chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Age	Adoption	Passing	Confidence
akhileshns/heroku-deploy	action	minor	v3.12.12 -> v3.13.15
knex (source)	dependencies	patch	0.95.4 -> 0.95.15
pg (source)	dependencies	minor	8.6.0 -> 8.13.0
react-sortable-tree (source)	dependencies	minor	2.7.1 -> 2.8.0
sqlite3	dependencies	minor	5.0.2 -> 5.1.7
strapi (source)	dependencies	patch	3.6.0 -> 3.6.11
strapi-admin	dependencies	patch	3.6.0 -> 3.6.11
strapi-connector-bookshelf (source)	dependencies	patch	3.6.0 -> 3.6.11
strapi-helper-plugin (source)	dependencies	patch	3.6.0 -> 3.6.11
strapi-plugin-content-manager	dependencies	patch	3.6.0 -> 3.6.11
strapi-plugin-content-type-builder	dependencies	patch	3.6.0 -> 3.6.11
strapi-plugin-documentation (source)	dependencies	patch	3.6.0 -> 3.6.11
strapi-plugin-email	dependencies	patch	3.6.0 -> 3.6.11
strapi-plugin-upload (source)	dependencies	patch	3.6.0 -> 3.6.11
strapi-plugin-users-permissions	dependencies	patch	3.6.0 -> 3.6.11
strapi-utils (source)	dependencies	patch	3.6.0 -> 3.6.11

---

Release Notes

akhileshns/heroku-deploy (akhileshns/heroku-deploy)

v3.13.15

Compare Source

Updated node version to "node20" (as "node18" is not supported by GitHub Actions)

v3.13.14

Compare Source

Updated node version from 16 to 18 (as 16 is causing problems due to deprecation)

v3.12.14

Compare Source

• Updated @​actions/core version to >1.10.0 to fix setOutput call problems in the future

(Thanks to @​arg, @​clickclickonsal, @​romack and @​fabn for the suggestion)

v3.12.13

Compare Source

Switched to node 16 due to deprecation of node 12 (Thank you to @​brtrick for PR)

knex/knex (knex)

v0.95.15

Compare Source

Bug fixes:

• Oracle:
• MariaDB: lock row fix during migration in MariaDB and Oracle #​4865

v0.95.14

Compare Source

Bug fixes:

• MySQL: mysql2 dialect validate connection fix #​4794

v0.95.13

Compare Source

Bug fixes:

• PostgreSQL: Support zero precision in timestamp/datetime #​4784

Typings:

• Allow string indexType in index creation #​4791

v0.95.12

Compare Source

New features:

• New dialect: CockroachDB #​4742
• New dialect: pg-native #​4327
• CockroachDB: add support for upsert #​4767
• PostgreSQL: Support SELECT .. FOR NO KEY UPDATE / KEY SHARE row level locking clauses #​4755
• PostgreSQL: Add support for 'CASCADE' in PostgreSQL 'DROP SCHEMA' queries #​4713
• MySQL: Add storage engine index Type support to index() and unique() schema #​4756
• MSSQL: Support table.primary, table.unique variant with options object #​4710
• SQLite: Add setNullable support to SQLite #​4684
• Add geometry column building #​4776
• Add support for creating table copies #​1373
• Implement support for views and materialized views #​1626
• Implement partial index support #​4768
• Support for 'is null' in 'order by' #​3667

Bug fixes:

• Fix support for Oracle connections passed via knex.connection() #​4757
• Avoid inserting multiple locks if a migration lock already exists #​4694

Typings:

• Some TableBuilder methods return wrong types #​4764
• Update JoinRaw bindings type to accept arrays #​4752
• fix onDelete/onUpdate for ColumnBuilder #​4656

v0.95.11

Compare Source

New features:

• Add support for nullability modification via schema builder (table.setNullable() and table.dropNullable()) #​4657
• MySQL: Add support for mysql/mariadb-client JSON parameters in connectionURIs #​4629
• MSSQL: Support comments as MS_Description properties #​4632

Bug fixes:

• Fix Analytic orderBy and partitionBy to follow the SQL documentation #​4602
• CLI: fix migrate:up for migrations disabling transactions #​4550
• SQLite: Fix adding a column with a foreign key constraint in SQLite #​4649
• MSSQL: columnInfo() support case-sensitive database collations #​4633
• MSSQL: Generate valid SQL for withRecursive() #​4514
• Oracle: withRecursive: omit invalid RECURSIVE keyword, include column list #​4514

Improvements:

• Add .mjs migration and seed stubs #​4631
• SQLite: Clean up DDL handling and move all operations to the parser-based approach #​4648

v0.95.10

Compare Source

Improvements:

• Use sys info function instead of connection db name #​4623

Typings:

• Deferrable and withkeyName should not be in ColumnBuilder #​4600

v0.95.9

Compare Source

New features:

• Oracle: support specifying schema for dropTable and dropSequence #​4596
• Oracle: support specifying schema for autoincrement #​4594

Typings:

• Add TypeScript support for deferrable, new Primary/Unique syntax #​4589

v0.95.8

Compare Source

New features:

• Add deferrable support for constraint #​4584
• Implement delete with join #​4568
• Add DPI error codes for Oracle #​4536

Bug fixes:

• Fixing PostgreSQL datetime and timestamp column created with wrong format #​4578

Typings:

• Improve analytic types #​4576
• MSSQL: Add trustServerCertificate option #​4500

v0.95.7

Compare Source

New features:

• Add ability to omit columns on an onConflict().ignore() #​4557
• CLI: Log error message #​4534

Typings:

• Export Knex.TransactionConfig #​4498
• Include options object in count(Distinct) typings #​4491
• Add types for analytic functions #​4544

v0.95.6

Compare Source

Typings:

• Export TransactionProvider type #​4489

v0.95.5

Compare Source

New features:

• SQLite: Add support for file open flags #​4446
• Add .cjs extension to Seeder.js to support Node ESM #​4381 #​4382

Bug fixes:

• Remove peerDependencies to avoid auto-install on npm 7 #​4480

Typings:

• Fix typing for increments and bigIncrements #​4406
• Add typings for on JoinClause for onVal #​4436
• Adding Type Definition for isTransaction #​4418
• Export client class from knex namespace #​4479

brianc/node-postgres (pg)

v8.13.0

Compare Source

v8.12.0

Compare Source

• Add queryMode config option to force use of the extended query protocol on queries without any parameters.

v8.11.6

Compare Source

v8.11.5

Compare Source

v8.11.4

Compare Source

v8.11.3

Compare Source

v8.11.2

Compare Source

v8.11.1

Compare Source

v8.11.0

Compare Source

v8.10.0

Compare Source

• Emit release event when client is returned to the pool.

v8.9.0

Compare Source

• Add support for stream factory.
• Better errors for SASL authentication.
• Use native crypto module for SASL authentication.

v8.8.0

Compare Source

• Bump minimum required version of native bindings.
• Catch previously uncatchable errors thrown in pool.query.
• Prevent the pool from blocking the event loop if all clients are idle (and allowExitOnIdle is enabled).
• Support lock_timeout in client config.
• Fix errors thrown in callbacks from interfering with cleanup.

pg-pool@3.5.0

• Add connection lifetime limit config option.

pg@8.7.0

• Add optional config to pool to allow process to exit if pool is idle.

pg-cursor@2.7.0

• Convert to es6 class
• Add support for promises to cursor methods

pg@8.6.0

• Better SASL error messages & more validation on bad configuration.
• Export DatabaseError.
• Add ParameterDescription support to protocol parsing.
• Fix typescript typedefs with --isolatedModules.

pg-query-stream@4.0.0

• Library has been converted to Typescript. The behavior is identical, but there could be subtle breaking changes due to class names changing or other small inconsistencies introduced by the conversion.

pg@8.5.0

• Fix bug forwarding ssl key.
• Convert pg-query-stream internals to typescript.
• Performance improvements.

pg@8.4.0

• Switch to optional peer dependencies & remove semver package which has been a small thorn in the side of a few users.
• Export DatabaseError from pg-protocol.
• Add support for sslmode in the connection string.

pg@8.3.0

• Support passing a string of command line options flags via the { options: string } field on client/pool config.

pg@8.2.0

• Switch internal protocol parser & serializer to pg-protocol. The change is backwards compatible but results in a significant performance improvement across the board, with some queries as much as 50% faster. This is the first work to land in an on-going performance improvment initiative I'm working on. Stay tuned as things are set to get much faster still! 🚀

pg-cursor@2.2.0

• Switch internal protocol parser & serializer to pg-protocol. The change is backwards compatible but results in a significant performance improvement across the board, with some queries as much as 50% faster.

pg-query-stream@3.1.0

• Switch internal protocol parser & serializer to pg-protocol. The change is backwards compatible but results in a significant performance improvement across the board, with some queries as much as 50% faster.

pg@8.1.0

• Switch to using monorepo version of pg-connection-string. This includes better support for SSL argument parsing from connection strings and ensures continuity of support.
• Add &ssl=no-verify option to connection string and PGSSLMODE=no-verify environment variable support for the pure JS driver. This is equivalent of passing { ssl: { rejectUnauthorized: false } } to the client/pool constructor. The advantage of having support in connection strings and environment variables is it can be "externally" configured via environment variables and CLI arguments much more easily, and should remove the need to directly edit any application code for the SSL default changes in 8.0. This should make using pg@8.x significantly less difficult on environments like Heroku for example.

pg-pool@3.2.0

• Same changes to pg impact pg-pool as they both use the same connection parameter and connection string parsing code for configuring SSL.

pg-pool@3.1.0

• Add maxUses config option.

pg@8.0.0

note: for detailed release notes please check here

• Remove versions of node older than 6 lts from the test matrix. pg>=8.0 may still work on older versions but it is no longer officially supported.
• Change default behavior when not specifying rejectUnauthorized with the SSL connection parameters. Previously we defaulted to rejectUnauthorized: false when it was not specifically included. We now default to rejectUnauthorized: true. Manually specify { ssl: { rejectUnauthorized: false } } for old behavior.
• Change default database when not specified to use the user config option if available. Previously process.env.USER was used.
• Change pg.Pool and pg.Query to be an es6 class.
• Make pg.native non enumerable.
• notice messages are no longer instances of Error.
• Passwords no longer show up when instances of clients or pools are logged.

pg@7.18.0

• This will likely be the last minor release before pg@8.0.
• This version contains a few bug fixes and adds a deprecation warning for a pending change in 8.0 which will flip the default behavior over SSL from rejectUnauthorized from false to true making things more secure in the general use case.

pg-query-stream@3.0.0

• Rewrote stream internals to better conform to node stream semantics. This should make pg-query-stream much better at respecting highWaterMark and getting rid of some edge case bugs when using pg-query-stream as an async iterator. Due to the size and nature of this change (effectively a full re-write) it's safest to bump the semver major here, though almost all tests remain untouched and still passing, which brings us to a breaking change to the API....
• Changed stream.close to stream.destroy which is the official way to terminate a readable stream. This is a breaking change if you rely on the stream.close method on pg-query-stream...though should be just a find/replace type operation to upgrade as the semantics remain very similar (not exactly the same, since internals are rewritten, but more in line with how streams are "supposed" to behave).
• Unified the config.batchSize and config.highWaterMark to both do the same thing: control how many rows are buffered in memory. The ReadableStream will manage exactly how many rows are requested from the cursor at a time. This should give better out of the box performance and help with efficient async iteration.

pg@7.17.0

• Add support for idle_in_transaction_session_timeout option.

7.16.0

• Add optional, opt-in behavior to test new, faster query pipeline. This is experimental, and not documented yet. The pipeline changes will grow significantly after the 8.0 release.

7.15.0

• Change repository structure to support lerna & future monorepo development.
• Warn about deprecation for calling constructors without new.

7.14.0

• Reverts 7.13.0 as it contained an accidental breaking change for self-signed SSL cert verification. 7.14.0 is identical to 7.12.1.

7.13.0

• Add support for all tls.connect() options.

7.12.0

• Add support for async password lookup.

7.11.0

• Add support for connection_timeout and keepalives_idle.

7.10.0

• Add support for per-query types.

7.9.0

• Add support for sasl/scram authentication.

7.8.0

• Add support for passing secureOptions SSL config.
• Upgrade pg-types to 2.0.

7.7.0

• Add support for configurable query timeout on a client level.

7.6.0

• Add support for "bring your own promise"

7.5.0

• Better error message when passing null or undefined to client.query.
• Better error handling on queued queries.

7.4.0

• Add support for Uint8Array values.

7.3.0

• Add support for statement timeout.

7.2.0

• Pinned pg-pool and pg-types to a tighter semver range. This is likely not a noticeable change for you unless you were specifically installing older versions of those libraries for some reason, but making it a minor bump here just in case it could cause any confusion.

7.1.0

Enhancements

• You can now supply both a connection string and additional config options to clients.

7.0.0

Breaking Changes

• Drop support for node < 4.x.
• Remove pg.connect pg.end and pg.cancel singleton methods.
• Client#connect(callback) now returns undefined. It used to return an event emitter.
• Upgrade pg-pool to 2.x.
• Upgrade pg-native to 2.x.
• Standardize error message fields between JS and native driver. The only breaking changes were in the native driver as its field names were brought into alignment with the existing JS driver field names.
• Result from multi-statement text queries such as SELECT 1; SELECT 2; are now returned as an array of results instead of a single result with 1 array containing rows from both queries.

Please see here for a migration guide

Enhancements

• Overhauled documentation: https://node-postgres.com.
• Add Client#connect() => Promise<void> and Client#end() => Promise<void> calls. Promises are now returned from all async methods on clients if and only if no callback was supplied to the method.
• Add connectionTimeoutMillis to pg-pool.

v6.2.0

• Add support for parsing replicationStart messages.

v6.1.0

• Add optional callback parameter to the pure JavaScript client.end method. The native client already supported this.

v6.0.0

Breaking Changes

• Remove pg.pools. There is still a reference kept to the pools created & tracked by pg.connect but it has been renamed, is considered private, and should not be used. Accessing this API directly was uncommon and was supposed to be private but was incorrectly documented on the wiki. Therefore, it is a breaking change of an (unintentionally) public interface to remove it by renaming it & making it private. Eventually pg.connect itself will be deprecated in favor of instantiating pools directly via new pg.Pool() so this property should become completely moot at some point. In the mean time...check out the new features...

New features

• Replace internal pooling code with pg-pool. This is the first step in eventually deprecating and removing the singleton pg.connect. The pg-pool constructor is exported from node-postgres at require('pg').Pool. It provides a backwards compatible interface with pg.connect as well as a promise based interface & additional niceties.

You can now create an instance of a pool and don't have to rely on the pg singleton for anything:

var pg = require('pg')

var pool = new pg.Pool()

// your friendly neighborhood pool interface, without the singleton
pool.connect(function(err, client, done) {
  // ...
})

Promise support & other goodness lives now in pg-pool.

Please read the readme at pg-pool for the full api.

• Included support for tcp keep alive. Enable it as follows:

var client = new Client({ keepAlive: true })

This should help with backends incorrectly considering idle clients to be dead and prematurely disconnecting them.

v5.1.0

• Make the query object returned from client.query implement the promise interface. This is the first step towards promisifying more of the node-postgres api.

Example:

var client = new Client()
client.connect()
client.query('SELECT $1::text as name', ['brianc']).then(function (res) {
  console.log('hello from', res.rows[0])
  client.end()
})

v5.0.0

Breaking Changes

• require('pg').native now returns null if the native bindings cannot be found; previously, this threw an exception.

New Features

• better error message when passing undefined as a query parameter
• support for defaults.connectionString
• support for returnToHead being passed to generic pool

v4.5.0

• Add option to parse JS date objects in query parameters as UTC

v4.4.0

• Warn to stderr if a named query exceeds 63 characters which is the max length supported by postgres.

v4.3.0

• Unpin pg-types semver. Allow it to float against pg-types@1.x.

v4.2.0

• Support for additional error fields in postgres >= 9.3 if available.

v4.1.0

• Allow type parser overrides on a per-client basis

v4.0.0

• Make native bindings an optional install with npm install pg-native
• No longer surround query result callback with try/catch block.
• Remove built in COPY IN / COPY OUT support - better implementations provided by pg-copy-streams and pg-native

v3.6.0

• Include support for (parsing JSONB)[https://github.com/brianc/node-pg-types/pull/13](https://redirect.github.com/brianc/node-pg-types/pull/13)3] (supported in postgres 9.4)

v3.5.0

• Include support for parsing boolean arrays

v3.4.0

• Include port as connection parameter to unix sockets
• Better support for odd date parsing

v3.2.0

• Add support for parsing date arrays
• Expose array parsers on pg.types
• Allow pool to be configured

v3.1.0

• Add count of the number of times a client has been checked out from the pool
• Emit end from pg object when a pool is drained

v3.0.0

Breaking changes

• Parse the DATE PostgreSQL type as local time

After some discussion it was decided node-postgres was non-compliant in how it was handling DATE results. They were being converted to UTC, but the PostgreSQL documentation specifies they should be returned in the client timezone. This is a breaking change, and if you use the date type you might want to examine your code and make sure nothing is impacted.

• Fix possible numeric precision loss on numeric & int8 arrays

pg@v2.0 included changes to not convert large integers into their JavaScript number representation because of possibility for numeric precision loss. The same types in arrays were not taken into account. This fix applies the same type of type-coercion rules to arrays of those types, so there will be no more possible numeric loss on an array of very large int8s for example. This is a breaking change because now a return type from a query of int8[] will contain string representations
of the integers. Use your favorite JavaScript bignum module to represent them without precision loss, or punch over the type converter to return the old style arrays again.

• Fix to input array of dates being improperly converted to utc

Single date parameters were properly sent to the PostgreSQL server properly in local time, but an input array of dates was being changed into utc dates. This is a violation of what PostgreSQL expects. Small breaking change, but none-the-less something you should check out if you are inserting an array of dates.

• Query no longer emits end event if it ends due to an error

This is a small change to bring the semantics of query more in line with other EventEmitters. The tests all passed after this change, but I suppose it could still be a breaking change in certain use cases. If you are doing clever things with the end and error events of a query object you might want to check to make sure its still behaving normally, though it is most likely not an issue.

New features

• Supercharge prepareValue

The long & short of it is now any object you supply in the list of query values will be inspected for a .toPostgres method. If the method is present it will be called and its result used as the raw text value sent to PostgreSQL for that value. This allows the same type of custom type coercion on query parameters as was previously afforded to query result values.

• Domain aware connection pool

If domains are active node-postgres will honor them and do everything it can to ensure all callbacks are properly fired in the active domain. If you have tried to use domains with node-postgres (or many other modules which pool long lived event emitters) you may have run into an issue where the active domain changes before and after a callback. This has been a longstanding footgun within node-postgres and I am happy to get it fixed.

• Disconnected clients now removed from pool

Avoids a scenario where your pool could fill up with disconnected & unusable clients.

• Break type parsing code into separate module

To provide better documentation and a clearer explanation of how to override the query result parsing system we broke the type converters into their own module. There is still work around removing the 'global-ness' of the type converters so each query or connection can return types differently, but this is a good first step and allow a lot more obvious way to return int8 results as JavaScript numbers, for example

v2.11.0

• Add support for application_name

v2.10.0

• Add support for the password file

v2.9.0

• Add better support for unix domain socket connections

v2.8.0

• Add support for parsing JSON[] and UUID[] result types

v2.7.0

• Use single row mode in native bindings when available [@​rpedela]
  • reduces memory consumption when handling row values in 'row' event
• Automatically bind buffer type parameters as binary [@​eugeneware]

v2.6.0

• Respect PGSSLMODE environment variable

v2.5.0

• Ability to opt-in to int8 parsing via pg.defaults.parseInt8 = true

v2.4.0

• Use eval in the result set parser to increase performance

v2.3.0

• Remove built-in support for binary Int64 parsing.
  Due to the low usage & required compiled dependency this will be pushed into a 3rd party add-on

v2.2.0

• Add support for excapeLiteral and escapeIdentifier in both JavaScript and the native bindings

v2.1.0

• Add support for SSL connections in JavaScript driver
• this means you can connect to heroku postgres from your local machine without the native bindings!
• Add field metadata to result object
• Add ability for rows to be returned as arrays instead of objects

v2.0.0

• Properly handle various PostgreSQL to JavaScript type conversions to avoid data loss:

PostgreSQL | pg@v2.0 JavaScript | pg@v1.0 JavaScript
--------------------------------|----------------
float4     | number (float)     | string
float8     | number (float)     | string
int8       | string             | number (int)
numeric    | string             | number (float)
decimal    | string             | number (float)

For more information see https://github.com/brianc/node-postgres/pull/353
If you are unhappy with these changes you can always override the built in type parsing fairly easily.

v1.3.0

• Make client_encoding configurable and optional

v1.2.0

• return field metadata on result object: access via result.fields[i].name/dataTypeID

v1.1.0

• built in support for JSON data type for PostgreSQL Server @​ v9.2.0 or greater

v1.0.0

• remove deprecated functionality
  • Callback function passed to pg.connect now requires 3 arguments
  • Client#pauseDrain() / Client#resumeDrain removed
  • numeric, decimal, and float data types no longer parsed into float before being returned. Will be returned from query results as String

v0.15.0

• client now emits end when disconnected from back-end server
• if client is disconnected in the middle of a query, query receives an error

v0.14.0

• add deprecation warnings in prep for v1.0
• fix read/write failures in native module under node v0.9.x

v8.7.3

Compare Source

v8.7.1

Compare Source

v8.7.0

Compare Source

• Add optional config to pool to allow process to exit if pool is idle.

frontend-collective/react-sortable-tree (react-sortable-tree)

v2.8.0

Compare Source

Features

• adding FUNDING.yml (8e87804)
• remove current codesandbox website (30749c7)

Bug Fixes

• accidentally deleted own styling (c664ade)
• don't prettify changelog (8615412)
• open collective link (d55561e)
• remove outdated links from readme (7a07263)
• scroll to search focused tree item (#​756) (e528a4c)
• set themes using new api (c2c1075)
• site (95cb249)
• website imports (8e7f83d)
• website pt 2 (6914959)

TryGhost/node-sqlite3 (sqlite3)

v5.1.7

Compare Source

What's Changed

• Updated bundled SQLite to v3.44.2 by @​daniellockyer
• Replaced @mapbox/node-pre-gyp with prebuild + prebuild-install (TryGhost/node-sqlite3@605c7f9) by @​daniellockyer
  • this should fix a lot of bundling issues reported by the community
• Improved RowToJS performance by removing Napi::String::New instantiation by @​daniellockyer
• Various minor code refactors and improvements (thanks @​zenon8adams!)

New Contributors

• @​zenon8adams made their first contribution in https://github.com/TryGhost/node-sqlite3/pull/1701

Full Changelog: TryGhost/node-sqlite3@v5.1.6...v5.1.7

v5.1.6

Compare Source

What's Changed

• Fixed glibc compatibility by hardcoding lower version for log2 by @​daniellockyer
• Add generic type annotations for Statement and Database get/all/each methods callback rows by @​stevescruz in https://github.com/TryGhost/node-sqlite3/pull/1686

New Contributors

• @​stevescruz made their first contribution in https://github.com/TryGhost/node-sqlite3/pull/1686

Full Changelog: TryGhost/node-sqlite3@v5.1.5...v5.1.6

v5.1.5

Compare Source

What's Changed

• 🔒 Fixed code execution vulnerability due to Object coercion by [@​daniello

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.