build(deps): bump drizzle-orm from 0.44.7 to 0.45.2 by dependabot[bot] · Pull Request #3069 · inkeep/agents

dependabot · 2026-04-08T03:19:57Z

Bumps drizzle-orm from 0.44.7 to 0.45.2.

Release notes

0.45.2

Fixed sql.identifier(), sql.as() escaping issues. Previously all the values passed to this functions were not properly escaped causing a possible SQL Injection (CWE-89) vulnerability

Thanks to @EthanKim88, @0x90sh and @wgoodall01 for reaching out to us with a reproduction and suggested fix

0.45.1

Fixed pg-native Pool detection in node-postgres transactions breaking in environments with forbidden require() (#5107)

0.45.0

Fixed pg-native Pool detection in node-postgres transactions

Allowed subqueries in select fields

Updated typo algorythm => algorithm

Fixed $onUpdate not handling SQL values (fixes #2388, tests implemented by L-Mario564 in #2911)

Fixed pg mappers not handling Date instances in bun-sql:postgresql driver responses for date, timestamp types (fixes #4493)

Commits

273c780 + 0.45.2 (#5534)
4aa6ecf Kit updates (#5490)
e8e6edf feat(drizzle-kit): support d1 via binding (#5302)
a086f59 Fixed pg-native Pool detection in node-postgres transactions breaking in envi...
c445637 Merge pull request #5095 from drizzle-team/main-workflows
e7b3aaa Merge branch 'main' into main-workflows
0d885a5 refactor: Update condition for run-feature job to improve clarity and functio...
45a1ffb Merge pull request #5087 from drizzle-team/main-workflows
6357645 chore: Comment out NEON_HTTP_CONNECTION_STRING requirement in release workflows
53dec98 refactor: Simplify release router workflow by removing unnecessary switch job...
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for drizzle-orm since your current version.

changeset-bot · 2026-04-08T03:20:04Z

⚠️ No Changeset found

Latest commit: ef9ad3d

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

vercel · 2026-04-08T03:20:05Z

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
agents-api	Ready	Preview, Comment	Apr 14, 2026 6:19pm
agents-docs	Ready	Preview, Comment	Apr 14, 2026 6:19pm
agents-manage-ui	Ready	Preview, Comment	Apr 14, 2026 6:19pm

socket-security · 2026-04-09T02:38:16Z

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Warn		Obfuscated code: npm `@inkeep/agents-manage-ui` is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: agents-cli/package.json → `npm/@inkeep/[email protected]` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `[email protected]`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/@inkeep/[email protected]`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

github-actions · 2026-04-14T18:13:32Z

A matching internal PR is ready in inkeep/agents-private#92 for canonical review and merge.

Original author attribution is preserved as @dependabot[bot]
The internal PR is the authoritative merge surface
The public repo will pick up the merged change through the normal mirror sync

This comment will be updated as the bridge state changes.

Bumps [drizzle-orm](https://github.com/drizzle-team/drizzle-orm) from 0.44.7 to 0.45.2. - [Release notes](https://github.com/drizzle-team/drizzle-orm/releases) - [Commits](drizzle-team/drizzle-orm@0.44.7...0.45.2) --- updated-dependencies: - dependency-name: drizzle-orm dependency-version: 0.45.2 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]>

socket-security · 2026-04-22T23:18:27Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@inkeep/agents-ui@0.15.30
	@inkeep/cxkit-react@0.5.117
	@nangohq/frontend@0.69.41
	@dnd-kit/utilities@3.2.2
	@nangohq/node@0.69.41
	@opentelemetry/sdk-trace-node@2.5.1
	@inkeep/agents-ui-cloud@0.15.30
	@ai-sdk/gateway@3.0.9
	@ai-sdk/openai@3.0.7
	@nangohq/types@0.69.41
	@opentelemetry/exporter-trace-otlp-http@0.212.0
	@better-auth/infra@0.1.11
	@opentelemetry/context-async-hooks@2.5.1
	@ai-sdk/provider@3.0.2
	@inkeep/docskit@0.0.8
	@ai-sdk/provider-utils@4.0.4
	@napi-rs/keyring@1.2.0
	@better-auth/oauth-provider@1.5.5
	@ai-sdk/anthropic@3.0.7
	@opentelemetry/sdk-trace-base@2.5.1
	@better-auth/sso@1.5.5
	@dnd-kit/core@6.3.1
	@dnd-kit/sortable@10.0.0
	@dnd-kit/modifiers@9.0.0
	@ai-sdk/azure@3.0.7
	@inkeep/agents-manage-ui@0.41.1
	@babel/parser@7.29.0
	@hono/swagger-ui@0.5.2
	@hono/mcp@0.1.5
	@opentelemetry/baggage-span-processor@0.5.0
	@authzed/authzed-node@1.6.1
	@ai-sdk/google@3.0.4
	@octokit/auth-app@8.2.0
See 25 more rows in the dashboard

View full report

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 8, 2026

vercel Bot deployed to Preview – agents-manage-ui April 8, 2026 03:22 View deployment

vercel Bot deployed to Preview – agents-docs April 8, 2026 03:22 View deployment

vercel Bot deployed to Preview – agents-api April 8, 2026 03:24 View deployment

dependabot Bot force-pushed the dependabot/npm_and_yarn/drizzle-orm-0.45.2 branch from 0f62cca to 45be008 Compare April 9, 2026 02:37

vercel Bot deployed to Preview – agents-manage-ui April 9, 2026 02:39 View deployment

vercel Bot deployed to Preview – agents-docs April 9, 2026 02:40 View deployment

vercel Bot deployed to Preview – agents-api April 9, 2026 02:41 View deployment

dependabot Bot force-pushed the dependabot/npm_and_yarn/drizzle-orm-0.45.2 branch from 45be008 to 06c2c9a Compare April 14, 2026 18:15

vercel Bot deployed to Preview – agents-manage-ui April 14, 2026 18:18 View deployment

vercel Bot deployed to Preview – agents-docs April 14, 2026 18:18 View deployment

vercel Bot deployed to Preview – agents-api April 14, 2026 18:19 View deployment

dependabot Bot changed the title ~~chore(deps): bump drizzle-orm from 0.44.7 to 0.45.2~~ build(deps): bump drizzle-orm from 0.44.7 to 0.45.2 Apr 16, 2026

dependabot Bot force-pushed the dependabot/npm_and_yarn/drizzle-orm-0.45.2 branch 4 times, most recently from 9778f3c to 7bc73c8 Compare April 21, 2026 22:10

dependabot Bot force-pushed the dependabot/npm_and_yarn/drizzle-orm-0.45.2 branch from 7bc73c8 to ef9ad3d Compare April 22, 2026 23:17

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump drizzle-orm from 0.44.7 to 0.45.2#3069

build(deps): bump drizzle-orm from 0.44.7 to 0.45.2#3069
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/drizzle-orm-0.45.2

dependabot Bot commented on behalf of github Apr 8, 2026 •

edited

Loading

Uh oh!

changeset-bot Bot commented Apr 8, 2026 •

edited

Loading

Uh oh!

vercel Bot commented Apr 8, 2026 •

edited

Loading

Uh oh!

socket-security Bot commented Apr 9, 2026 •

edited

Loading

Uh oh!

github-actions Bot commented Apr 14, 2026

Uh oh!

socket-security Bot commented Apr 22, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Apr 8, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

0.45.2

0.45.1

0.45.0

Uh oh!

changeset-bot Bot commented Apr 8, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

⚠️ No Changeset found

Uh oh!

vercel Bot commented Apr 8, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

socket-security Bot commented Apr 9, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

github-actions Bot commented Apr 14, 2026

Uh oh!

socket-security Bot commented Apr 22, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot Bot commented on behalf of github Apr 8, 2026 •

edited

Loading

changeset-bot Bot commented Apr 8, 2026 •

edited

Loading

vercel Bot commented Apr 8, 2026 •

edited

Loading

socket-security Bot commented Apr 9, 2026 •

edited

Loading