knex - npm Package Compare versions

Comparing version 0.21.7 to 0.21.8

CHANGELOG.md

 # Master (Unreleased)
 
+# 0.21.8 - 27 October, 2020
+
+### Bug fixes:
+
+- MSSQL: Escape properly if literal '?' is needed #4053
+- Make toQuery behavior consistent with pre-0.21.7 (do not break on empty builder) #4083
+- Fix comment escaping for MySQL and PostgreSQL #4084
+
 # 0.21.7 - 25 October, 2020
@@ -4,0 +12,0 @@

lib/dialects/mssql/index.js

@@ -258,3 +258,7 @@ // MSSQL Client
     let questionCount = -1;
-    return sql.replace(/\?/g, function () {
+    return sql.replace(/\\?\?/g, (match) => {
+      if (match === '\\?') {
+        return '?';
+      }
+
       questionCount += 1;
@@ -261,0 +265,0 @@ return `@p${questionCount}`;

lib/dialects/mysql/schema/columncompiler.js

@@ -7,2 +7,4 @@ // MySQL Column Compiler
 
+const commentEscapeRegex = /(?<!\\)'/g;
+
 function ColumnCompiler_MySQL() {
@@ -154,3 +156,3 @@ ColumnCompiler.apply(this, arguments);
     }
-    return comment && `comment '${comment}'`;
+    return comment && `comment '${comment.replace(commentEscapeRegex, "\\'")}'`;
   },
@@ -157,0 +159,0 @@

lib/dialects/postgres/schema/columncompiler.js

@@ -7,2 +7,3 @@ // PostgreSQL Column Compiler
 const { isObject } = require('../../../util/is');
+const commentEscapeRegex = /(?<!')'(?!')/g;
 
@@ -105,2 +106,5 @@ function ColumnCompiler_PG() {
     const columnName = this.args[0] || this.defaults('columnName');
+    const escapedComment = comment
+      ? `'${comment.replace(commentEscapeRegex, "''")}'`
+      : 'NULL';
 
@@ -111,4 +115,3 @@ this.pushAdditional(function () {
           this.formatter.wrap(columnName) +
-          ' is ' +
-          (comment ? `'${comment}'` : 'NULL')
+          ` is ${escapedComment}`
       );
@@ -115,0 +118,0 @@ }, comment);

lib/interface.js

@@ -10,2 +10,5 @@ const clone = require('lodash/clone');
     if (!Array.isArray(data)) data = [data];
+    if (!data.length) {
+      return '';
+    }
     return data
@@ -12,0 +15,0 @@ .map((statement) => {

package.json

 {
   "name": "knex",
-  "version": "0.21.7",
+  "version": "0.21.8",
   "description": "A batteries-included SQL query & schema builder for Postgres, MySQL and SQLite3 and the Browser",
@@ -5,0 +5,0 @@ "main": "knex.js",

No alert changes

Improved metrics

Total package byte prevSize

591302

increased by0.09%

Lines of code

15423

increased by0.06%

No dependency changes