[Snyk] Upgrade knex from 3.1.0 to 3.2.10

[qbey]

Snyk has created this PR to upgrade knex from 3.1.0 to 3.2.10.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 11 versions ahead of your current version.

• The recommended version was released a month ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Arbitrary Code Injection SNYK-JS-LODASH-15869625	300	No Known Exploit
	Prototype Pollution SNYK-JS-LODASH-15053838	300	No Known Exploit
	Prototype Pollution SNYK-JS-LODASH-15869619	300	No Known Exploit

Release notes

Package name: knex

• 3.2.10 - 2026-05-02
  

  Bug fixes

  • fix: bump lodash to ^4.18.1, close #6433 by @ tgriesser in #6446
  • Fix: Properly Escape Aliases in Analytic Functions by @ dertieran in #6392

  Misc

  • chore: auto-update the docs' knex version on publish by @ tgriesser in #6447
  • chore: skip re-running tests on automated release commit by @ tgriesser in #6443
  • chore: sync docker images we use to ghcr by @ tgriesser in #6445
  • chore: fixes for release-drafter workflow by @ tgriesser in #6442
  • chore: new publish/release workflow by @ tgriesser in #6441
  • docs: Update changelog for version 3.2.9 by @ tgriesser in #6440
  • docs: sync website changelog from 3.0.0 to 3.2.8 by @ OlivierCavadenti in #6426

  Full Changelog: 3.2.9...3.2.10

• 3.2.9 - 2026-04-03
  

  What's Changed

  • fix(sqlite): append RETURNING statement when insert empty row by @ ylc395 in #5471
  • fix(postgres): escape double quotes in searchPath to prevent SQL injection by @ OlivierCavadenti in #6411
  • fix: support DELETE... LIMIT in dialects that support it (mysql), but continue to disallow ones that don't by @ erulabs in #6429
  • fix: add type support for Array which is supported in code but not in types. Add test to cover as well by @ erulabs in #6428

  New Contributors

  • @ ylc395 made their first contribution in #5471
  • @ erulabs made their first contribution in #6429

  Full Changelog: 3.2.8...3.2.9

• 3.2.8 - 2026-03-30
  

  What's Changed

  • fix: TS types for update with subquery by @ tgriesser in #6419
  • fix: revert exports map added in #6227 by @ tgriesser in #6422

  Full Changelog: 3.2.7...3.2.8

• 3.2.7 - 2026-03-27
  

  What's Changed

  • chore: omit ./scripts from published package by @ myndzi in #6356
  • fix: handle lowercase INFORMATION_SCHEMA keys in MySQL renameColumn by @ OlivierCavadenti in #6407
  • fix: sqlite DDL operations failing inside transactions #6402 by @ tgriesser in #6408
  • fix: correct binding order in delete with subquery join by @ OlivierCavadenti in #6412
  • docs: add link for the knex-ibmi dialect by @ bskimball in #6359
  • chore: add codecov by @ tgriesser in #6416
  • chore: add dockerhub credentials to prevent CI rate limiting by @ tgriesser in #6418
  • fix: remove __knexTxId from connection on release by @ joshAg in #5288
  • fix: clone config in client constructor by @ castarco in #5633

  New Contributors

  • @ bskimball made their first contribution in #6359
  • @ joshAg made their first contribution in #5288

  Full Changelog: 3.2.6...3.2.7

• 3.2.6 - 2026-03-25
  

  What's Changed

  • Fix ESM types by @ kibertoad in #6404
  • fix ESM exports by @ kibertoad in #6405
  • fix: add type exports by @ tgriesser in #6406

  Full Changelog: 3.2.3...3.2.6

• 3.2.5 - 2026-03-23
• 3.2.4 - 2026-03-23
• 3.2.3 - 2026-03-22
  

  What's Changed

  • Prepare to release 3.2.3 hotfix by @ kibertoad in #6401

  Full Changelog: 3.2.1...3.2.3

• 3.2.2 - 2026-03-22
• 3.2.1 - 2026-03-22
  

  What's Changed

  • docs: add VitePress blog with archive and UTC post dates by @ mercmobily in #6397
  • Fix docs build: add missing docs tsconfig and schema snippets by @ mercmobily in #6398
  • Add missing semver package by @ joshkel in #6387
  • Expore relevant submodules by @ kibertoad in #6400

  New Contributors

  • @ joshkel made their first contribution in #6387

  Full Changelog: 3.2.0...3.2.1

• 3.2.0 - 2026-03-22
  

  What's Changed

  • Add migration lifecycle hooks by @ timorthi in #5541
  • Move website by @ rluvaton in #5792
  • fix docs deployment by @ rluvaton in #5870
  • trigger change in docs folder for website deployment by @ rluvaton in #6029
  • fix docs edit branch link and trigger website deployment on workflow changes as well by @ rluvaton in #6030
  • update publish directory by @ rluvaton in #6031
  • Fix whereILike issue with sqlite (#5604) by @ mohammedbalila in #5687
  • fix: recover from broken connection by @ beltschatsar in #5774
  • Run CI on Node 22 and remove dtslint by @ kibertoad in #6165
  • Specify behavior of first on 0 matches by @ WebFreak001 in #6164
  • fix: Fix The operator "<=>" is not permitted in MySQL by @ AdrienPoupa in #6158
  • update upsert documentation with support in MySQL by @ voda in #6150
  • Import knex as type in TS seed template by @ OliverWales in #6094
  • Pin MySQL version in Docker by @ kibertoad in #6166
  • query-builder.md fix section title by @ luckv in #6180
  • fix: add @ types/minimatch to fix TypeScript build by @ mercmobily in #6240
  • Update ESLint rules to allow modern syntax supported by knex's minimum node version by @ myndzi in #6318
  • Fix test:cli tests by @ myndzi in #6310
  • Fix various failing tests by @ myndzi in #6313
  • Ensure CRDB has the expected database before running integration tests by @ myndzi in #6311
  • Fix migration CLI and cli tests by @ myndzi in #6264
  • Fix where in query with raw column by @ myndzi in #6323
  • Update to non-screamy versions of dependencies that have npm audit failures by @ myndzi in #6324
  • fix(docs): mark function as code by @ janpio in #6019
  • add MariaDB to README by @ robertsilen in #6120
  • Fix links to documentation in README.md by @ DavidBruant in #6055
  • fix link to pg-query-stream by @ VincentHardouin in #6121
  • New, vastly improved web site by @ mercmobily in #6332
  • Fix VitePress build in CI (WebCrypto) by @ mercmobily in #6339
  • Fix the TypeScript example code. by @ n0x001 in #6191
  • docs: formulated behavior of knex.transaction more explicitly by @ 0x0dd4b2 in #6244
  • Types no longer allow knex to be called without tablename by @ jpike88 in #6188
  • added missing methods to schema-builder.md by @ miguelfriasd in #6177
  • fix: Update documentation for conflict to include table alias by @ jsk95 in #6020
  • fix pluck typing issue when CompositeTableType is used by @ aq1018 in #4609
  • add additional typing for column.index by @ 1mike12 in #5371
  • Add Type Definition for orderBy with Raw Expression Issue 5711 by @ redaxle in #5803
  • Update typings for increment/decrement by @ SDemonUA in #5674
  • Prevent unexpected combinations of statements and clauses groups from executing by @ myndzi in #6314
  • Refactor SQLite transactions to allow setting the foreign_keys pragma for a transaction by @ myndzi in #6315
  • Improve CLI error reporting in some edge cases by @ myndzi in #6265
  • Fix ESM export and typings by @ patrickshipe in #6227
  • Feat: Support defaultSafeIntegers option in better-sqlite3 dialect by @ dong-jun-shin in #6320
  • Fixes light mode. Fixes #6341 by @ mercmobily in #6345
  • Update index.d.ts by @ hzgotb in #5767
  • Website: real snippets for schema building too (!) by @ mercmobily in #6343
  • Added sqlite to allow site generation for DDL by @ mercmobily in #6349
  • Remove update_gitignore_for_tsc_output script by @ myndzi in #6355
  • feat(postgres): default datetime/timestamp precision setting added by @ fabis94 in #5311
  • fix: migrate up with completed migration by @ hailerity in #6342
  • Feat: improve safeIntegers support for better-sqlite3 by @ dong-jun-shin in #6352
  • chore(types): use syntax import from instead of import = require() by @ waitingsong in #5258
  • [TypeScript] Fix usage of object type that is too broad. by @ VanTanev in #5373
  • Optimize stream.write in mssql by @ Connormiha in #5693
  • Apply formatting - fix lint error from a stray file in master by @ myndzi in

[coderabbitai]

Important

Review skipped

Ignore keyword(s) in the title.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 32f922bb-2ccf-478d-9ad6-31b7fbf0d0b1

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}