From 4c36468338fb86e9bd2229470134b4f4ddf9a119 Mon Sep 17 00:00:00 2001 From: MerverliPy Date: Fri, 3 Jul 2026 09:11:35 -0500 Subject: [PATCH 1/2] fix: bump drizzle-orm to 0.45.2 (CVE-2026-39356) --- bun.lock | 5 ++++- packages/eval/package.json | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/bun.lock b/bun.lock index a4343d2..913f97d 100644 --- a/bun.lock +++ b/bun.lock @@ -4,6 +4,9 @@ "workspaces": { "": { "name": "agent-workbench", + "dependencies": { + "drizzle-orm": "^0.45.2", + }, "devDependencies": { "husky": "^9.1.7", "lint-staged": "^17.0.8", @@ -175,7 +178,7 @@ "@agent-workbench/events": "workspace:*", "@agent-workbench/protocol": "workspace:*", "@agent-workbench/storage": "workspace:*", - "drizzle-orm": "^0.38.0", + "drizzle-orm": "^0.45.2", "promptfoo": "^0.121.17", "ulid": "^2.3.0", }, diff --git a/packages/eval/package.json b/packages/eval/package.json index dc8c869..892218a 100644 --- a/packages/eval/package.json +++ b/packages/eval/package.json @@ -20,7 +20,7 @@ "@agent-workbench/protocol": "workspace:*", "@agent-workbench/events": "workspace:*", "@agent-workbench/storage": "workspace:*", - "drizzle-orm": "^0.38.0", + "drizzle-orm": "^0.45.2", "promptfoo": "^0.121.17", "ulid": "^2.3.0" }, From f17718b84ea6430dc374b93ddbe0daeb1c0ee650 Mon Sep 17 00:00:00 2001 From: MerverliPy Date: Fri, 3 Jul 2026 09:11:52 -0500 Subject: [PATCH 2/2] fix: bump root drizzle-orm to 0.45.2 --- package.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/package.json b/package.json index 51f0ef6..cd1219a 100644 --- a/package.json +++ b/package.json @@ -60,5 +60,8 @@ "*.{ts,tsx,js,jsx,json,md,yaml,yml}": [ "bash -c 'which biome &>/dev/null && bunx @biomejs/biome check --write --no-errors-on-unmatched || echo \"ok\"'" ] + }, + "dependencies": { + "drizzle-orm": "^0.45.2" } }