knex 3.2.7 → 3.2.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +16 -0
- package/knex.mjs +0 -1
- package/lib/dialects/mysql/query/mysql-querycompiler.js +11 -2
- package/lib/dialects/postgres/index.js +3 -1
- package/lib/dialects/sqlite3/query/sqlite-querycompiler.js +8 -6
- package/lib/query/querycompiler.js +10 -4
- package/package.json +1 -24
- package/types/index.d.ts +6 -3
- package/types/index.d.mts +0 -14
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,21 @@
|
|
|
1
1
|
# Master (Unreleased)
|
|
2
2
|
|
|
3
|
+
# 3.2.9 - 3 April, 2026
|
|
4
|
+
|
|
5
|
+
### Bug fixes
|
|
6
|
+
|
|
7
|
+
- fix: support DELETE... LIMIT in dialects that support it (mysql), but continue to disallow ones that don't [#6429](https://github.com/knex/knex/issues/6429)
|
|
8
|
+
- fix(postgres): escape double quotes in searchPath to prevent SQL injection [#6411](https://github.com/knex/knex/issues/6411)
|
|
9
|
+
- fix(sqlite): append RETURNING statement when insert empty row [#5471](https://github.com/knex/knex/issues/5471)
|
|
10
|
+
- fix: add type support for Array<Buffer> [#6428](https://github.com/knex/knex/issues/6428)
|
|
11
|
+
|
|
12
|
+
# 3.2.8 - 30 March, 2026
|
|
13
|
+
|
|
14
|
+
### Bug fixes
|
|
15
|
+
|
|
16
|
+
- Reverts the breaking changes added in [#6227](https://github.com/knex/knex/issues/6227). This means that the ESM import of Knex is reverted to `import { knex } from 'knex/knex.mjs` [#6422](https://github.com/knex/knex/issues/6422)
|
|
17
|
+
- fix(types): allow a `QueryBuilder` type as a value in an `update` [#6419](https://github.com/knex/knex/issues/6419)
|
|
18
|
+
|
|
3
19
|
# 3.2.7 - 27 March, 2026
|
|
4
20
|
|
|
5
21
|
### Bug fixes
|
package/knex.mjs
CHANGED
|
@@ -27,12 +27,15 @@ class QueryCompiler_MySQL extends QueryCompiler {
|
|
|
27
27
|
|
|
28
28
|
this._emptyInsertValue = '() values ()';
|
|
29
29
|
}
|
|
30
|
-
// Compiles
|
|
30
|
+
// Compiles a `delete` query, allowing comments and LIMIT.
|
|
31
31
|
del() {
|
|
32
32
|
const sql = super.del();
|
|
33
33
|
if (sql === '') return sql;
|
|
34
34
|
const comments = this.comments();
|
|
35
|
-
|
|
35
|
+
const limit = this.limit();
|
|
36
|
+
return (
|
|
37
|
+
(comments === '' ? '' : comments + ' ') + sql + (limit ? ` ${limit}` : '')
|
|
38
|
+
);
|
|
36
39
|
}
|
|
37
40
|
|
|
38
41
|
// Compiles an `insert` query, allowing for multiple
|
|
@@ -287,6 +290,12 @@ class QueryCompiler_MySQL extends QueryCompiler {
|
|
|
287
290
|
}
|
|
288
291
|
}
|
|
289
292
|
|
|
293
|
+
// MySQL supports LIMIT on single-table DELETE statements.
|
|
294
|
+
QueryCompiler_MySQL.prototype.invalidClauses = {
|
|
295
|
+
delete: ['having'],
|
|
296
|
+
truncate: ['where', 'having', 'limit'],
|
|
297
|
+
};
|
|
298
|
+
|
|
290
299
|
// Set the QueryBuilder & QueryCompiler on the client object,
|
|
291
300
|
// in case anyone wants to modify things to suit their own purposes.
|
|
292
301
|
module.exports = QueryCompiler_MySQL;
|
|
@@ -174,7 +174,9 @@ class Client_PG extends Client {
|
|
|
174
174
|
path = [path];
|
|
175
175
|
}
|
|
176
176
|
|
|
177
|
-
path = path
|
|
177
|
+
path = path
|
|
178
|
+
.map((schemaName) => `"${schemaName.replace(/"/g, '""')}"`)
|
|
179
|
+
.join(',');
|
|
178
180
|
|
|
179
181
|
return new Promise(function (resolver, rejecter) {
|
|
180
182
|
connection.query(`set search_path to ${path}`, function (err) {
|
|
@@ -42,14 +42,16 @@ class QueryCompiler_SQLite3 extends QueryCompiler {
|
|
|
42
42
|
insertValues[0] &&
|
|
43
43
|
isEmpty(insertValues[0])
|
|
44
44
|
) {
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
45
|
+
sql += this._emptyInsertValue;
|
|
46
|
+
const { returning } = this.single;
|
|
47
|
+
if (returning) sql += this._returning(returning);
|
|
48
|
+
return { sql, returning };
|
|
48
49
|
}
|
|
49
50
|
} else if (typeof insertValues === 'object' && isEmpty(insertValues)) {
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
51
|
+
sql += this._emptyInsertValue;
|
|
52
|
+
const { returning } = this.single;
|
|
53
|
+
if (returning) sql += this._returning(returning);
|
|
54
|
+
return { sql, returning };
|
|
53
55
|
}
|
|
54
56
|
|
|
55
57
|
const insertData = this._prepInsert(insertValues);
|
|
@@ -48,7 +48,7 @@ const methodAliases = {
|
|
|
48
48
|
first: 'select',
|
|
49
49
|
pluck: 'select',
|
|
50
50
|
};
|
|
51
|
-
const
|
|
51
|
+
const defaultInvalidClauses = {
|
|
52
52
|
delete: ['having', 'limit'],
|
|
53
53
|
truncate: ['where', 'having', 'limit'],
|
|
54
54
|
};
|
|
@@ -77,9 +77,12 @@ class QueryCompiler {
|
|
|
77
77
|
this.builder = this.formatter.builder;
|
|
78
78
|
}
|
|
79
79
|
|
|
80
|
-
// Categorically refuse to execute certain queries that have defined certain clause groups
|
|
80
|
+
// Categorically refuse to execute certain queries that have defined certain clause groups.
|
|
81
81
|
// For example, if a "having" clause is defined but we're executing a "delete" query, that
|
|
82
82
|
// is never valid in any of the supported dialects.
|
|
83
|
+
//
|
|
84
|
+
// Dialects override `invalidClauses` on the prototype to adjust which clauses are
|
|
85
|
+
// disallowed for each verb (e.g. MySQL allows `limit` on `delete`).
|
|
83
86
|
_preValidate() {
|
|
84
87
|
// Query builders don't really store the SQL verb they expect to generate; this would
|
|
85
88
|
// be nicer if we could avoid the fanout of "call an arbitrary method on one of a dozen
|
|
@@ -87,12 +90,13 @@ class QueryCompiler {
|
|
|
87
90
|
// methods used by the codebase for now.
|
|
88
91
|
const method = this.method;
|
|
89
92
|
const verb = hasOwn(methodAliases, method) ? methodAliases[method] : method;
|
|
90
|
-
|
|
93
|
+
|
|
94
|
+
const invalid = this.invalidClauses[verb];
|
|
95
|
+
if (!invalid) return;
|
|
91
96
|
|
|
92
97
|
// For certain verbs, certain clauses just don't exist / aren't supported. The list
|
|
93
98
|
// here is intentionally not complete; it's just checking the things that allow users
|
|
94
99
|
// to make dangerous errors.
|
|
95
|
-
const invalid = invalidClauses[verb];
|
|
96
100
|
for (let i = 0; i < invalid.length; i++) {
|
|
97
101
|
const clause = invalid[i];
|
|
98
102
|
|
|
@@ -1631,4 +1635,6 @@ class QueryCompiler {
|
|
|
1631
1635
|
}
|
|
1632
1636
|
}
|
|
1633
1637
|
|
|
1638
|
+
QueryCompiler.prototype.invalidClauses = defaultInvalidClauses;
|
|
1639
|
+
|
|
1634
1640
|
module.exports = QueryCompiler;
|
package/package.json
CHANGED
|
@@ -1,31 +1,9 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "knex",
|
|
3
|
-
"version": "3.2.
|
|
3
|
+
"version": "3.2.9",
|
|
4
4
|
"description": "A batteries-included SQL query & schema builder for PostgresSQL, MySQL, CockroachDB, MSSQL and SQLite3",
|
|
5
5
|
"main": "knex.js",
|
|
6
6
|
"types": "types/index.d.ts",
|
|
7
|
-
"exports": {
|
|
8
|
-
".": {
|
|
9
|
-
"import": {
|
|
10
|
-
"types": "./types/index.d.mts",
|
|
11
|
-
"default": "./knex.mjs"
|
|
12
|
-
},
|
|
13
|
-
"require": {
|
|
14
|
-
"types": "./types/index.d.ts",
|
|
15
|
-
"default": "./knex.js"
|
|
16
|
-
}
|
|
17
|
-
},
|
|
18
|
-
"./bin/*.js": "./bin/*.js",
|
|
19
|
-
"./bin/*": "./bin/*",
|
|
20
|
-
"./types/*.d.ts": "./types/*.d.ts",
|
|
21
|
-
"./types/*": "./types/*.d.ts",
|
|
22
|
-
"./lib/*.js": "./lib/*.js",
|
|
23
|
-
"./lib/*": "./lib/*.js",
|
|
24
|
-
"./knex": "./knex.js",
|
|
25
|
-
"./knex.js": "./knex.js",
|
|
26
|
-
"./knex.mjs": "./knex.mjs",
|
|
27
|
-
"./package.json": "./package.json"
|
|
28
|
-
},
|
|
29
7
|
"engines": {
|
|
30
8
|
"node": ">=16"
|
|
31
9
|
},
|
|
@@ -162,7 +140,6 @@
|
|
|
162
140
|
"pg": "^8.20.0",
|
|
163
141
|
"pg-query-stream": "^4.14.0",
|
|
164
142
|
"prettier": "2.8.7",
|
|
165
|
-
"resolve.exports": "^2.0.3",
|
|
166
143
|
"rimraf": "^5.0.5",
|
|
167
144
|
"semver": "^7.7.4",
|
|
168
145
|
"sinon": "^15.0.1",
|
package/types/index.d.ts
CHANGED
|
@@ -501,9 +501,12 @@ declare namespace Knex {
|
|
|
501
501
|
| Array<Date>
|
|
502
502
|
| Array<boolean>
|
|
503
503
|
| Buffer
|
|
504
|
+
| Array<Buffer>
|
|
504
505
|
| Record<string, unknown>
|
|
505
506
|
| Knex.Raw;
|
|
506
507
|
|
|
508
|
+
type ValueOrBuilder = Value | Knex.QueryBuilder;
|
|
509
|
+
|
|
507
510
|
interface ValueDict extends Dict<Value | Knex.QueryBuilder> {}
|
|
508
511
|
interface AliasDict extends Dict<string> {}
|
|
509
512
|
|
|
@@ -1018,7 +1021,7 @@ declare namespace Knex {
|
|
|
1018
1021
|
>[]
|
|
1019
1022
|
>(
|
|
1020
1023
|
columnName: K1,
|
|
1021
|
-
value: DbColumn<ResolveTableType<TRecord, 'update'>[K1]
|
|
1024
|
+
value: DbColumn<ResolveTableType<TRecord, 'update'>[K1]> | QueryBuilder,
|
|
1022
1025
|
returning: readonly K2[],
|
|
1023
1026
|
options?: DMLOptions
|
|
1024
1027
|
): QueryBuilder<TRecord, TResult2>;
|
|
@@ -1028,7 +1031,7 @@ declare namespace Knex {
|
|
|
1028
1031
|
): QueryBuilder<TRecord, number>;
|
|
1029
1032
|
update<TResult2 = SafePartial<TRecord>[]>(
|
|
1030
1033
|
columnName: string,
|
|
1031
|
-
value:
|
|
1034
|
+
value: ValueOrBuilder,
|
|
1032
1035
|
returning: string | readonly string[],
|
|
1033
1036
|
options?: DMLOptions
|
|
1034
1037
|
): QueryBuilder<TRecord, TResult2>;
|
|
@@ -1101,7 +1104,7 @@ declare namespace Knex {
|
|
|
1101
1104
|
|
|
1102
1105
|
update<TResult2 = number>(
|
|
1103
1106
|
columnName: string,
|
|
1104
|
-
value:
|
|
1107
|
+
value: ValueOrBuilder
|
|
1105
1108
|
): QueryBuilder<TRecord, TResult2>;
|
|
1106
1109
|
|
|
1107
1110
|
returning(
|
package/types/index.d.mts
DELETED
|
@@ -1,14 +0,0 @@
|
|
|
1
|
-
// ESM-specific types for Knex.js
|
|
2
|
-
// This file provides ESM type definitions that wrap the CJS types from index.d.ts
|
|
3
|
-
// to match the exports defined in knex.mjs
|
|
4
|
-
|
|
5
|
-
import type { Knex } from './index.d.ts';
|
|
6
|
-
|
|
7
|
-
// Re-declare the knex factory function for ESM consumers.
|
|
8
|
-
// This matches the call signature from the CJS types.
|
|
9
|
-
declare function knex<TRecord extends {} = any, TResult = unknown[]>(
|
|
10
|
-
config: Knex.Config | string
|
|
11
|
-
): Knex<TRecord, TResult>;
|
|
12
|
-
|
|
13
|
-
export { knex, Knex };
|
|
14
|
-
export default knex;
|