Merge pull request dresende#830 from dresende/update_dependencies_sec…

…urity Update dependencies to improve security
KarimMohamed20 · Jun 13, 2018 · 65545a7 · 65545a7
2 parents d8cc18d + 63be0a6
commit 65545a7
Show file tree

Hide file tree

Showing 8 changed files with 717 additions and 1,487 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -4,6 +4,7 @@ node_js:
   - '4'
   - '6'
   - '8'
+  - '10'
 before_script:
   - mysql -e 'create database orm_test;'
   - psql -c 'create database orm_test;' -U postgres

diff --git a/Changelog.md b/Changelog.md
@@ -1,3 +1,8 @@
+### v5.0.0
+- Upgrade to latest `sqlite` & `mysql` package versions
+- Upgrade to `pg` 7.x. ORM will not work with `pg` < 7
+- Drop support for nodejs < 4 (required due to `pg` upgrade)
+
 ### v4.0.2
 - Fix timezone bug in sqlite ([822](../../pull/822)]
 

diff --git a/Readme.md b/Readme.md
@@ -21,7 +21,7 @@ npm install orm
 
 ## Node.js Version Support
 
-Supported: 0.12 - 6.0 +
+Supported: 4.0 +
 
 Tests are run on [Travis CI](https://travis-ci.org/)
 If you want you can run tests locally:
@@ -142,11 +142,11 @@ var opts = {
     port:     '3306',
     query:    {pool: true}
   };
-  
+
 orm.connectAsync(opts)
-  .then(function(db) { 
+  .then(function(db) {
     // connected
-    // ...  
+    // ...
   })
   .catch(function() {
     console.error('Connection error: ' + err);
@@ -325,10 +325,10 @@ Person.createAsync(newRecord)
     Person.findAsync({ surname: "Doe" })
       .then(function (people) {
         // SQL: "SELECT * FROM person WHERE surname = 'Doe'"
-        
+
         console.log("People found: %d", people.length);
         console.log("First person: %s, age %d", people[0].fullName(), people[0].age);
-        
+
         people[0].age = 16;
         return people[0].saveAsync();
     })
@@ -345,7 +345,7 @@ illustrate:
 Person.aggregate({ surname: "Doe" }).min("age").max("age").getAsync()
   .then(function(result) {
    var [min, max] = result; // you should use destructuring here
-   
+
    console.log(min, max);
   });
 ```

diff --git a/lib/Drivers/DML/postgres.js b/lib/Drivers/DML/postgres.js
@@ -9,7 +9,7 @@ exports.Driver = Driver;
 var switchableFunctions = {
   pool: {
     connect: function (cb) {
-      this.db.connect(this.config, function (err, client, done) {
+      this.db.connect(function (err, client, done) {
         if (!err) {
           done();
         }
@@ -20,7 +20,7 @@ var switchableFunctions = {
       if (this.opts.debug) {
         require("../../Debug").sql('postgres', query);
       }
-      this.db.connect(this.config, function (err, client, done) {
+      this.db.connect(function (err, client, done) {
         if (err) {
           return cb(err);
         }
@@ -36,11 +36,6 @@ var switchableFunctions = {
         });
       });
       return this;
-    },
-    on: function(ev, cb) {
-      // Because `pg` is the same for all instances of this driver
-      // we can't keep adding listeners since they are never removed.
-      return this;
     }
   },
   client: {
@@ -59,12 +54,6 @@ var switchableFunctions = {
         }
       });
       return this;
-    },
-    on: function(ev, cb) {
-      if (ev == "error") {
-        this.db.on("error", cb);
-      }
-      return this;
     }
   }
 };
@@ -98,7 +87,7 @@ function Driver(config, connection, opts) {
 
     if (opts.pool) {
       functions = switchableFunctions.pool;
-      this.db = pg;
+      this.db = new pg.Pool(this.config);
     } else {
       this.db = new pg.Client(this.config);
     }
@@ -119,6 +108,13 @@ function Driver(config, connection, opts) {
 
 _.extend(Driver.prototype, shared, DDL);
 
+Driver.prototype.on = function(ev, cb) {
+  if (ev == "error") {
+    this.db.on("error", cb);
+  }
+  return this;
+};
+
 Driver.prototype.ping = function (cb) {
   this.execSimpleQuery("SELECT * FROM pg_stat_activity LIMIT 1", function () {
     return cb();

diff --git a/lib/ORM.js b/lib/ORM.js
@@ -52,7 +52,7 @@ var fileLoader = function (filePaths, cb) {
   async.eachSeries(filePaths, iterator, cb);
 };
 
-var connect = function (opts, cb) {
+exports.connect = function (opts, cb) {
   if (arguments.length === 0 || !opts || !optsChecker(opts)) {
     cb = typeof(cb) !== 'function' ? opts : cb;
     return ORM_Error(new ORMError("CONNECTION_URL_EMPTY", 'PARAM_MISMATCH'), cb);
@@ -136,6 +136,8 @@ var connect = function (opts, cb) {
   return db;
 };
 
+exports.connectAsync = Promise.promisify(exports.connect, { context: exports });
+
 var use = function (connection, proto, opts, cb) {
   if (DriverAliases[proto]) {
     proto = DriverAliases[proto];
@@ -171,12 +173,6 @@ exports.express = function () {
 exports.use = use;
 exports.useAsync = Promise.promisify(use);
 
-/**
- *
- * @param opts
- */
-exports.connectAsync = Promise.promisify(connect);
-
 exports.addAdapter = adapters.add;
 
 function ORM(driver_name, driver, settings) {
@@ -462,5 +458,3 @@ function queryParamCast (val) {
   }
   return val;
 }
-
-exports.connect = connect;
-Original file line number
+Diff line change
@@ Expand Up / @@ -4,6 +4,7 @@ node_js: @@
       - '4'
       - '6'
       - '8'
+      - '10'
     before_script:
       - mysql -e 'create database orm_test;'
       - psql -c 'create database orm_test;' -U postgres
@@ Expand Down @@