Convert token types to symbols to ensures that SQL tokens cannot be injected from outside of the codebase, e.g. through JSON.
Thanks to @alxndrsn for reporting the issue and suggesting a patch (#595).
Thanks to @danielrearden for suggesting a patch.
This is only a breaking change if you were previously manually assembling SQL, e.g.
const fooFragment = () => {
return {
sql: 'foo',
type: 'SLONIK_TOKEN_FRAGMENT',
values: [],
};
};This snippet would need to become:
import { FragmentToken } from '@slonik/sql-tag';
const fooFragment = () => {
return {
sql: 'foo',
type: FragmentToken,
values: [],
};
};