Hi Mapbox team,
Recently our company internal docker image scanner reported a bunch of critical and high vulnerabilities related to the sqlite binaries version 3.31.1 which is used by the sqlite3 npm package version 4.2.0.
The list of vulnerabilities is:
Is there any planned activity to perform the upgrade of the latest sqlite distribution version 3.32.1 from 2020-05-25?
Looking forward your soon feedback.
Thank you in advance.
Hey, I also have the same issue that I really need to get rid of these vulnerabilities. Is there any plan when to upgrade the sqlite version to some newer and less vulnerable one?
Ah, just saw https://github.com/mapbox/node-sqlite3/pull/1341 and the comment that it will be release soon, thx :-)
One more PR #1353 that points to the latest sqlite distribution 3.32.3
Updating to the latest 3.32 versions would also mean that by default the variable limit increases from 999 to 32766 which would be amazing.
Hi @ErisDS ,
The PR https://github.com/mapbox/node-sqlite3/pull/1351 was already merged. It contains the upgrade to SQLite 3.32.3.
The only missing part is to make the release 5.0.1. Hope that will not last ages.
Most helpful comment
Hi @ErisDS ,
The PR https://github.com/mapbox/node-sqlite3/pull/1351 was already merged. It contains the upgrade to SQLite 3.32.3.
The only missing part is to make the release 5.0.1. Hope that will not last ages.