sqlite@4.2.0 security vulnerabilities

[sovithkothari7]

Hi,

I have some security vulnerability issues in whitesource with the sqlite3@5.0.2 version and the npm audit recommended to downgrade the sqlite3 to 4.2.0 to resolve the vulnerabilities. Most of them got resolved but now with this version too, the security vulnerability is still not resolved.

-- sqlite3@4.2.0
-- node-pre-gyp@0.11.0
-- tar@4.4.19

-- sqlite3@4.2.0
-- node-pre-gyp@0.11.0
-- npmlog@4.1.2
-- gauge@2.7.4
-- strip-ansi@3.0.1
-- ansi-regex@2.1.1

Please help me resolve these whitesource security vulnerabilities

[blubskye]

See #1503 for a fix

[samuelms1]

The tar dependency issue (CVE-2021-37713) is fixed in #1441, but the update was never published to npm :( I suspect the other issues were addressed by updating node-gyp as well.

[soryy708]

Is this a duplicate of #1493 ?

[soryy708]

Looks like a duplicate of #1483

[daniellockyer]

These should be resolved in v5.0.3 so please update 🙂