Update dependency sqlite3 to v5.0.3 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
sqlite3	5.0.2 -> 5.0.3

GitHub Vulnerability Alerts

CVE-2022-21227

Impact

Affected versions will experience a fatal error when supplying a specific object in the parameter array. This error causes the application to crash and could not be caught.

Users of sqlite3 v5.0.0, v5.0.1 and v5.0.2 are affected by this.

Patches

Fixed in v5.0.3. All users are recommended to upgrade to v5.0.3 or later.

Workarounds

• Ensure there is sufficient sanitization in the parent application to protect against invalid values being supplied to binding parameters.

References

• GitHub commit: TryGhost/node-sqlite3@593c9d4
• Reported via issues: Security Issue: Request for contact TryGhost/node-sqlite3#1440 and bug: segfault due to Bind() failure TryGhost/node-sqlite3#1449
• Snyk: https://security.snyk.io/vuln/SNYK-JS-SQLITE3-2388645

For more information

If you have any questions or comments about this advisory:

• Email us at security@ghost.org

---

Release Notes

TryGhost/node-sqlite3

v5.0.3

Compare Source

What's Changed

• Updated bundled SQLite to v3.38.2 - @​daniellockyer
• Enabled math functions in compiler options - @​kewde
• Updated node-gyp to v8.x - @​daniellockyer
• Re-enabled Node-API v6 builds - @​daniellockyer
• Fixed segfault of invalid toString() object by @​kewde in bug: fix segfault of invalid toString() object TryGhost/node-sqlite3#1450
• Fixed building on MacOS Monterey 12.3 - @​daniellockyer
• Replaced Python extraction script with JS by @​xPaw in Replaced Python extraction script with JS TryGhost/node-sqlite3#1570
• Switched prebuilt binary hosting to GitHub Releases - @​daniellockyer

Known Problems

• Prebuilt binaries from version 5.0.3 do not work on the Node v12 docker image TryGhost/node-sqlite3#1578 - the minimum glibc version for prebuilt binaries was bumped to 2.29. We hope to bring this back down within the next few releases but you will need to compile from source if your system ships with a lower version.
• Prebuilt binaries for Linux do not work on musl systems. This should be fixed with TryGhost/node-sqlite3@8b2cdd9 but you will need to compile from source to use v5.0.3.

Full Changelog: TryGhost/node-sqlite3@v5.0.2...v5.0.3

---

Configuration

📅 Schedule: "" in timezone America/Sao_Paulo.

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, click this checkbox.

---

This PR has been generated by WhiteSource Renovate. View repository job log here.