fix(deps): update dependency pg-native to v3 [security] #62
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
renovate
bot
force-pushed
the
renovate/npm-pg-native-vulnerability
branch
from
c53f6f3
to
87ae231
Compare
renovate
bot
force-pushed
the
renovate/npm-pg-native-vulnerability
branch
2 times, most recently
from
ac72053
to
e1eff43
Compare
renovate
bot
force-pushed
the
renovate/npm-pg-native-vulnerability
branch
2 times, most recently
from
fb74184
to
383f176
Compare
renovate
bot
force-pushed
the
renovate/npm-pg-native-vulnerability
branch
3 times, most recently
from
5edf111
to
270a4fa
Compare
renovate
bot
force-pushed
the
renovate/npm-pg-native-vulnerability
branch
from
270a4fa
to
82f2088
Compare
renovate
bot
force-pushed
the
renovate/npm-pg-native-vulnerability
branch
6 times, most recently
from
1fc5de5
to
5cd4ab5
Compare
renovate
bot
force-pushed
the
renovate/npm-pg-native-vulnerability
branch
2 times, most recently
from
36c8969
to
40eb432
Compare
renovate
bot
force-pushed
the
renovate/npm-pg-native-vulnerability
branch
4 times, most recently
from
93828f5
to
3c1c515
Compare
renovate
bot
force-pushed
the
renovate/npm-pg-native-vulnerability
branch
4 times, most recently
from
8f0b554
to
9739b42
Compare
renovate
bot
force-pushed
the
renovate/npm-pg-native-vulnerability
branch
4 times, most recently
from
d66f986
to
efd1875
Compare
renovate
bot
force-pushed
the
renovate/npm-pg-native-vulnerability
branch
from
efd1875
to
15d47b4
Compare
renovate
bot
force-pushed
the
renovate/npm-pg-native-vulnerability
branch
3 times, most recently
from
0bddfea
to
8f28149
Compare
renovate
bot
force-pushed
the
renovate/npm-pg-native-vulnerability
branch
4 times, most recently
from
7dea183
to
77184d2
Compare
renovate
bot
force-pushed
the
renovate/npm-pg-native-vulnerability
branch
4 times, most recently
from
2f35085
to
da7db3e
Compare
renovate
bot
force-pushed
the
renovate/npm-pg-native-vulnerability
branch
4 times, most recently
from
b4cca36
to
98ed407
Compare
renovate
bot
force-pushed
the
renovate/npm-pg-native-vulnerability
branch
2 times, most recently
from
18c9d73
to
9d46c17
Compare
renovate
bot
force-pushed
the
renovate/npm-pg-native-vulnerability
branch
4 times, most recently
from
d954717
to
eb9216c
Compare
renovate
bot
force-pushed
the
renovate/npm-pg-native-vulnerability
branch
4 times, most recently
from
47c847f
to
6296675
Compare
renovate
bot
force-pushed
the
renovate/npm-pg-native-vulnerability
branch
2 times, most recently
from
22680d1
to
7357027
Compare
renovate
bot
force-pushed
the
renovate/npm-pg-native-vulnerability
branch
from
7357027
to
fcade9a
Compare
renovate
bot
force-pushed
the
renovate/npm-pg-native-vulnerability
branch
from
fcade9a
to
0e4bb19
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
^1.10.0->^3.0.1GitHub Vulnerability Alerts
CVE-2022-25852
pg-native before 3.0.1 and libpq before 1.8.10 are vulnerable to Denial of Service (DoS) when the addons attempt to cast the second argument to an array and fail. This happens for every non-array argument passed. Note: pg-native is a mere binding to npm's libpq library, which in turn has the addons and bindings to the actual C libpq library. This means that problems found in pg-native may transitively impact npm's libpq.
Release Notes
brianc/node-pg-native (pg-native)
v3.0.1Compare Source
v3.0.0Compare Source
v2.2.0Compare Source
v2.0.1Compare Source
v2.0.0Compare Source
v1.10.1Compare Source
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.