLite3_DDL {
   }
 
   async alter(newSql, createIndices, columns) {
+    // When already inside a transaction, we cannot change the foreign_keys
+    // pragma (SQLite silently ignores pragma changes within transactions).
+    // Use `null` to leave it as-is and avoid the nested-transaction guard.
+    const enforceForeignCheck = this.client.transacting ? null : false;
     await this.client.transaction(
       async (trx) => {
         await trx.raw(newSql);
@@ -345,7 +349,7 @@ class SQLite3_DDL {
           await trx.raw(createIndex);
         }
       },
-      { connection: this.connection, enforceForeignCheck: false }
+      { connection: this.connection, enforceForeignCheck }
     );
   }
 

package/lib/execution/internal/query-executioner.js

@@ -47,7 +47,7 @@ function executeQuery(connection, queryObject, client) {
       'query-error',
       err,
       Object.assign(
-        { __knexUid: connection.__knexUid, __knexTxId: connection.__knexUid },
+        { __knexUid: connection.__knexUid, __knexTxId: connection.__knexTxId },
         queryObject
       )
     );

package/lib/execution/transaction.js

@@ -271,6 +271,7 @@ class Transaction extends EventEmitter {
     } finally {
       if (!configConnection) {
         debug('%s: releasing connection', this.txid);
+        delete connection.__knexTxId;
         this.client.releaseConnection(connection);
       } else {
         debug('%s: not releasing external connection', this.txid);

package/lib/query/querycompiler.js

@@ -865,8 +865,8 @@ class QueryCompiler {
     // Make sure tableName is processed by the formatter first.
     const { tableName } = this;
     const withSQL = this.with();
-    const wheres = this.where();
     const joins = this.join();
+    const wheres = this.where();
     // When using joins, delete the "from" table values as a default
     const deleteSelector = joins ? tableName + ' ' : '';
     return (

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "knex",
-  "version": "3.2.5",
+  "version": "3.2.7",
   "description": "A batteries-included SQL query & schema builder for PostgresSQL, MySQL, CockroachDB, MSSQL and SQLite3",
   "main": "knex.js",
   "types": "types/index.d.ts",
@@ -15,6 +15,10 @@
         "default": "./knex.js"
       }
     },
+    "./bin/*.js": "./bin/*.js",
+    "./bin/*": "./bin/*",
+    "./types/*.d.ts": "./types/*.d.ts",
+    "./types/*": "./types/*.d.ts",
     "./lib/*.js": "./lib/*.js",
     "./lib/*": "./lib/*.js",
     "./knex": "./knex.js",
@@ -33,10 +37,10 @@
     "format:check": "prettier --list-different .",
     "debug:test": "mocha --inspect-brk --exit -t 0 test/all-tests-suite.js",
     "debug:tape": "node --inspect-brk test/tape/index.js",
-    "coveralls": "nyc report --reporter=lcov",
     "lint": "eslint --cache .",
     "lint:fix": "eslint --cache --fix .",
-    "lint:types": "tsd && tstyche --target 5.4 test-tstyche/esm-types.tst.ts",
+    "prelint:types": "cd test-tstyche && npm i",
+    "lint:types": "tsd && tstyche --target 5.4",
     "lint:everything": "npm run lint && npm run lint:types",
     "lint:fix:everything": "npm run lint:fix && npm run lint:types",
     "test:unit": "npm run test:unit-only && npm run test:cli",
@@ -254,7 +258,6 @@
     "!lib/**/*.d.ts",
     "!lib/**/*.js.map",
     "!lib/.gitignore",
-    "scripts/*",
     "types/index.d.ts",
     "types/index.d.mts",
     "types/result.d.ts",

package/scripts/act-testing/act.sh

@@ -1,19 +0,0 @@
-#!/bin/bash -e
-
-mkdir -p /tmp/artifacts
-
-HERE="$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
-
-evtfile=""
-if [ -f "$1" ]; then
-  evtfile="$1"
-elif [ -f "$HERE/$1.json" ]; then
-  evtfile="$HERE/$1.json"
-else
-  echo "Usage: $0 <event jsonfile>"
-  exit 1
-fi
-
-shift
-
-act --artifact-server-path /tmp/artifacts -e "$evtfile" -W "$HERE/../../.github/workflows/publish.yml" "$@"

package/scripts/act-testing/merged-no-label.json

@@ -1,11 +0,0 @@
-{
-  "pull_request": {
-    "head": {
-      "ref": "pr-getting-merged"
-    },
-    "base": {
-      "ref": "master"
-    },
-    "merged": true
-  }
-}

package/scripts/act-testing/merged-patch-labeled.json

@@ -1,12 +0,0 @@
-{
-  "pull_request": {
-    "head": {
-      "ref": "pr-getting-merged"
-    },
-    "base": {
-      "ref": "master"
-    },
-    "merged": true,
-    "labels": [{ "name": "patch" }]
-  }
-}

package/scripts/act-testing/merged-skip-labeled.json

@@ -1,12 +0,0 @@
-{
-  "pull_request": {
-    "head": {
-      "ref": "pr-getting-merged"
-    },
-    "base": {
-      "ref": "master"
-    },
-    "merged": true,
-    "labels": [{ "name": "skip-release" }]
-  }
-}

package/scripts/act-testing/not-merged-patch-labeled.json

@@ -1,12 +0,0 @@
-{
-  "pull_request": {
-    "head": {
-      "ref": "pr-getting-merged"
-    },
-    "base": {
-      "ref": "master"
-    },
-    "merged": false,
-    "labels": [{ "name": "patch" }]
-  }
-}

package/scripts/build-for-release.sh

@@ -1,122 +0,0 @@
-#!/bin/bash -e
-
-# context: currently, no package lockfile is utilized in this repository.
-# this is so that CI tests run on the ~latest versions of dependencies,
-# especially the peer dependencies of database clients, so that our tests
-# will more readily surface problems that our users will experience when
-# they just do the normal thing.
-
-# however, for automatic release publishing, we want to be much stricter
-# with the dependencies that are involved in the workflow to avoid risks
-# from e.g. supply chain attacks.
-
-# we could use "npm ci" if we had a lockfile, but instead we're going to
-# separately maintain pinned versions of the build dependencies and run
-# exactly those versions. care should be taken when updating/altering the
-# versions to vet them.
-
-# pinned versions of the dependencies required to perform a release build
-declare -A PINNED_VERSIONS=(
-  [typescript]="5.0.4"
-  [prettier]="2.8.7"
-  [@types/node]="20.19.11"
-  [@tsconfig/node12]="1.0.11"
-)
-
-# validate args
-BUMP_TYPE="$1"
-case "$BUMP_TYPE" in
-  major|minor|patch)
-    # valid
-  ;;
-  *)
-    >&2 echo "Invalid bump type. Use: $0 {major|minor|patch}"
-    exit 1
-  ;;
-esac
-
-
-# npm 7 doesn't provide a way to install only a specific dependency, it's
-# all-or-nothing. so we have to do some shenanigans to validate our pinned
-# versions against package.json
-
-# create a jq expression for a minimal package.json that includes only
-# our build dependencies
-tmpl='
-{
-  name: "dep-check",
-  private: true,
-  version: "0.0.0",
-  devDependencies: {
-'
-for pkg in "${!PINNED_VERSIONS[@]}"; do
-  # for each pinned dependency, add something like:
-  # pkg: .devDependencies.pkg
-  tmpl+="    \"${pkg}\": .devDependencies[\"${pkg}\"],
-"
-done
-tmpl+='
-  }
-}'
-
-PROJECT_DIR="$(pwd)"
-TMP_DIR="$(mktemp -d)"
-
-# render the template to a package.json file in a temp dir
-echo
-echo "Build dependencies:"
-jq "$tmpl" package.json | tee "$TMP_DIR/package.json"
-
-# install dependencies at the pinned version in the temp dir
-# ignore pre/post script hooks
-echo
-echo "Installing packages"
->/dev/null pushd "$TMP_DIR"
-
-failed=0
-for pkg in "${!PINNED_VERSIONS[@]}"; do
-  fqpkg="${pkg}@${PINNED_VERSIONS[$pkg]}"
-  echo "npm install --no-save --ignore-scripts $fqpkg"
-  >/dev/null 2>/dev/null npm install --no-save --ignore-scripts "$fqpkg"
-
-
-  # ensure the pinned version conforms to package.json semver specification
-  if npm ls 2>/dev/null | grep invalid; then
-    failed=1
-  fi
-done
-
-# one or more pins is incorrect, do not publish
-if [[ "$failed" = 1 ]]; then
-  echo
-  echo "One or more pinned dependencies do not satisfy package.json requirements"
-  echo "Please update '$0'"
-  exit 1
-fi
-
->/dev/null popd
-
-# move tempdir node_modules to build dir
-mv "$TMP_DIR/node_modules" "$PROJECT_DIR/node_modules"
-echo
-echo "node_modules:"
-ls -l node_modules
-
-echo "Running build steps"
-
-# run the package.json build script
-# currently, this executes typescript and uses
-# prettier to format the TS output
-npm run build
-
-# bump the version in package.json
-npm version "$BUMP_TYPE" --no-git-tag-version
-
-# we don't commit here, but we do create the tarball that
-# will be published to npm. the dependent job takes the
-# tarball and commits the changes + publishes the tarball
-
-# create the tarball for handoff and record its filename
-TARBALL="$(npm pack --silent)"
-echo "tarball=$TARBALL" >> "$GITHUB_OUTPUT"
-ls -la "$TARBALL"

package/scripts/build.js

@@ -1,125 +0,0 @@
-#!/usr/bin/env node
-const fs = require('fs');
-const path = require('path');
-const child_process = require('child_process');
-const _ = require('lodash');
-
-const exec = function (cmd, args) {
-  return new Promise(function (resolve, reject) {
-    // Execute command
-    const child = child_process.exec(cmd, {
-      cwd: process.cwd(),
-      env: process.env,
-    });
-
-    // Pass stdout and stderr
-    child.stdout.on('data', function (data) {
-      process.stdout.write(data.toString());
-    });
-    child.stderr.on('data', function (data) {
-      process.stderr.write(data.toString());
-    });
-    // Handle result
-    child.on('exit', function (code) {
-      if (code) reject(code);
-      else resolve();
-    });
-    child.on('error', reject);
-  });
-};
-
-const CWD = process.cwd();
-const POSTINSTALL_BUILD_CWD = process.env.POSTINSTALL_BUILD_CWD;
-
-// If we didn't have this check, then we'd be stuck in an infinite `postinstall`
-// loop, since we run `npm install --only=dev` below, triggering another
-// `postinstall`. We can't use `--ignore-scripts` because that ignores scripts
-// on all the modules that get installed, too, which would break stuff. So
-// instead, we set an environment variable, `POSTINSTALL_BUILD_CWD`, that keeps
-// track of what we're installing. It's more than just a yes/no flag because
-// the dev dependencies we're installing might use `postinstall-build` too, and
-// we don't want the flag to prevent them from running.
-if (POSTINSTALL_BUILD_CWD !== CWD) {
-  const BUILD_ARTIFACT = process.argv[2];
-  const BUILD_COMMAND = process.argv[3];
-
-  fs.stat(BUILD_ARTIFACT, function (err, stats) {
-    if (err || !(stats.isFile() || stats.isDirectory())) {
-      // This script will run again after we run `npm install` below. Set an
-      // environment variable to tell it to skip the check. Really we just want
-      // the execSync's `env` to be modified, but it's easier just modify and
-      // pass along the entire `process.env`.
-      process.env.POSTINSTALL_BUILD_CWD = CWD;
-      // We already have prod dependencies, that's what triggered `postinstall`
-      // in the first place. So only install dev.
-
-      // Fetch package.json
-      const pkgJson = require(path.join(CWD, 'package.json'));
-      const devDeps = pkgJson.devDependencies;
-      // Values listed under `buildDependencies` contain the dependency names
-      // that are required for `lib` building.
-      const buildDependencies = _.pick(devDeps, pkgJson.buildDependencies);
-
-      // Proceed only if there is something to install
-      if (!_.isEmpty(buildDependencies)) {
-        const opts = { env: process.env, stdio: 'inherit' };
-
-        console.log('Building Knex.js');
-
-        // Map all key (dependency) value (semver) pairs to
-        // "dependency@semver dependency@semver ..." string that can be used
-        // for `npm install` command
-        const installArgs = _(buildDependencies)
-          .pickBy(function (semver, dep) {
-            // Check if the dependency is already installed
-            try {
-              require(dep);
-              return false;
-            } catch (err) {
-              return true;
-            }
-          })
-          .map(function (semver, dep) {
-            // Format installable dependencies
-            return dep + '@' + semver;
-          })
-          .value()
-          .join(' ');
-        const needsDepInstallation = !_.isEmpty(installArgs);
-        const dependenciesInstalledQ = needsDepInstallation
-          ? exec('npm install ' + installArgs, opts)
-          : Promise.resolve();
-        dependenciesInstalledQ
-          .then(function () {
-            console.log('✓');
-            // Don't need the flag anymore as `postinstall` was already run.
-            // Change it back so the environment is minimally changed for the
-            // remaining commands.
-            process.env.POSTINSTALL_BUILD_CWD = POSTINSTALL_BUILD_CWD;
-            console.log('Building compiled files (' + BUILD_COMMAND + ')');
-            return exec(BUILD_COMMAND, opts);
-          })
-          .catch(function (err) {
-            console.error(err);
-            process.exit(1);
-          })
-          .then(function () {
-            if (process.env.NODE_ENV === 'production') {
-              console.log('✓');
-              console.log('Pruning dev dependencies for production build');
-              return exec('npm prune --production', opts);
-            } else {
-              console.log('Skipping npm prune');
-            }
-          })
-          .then(function () {
-            console.log('✓');
-          })
-          .catch(function (err) {
-            console.error(err);
-            process.exit(1);
-          });
-      }
-    }
-  });
-}

package/scripts/clean.js

@@ -1,31 +0,0 @@
-#!/usr/bin/env node
-
-const fs = require('fs');
-const path = require('path');
-const { execSync } = require('child_process');
-
-function main() {
-  const repoDir = path.dirname(__dirname);
-  const gitDir = path.join(repoDir, '.git');
-  const gitDirExists = doesDirectoryExist(gitDir);
-  if (!gitDirExists) {
-    console.log("No .git directory detected so can not clean 'lib/'. Exiting.");
-    process.exit(0);
-  }
-  console.log(
-    "Cleaning 'lib/' of outputted files from Typescript compilation ..."
-  );
-  const cmd = 'git clean -f -X lib/';
-  const output = execSync(cmd, { cwd: repoDir });
-  console.log(output.toString('utf8'));
-  console.log('Done');
-}
-
-function doesDirectoryExist(p) {
-  if (fs.existsSync(p)) {
-    return fs.lstatSync(p).isDirectory();
-  }
-  return false;
-}
-
-main();