[Security] Bump sqlite3 from 5.1.4 to 5.1.5

Bumps sqlite3 from 5.1.4 to 5.1.5. This update includes a security fix.

Vulnerabilities fixed

sqlite vulnerable to code execution due to Object coercion

Impact

Due to the underlying implementation of .ToString(), it's possible to execute arbitrary JavaScript, or to achieve a denial-of-service, if a binding parameter is a crafted Object.

Users of sqlite3 v5.0.0 - v5.1.4 are affected by this.

Patches

Fixed in v5.1.5. All users are recommended to upgrade to v5.1.5 or later.

Workarounds

• Ensure there is sufficient sanitization in the parent application to protect against invalid values being supplied to binding parameters.

References

• Commit: https://github.com/TryGhost/node-sqlite3/commit/edb1934dd222ae55632e120d8f64552d5191c781

For more information

... (truncated)

Patched versions: 5.1.5 Affected versions: >= 5.0.0, < 5.1.5

Release notes

Sourced from sqlite3's releases.

v5.1.5

What's Changed

• 🔒 Fixed code execution vulnerability due to Object coercion by @​daniellockyer
• Updated bundled SQLite to v3.41.1 by @​daniellockyer
• Fixed rpath linker option when using a custom sqlite by @​jeromew in TryGhost/node-sqlite3#1654

Full Changelog: https://github.com/TryGhost/node-sqlite3/compare/v5.1.4...v5.1.5

Commits

• 6a806f8 v5.1.5
• edb1934 Fixed code execution vulnerability due to Object coercion
• 3a48888 Updated bundled SQLite to v3.41.1
• c1440bd Fixed rpath linker option when using a custom sqlite (#1654)
• 93affa4 Update microsoft/setup-msbuild action to v1.3
• See full diff in compare view

---

Dependabot commands

You can trigger Dependabot actions by commenting on this MR

• $dependabot rebase will rebase this MR
• $dependabot recreate will recreate this MR rewriting all the manual changes and resolving conflicts