[Security] Bump knex from 0.12.9 to 0.95.8

[dependabot-preview]

Bumps knex from 0.12.9 to 0.95.8. This update includes a security fix.

Vulnerabilities fixed

Sourced from The GitHub Security Advisory Database.

High severity vulnerability that affects knex knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. Identifiers are escaped incorrectly as part of the MSSQL dialect, allowing attackers to craft a malicious query to the host DB.

Affected versions: < 0.19.5

Release notes

Sourced from knex's releases.

0.95.8

New features:

• Add deferrable support for constraint #4584
• Implement delete with join #4568
• Add DPI error codes for Oracle #4536

Bug fixes:

• Fixing PostgreSQL datetime and timestamp column created with wrong format #4578

Typings:

• Improve analytic types #4576
• MSSQL: Add trustServerCertificate option #4500

0.95.5

New features:

• SQLite: Add support for file open flags #4446
• Add .cjs extension to Seeder.js to support Node ESM #4381 #4382

Bug fixes:

• Remove peerDependencies to avoid auto-install on npm 7 #4480

Typings:

• Fix typing for increments and bigIncrements #4406
• Add typings for on JoinClause for onVal #4436
• Adding Type Definition for isTransaction #4418
• Export client class from knex namespace #4479

0.95.3

New features:

• PostgreSQL: Add "same" as operator #4372
• MSSQL: Improve an estimate of the max comment length #4362
• Throw an error if negative offset is provided #4361

Bug fixes:

• Fix timeout method #4324
• SQLite: prevent dropForeign from being silently ignored #4376

Typings:

• Allow config.client to be non-client instance #4367
• Add dropForeign arg type for single column #4363
• Update typings for TypePreservingAggregation and stream #4377

... (truncated)

Changelog

Sourced from knex's changelog.

0.95.8 - 25 July, 2021

New features:

• Add deferrable support for constraint #4584
• Implement delete with join #4568
• Add DPI error codes for Oracle #4536

Bug fixes:

• Fixing PostgreSQL datetime and timestamp column created with wrong format #4578

Typings:

• Improve analytic types #4576
• MSSQL: Add trustServerCertificate option #4500

0.95.7 - 10 July, 2021

New features:

• Add ability to omit columns on an onConflict().ignore() #4557
• CLI: Log error message #4534

Typings:

• Export Knex.TransactionConfig #4498
• Include options object in count(Distinct) typings #4491
• Add types for analytic functions #4544

0.95.6 - 17 May, 2021

Typings:

• Export TransactionProvider type #4489

0.95.5 - 11 May, 2021

New features:

• SQLite: Add support for file open flags #4446
• Add .cjs extension to Seeder.js to support Node ESM #4381 #4382

Bug fixes:

• Remove peerDependencies to avoid auto-install on npm 7 #4480

Typings:

• Fix typing for increments and bigIncrements #4406

... (truncated)

Commits

• bcaf77f Prepare to release 0.95.8
• 59459db Update dependencies (#4585)
• 45916f9 Add deferrable support for constraint (#4584)
• 955c30d Bump actions/setup-node from 2.2.0 to 2.3.0 (#4580)
• 8619d80 Add mssql trustServerCertificate option. (#4500)
• c9a5548 Improve analytic types (#4576)
• 55eadcf Fixing posgres datetime and timestamp column created with wrong format (#4578)
• c335fda #873 | implement delete with join (#4568)
• df51fd2 Update ECOSYSTEM.md - knemm (#4520)
• f447b3b Add DPI error codes for Oracle (#4536)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by kibertoad, a new releaser for knex since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Note: This repo was added to Dependabot recently, so you'll receive a maximum of 5 PRs for your first few update runs. Once an update run creates fewer than 5 PRs we'll remove that limit.

You can always request more updates by clicking Bump now in your Dependabot dashboard.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[dependabot-preview]

Superseded by #125.