chore(deps)(deps): bump drizzle-orm from 0.45.1 to 0.45.2

Open

Number: #146
Type: Pull Request
State: Open

Author:

dependabot[bot]
Association: Unknown
Comments: 22

Created: April 08, 2026 at 07:26 AM UTC
(2 months ago)

Updated: April 16, 2026 at 06:07 AM UTC
(about 2 months ago)

Labels:
dependencies javascript

Description:

Bumps drizzle-orm from 0.45.1 to 0.45.2.

Release notes

Sourced from drizzle-orm's releases.

0.45.2

Fixed sql.identifier(), sql.as() escaping issues. Previously all the values passed to this functions were not properly escaped causing a possible SQL Injection (CWE-89) vulnerability

Thanks to @EthanKim88, @0x90sh and @wgoodall01 for reaching out to us with a reproduction and suggested fix

Commits

273c780 + 0.45.2 (#5534)
4aa6ecf Kit updates (#5490)
e8e6edf feat(drizzle-kit): support d1 via binding (#5302)
See full diff in compare view

Package Dependencies

Package:
drizzle-orm

Ecosystem:
npm

Version Change:
0.45.1 → 0.45.2

Update Type:
Patch

Actions

View on GitHub View Repository All Dependabot PRs

Technical Details

ID:	`15321970`
UUID:	`4222832896`
Node ID:	`PR_kwDOQpX1xc7QuduI`
Host:	GitHub
Repository:	robertpelloni/hypercode

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Dependabot

chore(deps)(deps): bump drizzle-orm from 0.45.1 to 0.45.2

0.45.2

Package Dependencies

Actions

Technical Details