Update dependency alasql to v4.15.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
alasql	4.6.6 -> 4.15.0

---

Release Notes

alasql/alasql (alasql)

v4.15.0: 2025-12-22

Compare Source

What's Changed

• Add support for SEARCH INTO $variable to close #​2363
• Fix key properties for column objects on table-level constraints to close #​1643
• Fix trigger CALL for row data parameters (#​2377)
• Make PATH a context-aware keyword to close #​2222
• Make DELETED and INSERTED context-aware keywords to close #​2237
• Make KEY a context-aware keyword to close #​2227
• Make ORDER a context-aware keyword to close #​2223

Full Changelog: AlaSQL/alasql@v4.14.0...v4.15.0

v4.14.0: 2026-12-16

Compare Source

What's Changed

• Add support for quoted table alias to close #​606
• Add support for all SQL operations on anonymous data tables to close #​2348

Full Changelog: AlaSQL/alasql@v4.13.0...v4.14.0

v4.13.0: 2015-12-14

Compare Source

What's Changed

• Add UNNEST function to close #​2141
• Fix DEFAULT values when FILESTORAGE and LOCALSTORAGE to close #​1848

Full Changelog: AlaSQL/alasql@v4.12.0...v4.13.0

v4.12.0: 2025-12-13

Compare Source

What's Changed

• Add support for comma-separated tables in CROSS JOIN ... USING/ON syntax to close #​130
• Add support for INSERT INTO table SET col = val syntax to close #​136
• Add support for INSERT IGNORE syntax to close #​143
• Add parser support for ON DELETE and ON UPDATE CASCADE to close #​897
• Fix async callback for XLSX export to close #​107
• Fix negative numbers in JSON contexts to close #​475
• Fix joinstar options for inline data to closer #​1004
• Fix SELECT for columns from JOINed inline data to close #​1985
• Fix UPDATE on tables with PK when data is directly assigned to close #​1989
• Fix TypeScript type resolution to close #​2317

Full Changelog: AlaSQL/alasql@v4.11.0...v4.12.0

v4.11.0: 2025-12-07

Compare Source

What's Changed

• Add BREAK/CONTINUE and LEAVE/ITERATE statements to close #​37
• Add OUTPUT for INSERT/DELETE/UPDATE to close #​48
• Add bitwise operations to close #​155
• Improve implicit JOIN performance to close #​188
• Add support for recursive CTE (Common Table Expression) to close #​200
• Add WITH ROLLUP and WITH CUBE syntax to close #​292
• Fix UNION ALL for HTML tables to close #​485
• Fix XML character escape in XLSXML export to close #​525
• Add support for table-prefixed columns in arithmetic expressions for GROUP BY to close #​536
• Fix ORDER BY in INTERSECT/EXCEPT queries to close #​635
• Improve errors for async IndexedDB operations to close #​845
• Add support for @​ symbol in column names with backticks and qualified syntax to close #​884
• Fix GROUP BY across columns with same name to close #​941
• Throw error for invalid column names to close #​1173
• Add support for table names starting with numbers to close #​1185
• Add nested JSON output from arrow notation via INTO OBJECT() to close #​1278
• Add REGEXP support for MySQL style word boundaries to close #​1384
• Fix numbers in REPLACE() to close #​1455
• Fix (NOT) IN for empty sets to close #​1529
• Fix RECORDSET for no rows to close #​1547
• Fix ORDER BY use of quoted column names to close #​2039
• Fix RECORDSET for computed columns after SELECT * to close #​2070
• Add subquery caching with correlation check to close #​2280

Full Changelog: AlaSQL/alasql@v4.10.1...v4.11.0

v4.10.1: 2025-11-21

Compare Source

What's Changed

• ORDER BY clause for multiple UNIONs to fix #​7 after 11 years and 11 days
• Let SELECT * INTO SQL() handle NULL values to fix #​42 after 10 years, 10 months and 7 days
• ORDER BY with numeric column ref on SELECT * to fix #​125 after 10 years, 7 months and 4 days
• Use DISTINCT with object values in SELECT and SEARCH to fix #​167 after 10 years, 6 months and 12 days
• Support BETWEEN operator in CASE statement to fix #​735 after 9 years, 3 months, and 4 days
• Allow nested subqueries for IN clause to fix #​847 after 8 years, 7 months and 29 days
• Support import of multi-sheet XLSX to fix #​848 after 8 years, 7 months and 29 days
• Let SERIAL columns handle explicitly provided values including NULL to fix #​895 after 8 years, 4 months and 28 days
• Let UNIQUE constraint support JSON properties and expressions to fix #​925 after 8 years, 3 months, and 18 days
• Update indexes when bulk loading data to fix #​1027 after 7 years, 4 months and 17 days
• Support ROW_NUMBER() OVER (PARTITION BY) syntax for row numbering to fix #​1126 after 6 years, 3 months and 5 days
• Let INSERT INTO SELECT FROM overwrite data with defaults to fix #​1484 after 6 years, 3 months and 5 days
• Avoid timezone challenge for test408 to accomodate #​1587 after 2 years and 11 months.
• Extract compiled JS from SQL to fix #​2169 7 days
• Let CREATE INDEX support qualified table names to fix #​2184 after 2 days
• Qualified table names for SHOW COLUMNS and SHOW INDEX to fix #​2200 after 16 hours

New Contributors

• Thank you to Github for sponsoring @​Copilot who made their first contributions and helped nail issues with a combined age of 109 years, 1 month and 28 days from guiding it for a few hours. #theFutureIsNow

Full Changelog: AlaSQL/alasql@v4.9.0...v4.10.1

v4.10.0

Compare Source

v4.9.0: 2025-11-12

Compare Source

What's Changed

• Regression of piping data via txt() in CLI mode to fix #​2149

New Contributors

• Thank you to @​ammeek for their first contribution in AlaSQL#2159

Full Changelog: AlaSQL/alasql@v4.8.0...v4.9.0

v4.8.0: 2025-11-04

Compare Source

What's Changed

• Support MAX on dates to fix #​2147
• Let ROUND of NULL be undefined to fix #​2155

Also

• Thank you to @​t-wy for lots of well documented questions and challenges.

Full Changelog: AlaSQL/alasql@v4.7.0...v4.8.0

v4.7.0: 2025-11-03

Compare Source

What's Changed

• Deal with Non-ASCII characters in JSON() import to fix #​2112 by @​brettz9

Also

• Thanks to @​garyg1 making their first contribution and helping the quality of the readme info.

Full Changelog: AlaSQL/alasql@v4.6.6...v4.7.0

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	alasql@​4.6.6 ⏵ 4.15.0	+1

View full report

[cap10morgan]

The supply chain security score is a little lower here, seemingly due to lodash.get's low maintenance score. But I'm not totally sure what that means or what the right follow-ups should be. I'll ask the Socket folks and report back.

[cap10morgan]

Looks like this branch also has some failing SQL integration tests, which is concerning given the library this updates.

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm @react-native/debugger-frontend is 96.0% likely obfuscated Confidence: 0.96 Location: Package overview From: ? → npm/alasql@4.15.0 → npm/@react-native/debugger-frontend@0.74.89 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@react-native/debugger-frontend@0.74.89. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report