Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade @clickhouse/client from 1.0.2 to 1.6.0 #5

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

d3sca
Copy link
Owner

@d3sca d3sca commented Nov 6, 2024

snyk-top-banner

Snyk has created this PR to upgrade @clickhouse/client from 1.0.2 to 1.6.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 7 versions ahead of your current version.

  • The recommended version was released on 2 months ago.

Release notes
Package name: @clickhouse/client
  • 1.6.0 - 2024-09-12

    New features

    Bug fixes

    • (Node.js) Fixed unhandled exceptions produced when calling ResultSet.json if the response data was not, in fact, a valid JSON. (#311)
  • 1.5.0 - 2024-08-22

    New features

    • (Node.js only) It is now possible to disable the automatic decompression of the response stream with the exec method. See ExecParams.decompress_response_stream for more details. (#298).
  • 1.4.1 - 2024-08-07

    Improvements

    • ClickHouseClient is now exported as a value from @ clickhouse/client and @ clickhouse/client-web packages, allowing for better integration in dependency injection frameworks that rely on IoC (e.g., Nest.js, tsyringe) (@ mathieu-bour, #292).

    Bug fixes

    • Fixed a potential socket hang-up issue that could happen under 100% CPU load (#294).
  • 1.4.0 - 2024-07-12

    New features

    • (Node.js only) The exec method now accepts an optional values parameter, which allows you to pass the request body as a Stream.Readable. This can be useful in the case of custom insert streaming with arbitrary ClickHouse data formats (which might not be explicitly supported and allowed by the client in the insert method yet). NB: in this case, you are expected to serialize the data in the stream in the required input format yourself. See #290 for more details.

    Improvements

    • (Node.js only) The client package now exports a utility method drainStream
  • 1.3.0 - 2024-07-08

    New features

    • It is now possible to get the entire response headers object from the query/insert/command/exec methods. With query, you can access the ResultSet.response_headers property; other methods (insert/command/exec) return it as parts of their response objects as well.
      For example:

      const rs = await client.query({
        query: 'SELECT * FROM system.numbers LIMIT 1',
        format: 'JSONEachRow',
      })
      console.log(rs.response_headers['content-type'])

      This will print: application/x-ndjson; charset=UTF-8. It can be used in a similar way with the other methods.

    Improvements

    • Re-exported several constants from the @ clickhouse/client-common package for convenience:

      • SupportedJSONFormats
      • SupportedRawFormats
      • StreamableFormats
      • StreamableJSONFormats
      • SingleDocumentJSONFormats
      • RecordsJSONFormats
  • 1.2.0 - 2024-06-19

    New features

    • (Experimental) Added an option to provide a custom HTTP Agent in the client configuration via the http_agent option (#283, related: #278). The following conditions apply if a custom HTTP Agent is provided:

      • The max_open_connections and tls options will have no effect and will be ignored by the client, as those are part of the underlying HTTP Agent configuration.
      • keep_alive.enabled will only regulate the default value of the Connection header (true -> Connection: keep-alive, false -> Connection: close).
      • While the idle socket management will still work, it is now possible to disable it completely by setting the keep_alive.idle_socket_ttl value to 0.
    • (Experimental) Added a new client configuration option: set_basic_auth_header, which controls whether the Authorization header should be set for every outgoing HTTP request (enabled by default). One of the possible scenarios when it is necessary to disable this header is when a custom HTTPS agent is used, and the server requires TLS with certificates. For example:

      const agent = new https.Agent({
        keepAlive: true,
        keepAliveMsecs: 2500,
        maxSockets: 10,
        maxFreeSockets: 10,
        ca: fs.readFileSync('./ca.crt'),
        cert: fs.readFileSync('./client.crt'),
        key: fs.readFileSync('./client.key'),
      })
      const client = createClient({
        url: 'https://myserver:8443',
        http_agent: agent,
        // With a custom HTTPS agent, the client won't use the default HTTPS connection implementation; the headers should be provided manually
        http_headers: {
          'X-ClickHouse-User': 'username',
          'X-ClickHouse-Key': 'password',
          'X-ClickHouse-SSL-Certificate-Auth': 'on',
        },
        // Important: authorization header conflicts with the TLS headers; disable it.
        set_basic_auth_header: false,
      })

    NB: It is currently not possible to set the set_basic_auth_header option via the URL params.

    See the doc entry regarding custom HTTP(s) Agent usage with code samples.

    If you have feedback on these experimental features, please let us know by creating an issue in the repository or send a message in the Community Slack (#clickhouse-js channel).

  • 1.1.0 - 2024-06-06

    New features

    • Added an option to override the credentials for a particular query/command/exec/insert request via the BaseQueryParams.auth setting; when set, the credentials will be taken from there instead of the username/password provided during the client instantiation (#278).
    • Added an option to override the session_id for a particular query/command/exec/insert request via the BaseQueryParams.session_id setting; when set, it will be used instead of the session id provided during the client instantiation (@ holi0317, #271).

    Bug fixes

    • Fixed the incorrect ResponseJSON<T>.totals TypeScript type. Now it correctly matches the shape of the data (T, default = unknown) instead of the former Record<string, number> definition (#274).
  • 1.0.2 - 2024-05-20

    Bug fixes

    • The command method now drains the response stream properly, as the previous implementation could cause the Keep-Alive socket to close after each request.
    • (Node.js) Removed an unnecessary error log in the ResultSet.stream method if the request was aborted or the result set was closed (#263).

    Improvements

    • (Node.js) ResultSet.stream logs an error via the Logger instance if the stream emits an error event instead of a simple console.error call.
    • Minor adjustments to the formatting of the DefaultLogger log messages.
    • Added missing rows_before_limit_at_least to the ResponseJSON type (@ 0237h, #267).
from @clickhouse/client GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

Snyk has created this PR to upgrade @clickhouse/client from 1.0.2 to 1.6.0.

See this package in npm:
@clickhouse/client

See this project in Snyk:
https://app.snyk.io/org/cybersec55555/project/a0e3c872-36da-4eae-a230-d6995477e939?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants