[Security] Bump sqlite3 from 5.0.0 to 5.0.3

Bumps sqlite3 from 5.0.0 to 5.0.3. This update includes a security fix.

Vulnerabilities fixed

Denial-of-Service when binding invalid parameters in sqlite3 Affected versions of sqlite3 will experience a fatal error when supplying a specific object in the parameter array. This error causes the application to crash and could not be caught. Users of sqlite3 v5.0.0, v5.0.1 and v5.0.2 are affected by this. This issue is fixed in v5.0.3. All users are recommended to upgrade to v5.0.3 or later. Ensure there is sufficient sanitization in the parent application to protect against invalid values being supplied to binding parameters as a workaround.

Patched versions: 5.0.3 Affected versions: >= 5.0.0, < 5.0.3

Release notes

Sourced from sqlite3's releases.

v5.0.3

What's Changed

• Updated bundled SQLite to v3.38.2 - @​daniellockyer
• Enabled math functions in compiler options - @​kewde
• Updated node-gyp to v8.x - @​daniellockyer
• Re-enabled Node-API v6 builds - @​daniellockyer
• Fixed segfault of invalid toString() object by @​kewde in TryGhost/node-sqlite3#1450
• Fixed building on MacOS Monterey 12.3 - @​daniellockyer
• Replaced Python extraction script with JS by @​xPaw in TryGhost/node-sqlite3#1570
• Switched prebuilt binary hosting to GitHub Releases - @​daniellockyer

Known Problems

• TryGhost/node-sqlite3#1578 - the minimum glibc version for prebuilt binaries was bumped to 2.29. We hope to bring this back down within the next few releases but you will need to compile from source if your system ships with a lower version.
• Prebuilt binaries for Linux do not work on musl systems. This should be fixed with https://github.com/TryGhost/node-sqlite3/commit/8b2cdd948a382b58162cb491f745ba9167dc7b0f but you will need to compile from source to use v5.0.3.

Full Changelog: https://github.com/TryGhost/node-sqlite3/compare/v5.0.2...v5.0.3

v5.0.2

• disable N-API v6

v5.0.1

• dep: node-addon-api to ^3.0.0 #1367
• bug: bad comparison of c string #1347
• build: Install files to be deployed #1352
• sqlite3: upgrade to 3.32.3 #1351
• bug: worker threads crash #1367
• bug: segfaults #1368
• typo: broken link to MapBox site #1369

Changelog

Sourced from sqlite3's changelog.

Changelog

Please check GitHub Releases for notes on more recent releases.

5.0.2

• build: rebuild binaries before publishing #1426

5.0.1

• dep: node-addon-api to ^3.0.0 #1367
• bug: bad comparison of c string #1347
• build: Install files to be deployed #1352
• sqlite3: upgrade to 3.32.3 #1351
• bug: worker threads crash #1367
• bug: segfaults #1368
• typo: broken link to MapBox site #1369

Commits

• 573784b v5.0.3
• e5a24fd Deleted examples/ folder
• b05f459 Added note about GitHub Releases to CHANGELOG.md
• 33d0656 Modernised Usage example in README
• 9d05c55 Fixed up more README nits
• 08d6319 Fixed link to API docs
• 0e2235a Altered wording in README
• 76b6c56 Altered README header
• e3df365 Updated README
• 426930f Enabled CI to run when pushing tags
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by daniellockyer, a new releaser for sqlite3 since your current version.

---

Dependabot commands

You can trigger Dependabot actions by commenting on this MR

• $dependabot rebase will rebase this MR
• $dependabot recreate will recreate this MR rewriting all the manual changes and resolving conflicts