-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(deps): update dependency pg-native to v3 [security] #62
Open
renovate
wants to merge
1
commit into
master
Choose a base branch
from
renovate/npm-pg-native-vulnerability
base: master
Could not load branches
Branch not found: {{ refName }}
Could not load tags
Nothing to show
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
renovate
bot
force-pushed
the
renovate/npm-pg-native-vulnerability
branch
from
March 25, 2023 03:07
c53f6f3
to
87ae231
Compare
renovate
bot
force-pushed
the
renovate/npm-pg-native-vulnerability
branch
2 times, most recently
from
April 3, 2023 11:37
ac72053
to
e1eff43
Compare
renovate
bot
force-pushed
the
renovate/npm-pg-native-vulnerability
branch
2 times, most recently
from
April 17, 2023 16:16
fb74184
to
383f176
Compare
renovate
bot
force-pushed
the
renovate/npm-pg-native-vulnerability
branch
3 times, most recently
from
June 4, 2023 08:16
5edf111
to
270a4fa
Compare
renovate
bot
force-pushed
the
renovate/npm-pg-native-vulnerability
branch
from
June 4, 2023 15:26
270a4fa
to
82f2088
Compare
renovate
bot
force-pushed
the
renovate/npm-pg-native-vulnerability
branch
6 times, most recently
from
June 19, 2023 11:34
1fc5de5
to
5cd4ab5
Compare
renovate
bot
force-pushed
the
renovate/npm-pg-native-vulnerability
branch
2 times, most recently
from
June 29, 2023 13:40
36c8969
to
40eb432
Compare
renovate
bot
force-pushed
the
renovate/npm-pg-native-vulnerability
branch
4 times, most recently
from
July 9, 2023 12:21
93828f5
to
3c1c515
Compare
renovate
bot
force-pushed
the
renovate/npm-pg-native-vulnerability
branch
4 times, most recently
from
July 19, 2023 17:33
8f0b554
to
9739b42
Compare
renovate
bot
force-pushed
the
renovate/npm-pg-native-vulnerability
branch
4 times, most recently
from
August 1, 2023 18:13
d66f986
to
efd1875
Compare
renovate
bot
force-pushed
the
renovate/npm-pg-native-vulnerability
branch
from
August 9, 2023 14:56
efd1875
to
15d47b4
Compare
renovate
bot
force-pushed
the
renovate/npm-pg-native-vulnerability
branch
3 times, most recently
from
February 4, 2024 12:12
0bddfea
to
8f28149
Compare
renovate
bot
force-pushed
the
renovate/npm-pg-native-vulnerability
branch
4 times, most recently
from
February 29, 2024 13:20
7dea183
to
77184d2
Compare
renovate
bot
force-pushed
the
renovate/npm-pg-native-vulnerability
branch
4 times, most recently
from
March 17, 2024 09:29
2f35085
to
da7db3e
Compare
renovate
bot
force-pushed
the
renovate/npm-pg-native-vulnerability
branch
4 times, most recently
from
March 24, 2024 16:20
b4cca36
to
98ed407
Compare
renovate
bot
force-pushed
the
renovate/npm-pg-native-vulnerability
branch
2 times, most recently
from
April 14, 2024 10:58
18c9d73
to
9d46c17
Compare
renovate
bot
force-pushed
the
renovate/npm-pg-native-vulnerability
branch
4 times, most recently
from
April 25, 2024 13:15
d954717
to
eb9216c
Compare
renovate
bot
force-pushed
the
renovate/npm-pg-native-vulnerability
branch
4 times, most recently
from
May 9, 2024 13:45
47c847f
to
6296675
Compare
renovate
bot
force-pushed
the
renovate/npm-pg-native-vulnerability
branch
2 times, most recently
from
May 16, 2024 02:41
22680d1
to
7357027
Compare
renovate
bot
force-pushed
the
renovate/npm-pg-native-vulnerability
branch
from
June 4, 2024 14:26
7357027
to
fcade9a
Compare
renovate
bot
force-pushed
the
renovate/npm-pg-native-vulnerability
branch
from
June 4, 2024 16:49
fcade9a
to
0e4bb19
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
None yet
0 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
^1.10.0
->^3.0.1
GitHub Vulnerability Alerts
CVE-2022-25852
pg-native before 3.0.1 and libpq before 1.8.10 are vulnerable to Denial of Service (DoS) when the addons attempt to cast the second argument to an array and fail. This happens for every non-array argument passed. Note: pg-native is a mere binding to npm's libpq library, which in turn has the addons and bindings to the actual C libpq library. This means that problems found in pg-native may transitively impact npm's libpq.
Release Notes
brianc/node-pg-native (pg-native)
v3.0.1
Compare Source
v3.0.0
Compare Source
v2.2.0
Compare Source
v2.0.1
Compare Source
v2.0.0
Compare Source
v1.10.1
Compare Source
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.