Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade pg from 8.8.0 to 8.9.0 #213

Merged
merged 2 commits into from
Feb 17, 2023
Merged

[Snyk] Upgrade pg from 8.8.0 to 8.9.0 #213

merged 2 commits into from
Feb 17, 2023

Conversation

snyk-bot
Copy link
Contributor

Snyk has created this PR to upgrade pg from 8.8.0 to 8.9.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 1 version ahead of your current version.
  • The recommended version was released 21 days ago, on 2023-01-27.
Release notes
Package name: pg from pg GitHub release notes
Commit messages
Package name: pg
  • 20a243e Publish
  • 5bdc61a Remove expired sponsors
  • 47afe5c Attempt to fix timing test flake on older versions of node in CI (#2902)
  • bb8745b Fix SASL to bubble up errors, enable SASL tests in CI, and add informative empty SASL password message (#2901)
  • f82f39c Add support to stream factory (#2898)
  • 3e34816 Update title (#2886)
  • c6c05f8 Bump JSONStream from 0.7.4 to 1.3.5 (#2874)
  • 16118ce Bump eslint-config-prettier from 6.12.0 to 8.5.0 (#2875)
  • 27d612a Update docs (#2867)
  • 12b9a69 update docs - clean up interface (#2863)
  • c7dc621 pg-cursor: Fix errors only being sent to half the queue (#2831)
  • c7133eb ci: remove git credentials after checkout (#2858)
  • 15b502d refactor(pg): remove unused imports (#2854)
  • c253eb6 Bump chai from 4.2.0 to 4.3.6 (#2851)
  • 0965531 Bump typescript from 4.0.3 to 4.8.4 (#2850)
  • 89b4e7f Fix devcontainer build failure due to env var being interpreted as non-string (#2844)
  • 5538df6 Bump @ typescript-eslint/eslint-plugin from 4.4.0 to 4.33.0 (#2826)
  • 406f141 perf: remove superfluous flush message (#2842)
  • c7dc7fd Bump pgpass from 1.0.2 to 1.0.5 (#2827)
  • 1aa0827 Migrate docs repo into monorepo (#2823)
  • 5bcc05d pg-protocol: fix link to message format docs (#2835)
  • 9dfb3dc perf(pg): use native crypto.pbkdf2Sync in sasl auth (#2815)
  • 9e2d7c4 Update pg.connect with pool.connect (#2822)
  • 9a95ee7 pg-query-stream: Add missing peer dependency on pg (#2813)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@socket-security
Copy link

Socket Security Pull Request Report

👍 No new dependency issues detected in pull request

Pull request report summary
Issue Status
Install scripts ✅ 0 issues
Native code ✅ 0 issues
Bin script confusion ✅ 0 issues
Bin script shell injection ✅ 0 issues
Unresolved require ✅ 0 issues
Invalid package.json ✅ 0 issues
HTTP dependency ✅ 0 issues
Git dependency ✅ 0 issues
Potential typo squat ✅ 0 issues
Known Malware ✅ 0 issues
Telemetry ✅ 0 issues
Protestware/Troll package ✅ 0 issues
Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@2.4.2

Powered by socket.dev

@coveralls
Copy link
Collaborator

coveralls commented Feb 17, 2023
edited
Loading

Pull Request Test Coverage Report for Build 4207738920

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 59.305%
Totals Coverage Status
Change from base Build 4207730256: 0.0%
Covered Lines: 1174
Relevant Lines: 1951
💛 - Coveralls

@sonarcloud
Copy link

sonarcloud bot commented Feb 17, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@cameri cameri merged commit fe3726b into main Feb 17, 2023
@cameri cameri deleted the snyk-upgrade-3cd01f8564b6f240610b366b99055fa9 branch February 17, 2023 22:19
github-actions bot pushed a commit that referenced this pull request Feb 20, 2023
@semantic-release-bot
chore(release): 1.22.5 [skip ci]
6335496 
## [1.22.5](v1.22.4...v1.22.5) (2023-02-20)

### Bug Fixes

* confirm invoice function ambiguous unit variable ([#221](#221)) ([fd32949](fd32949))
* Dockerfile.test to reduce vulnerabilities ([#196](#196)) ([eac8c50](eac8c50))
* upgrade axios from 1.2.4 to 1.2.5 ([#211](#211)) ([a390e29](a390e29))
* upgrade axios from 1.2.5 to 1.2.6 ([#215](#215)) ([e99ac5d](e99ac5d))
* upgrade pg from 8.8.0 to 8.9.0 ([#213](#213)) ([fe3726b](fe3726b))
* upgrade pg-query-stream from 4.2.4 to 4.3.0 ([#214](#214)) ([9272389](9272389))
* upgrade redis from 4.5.1 to 4.6.2 ([#212](#212)) ([86e8818](86e8818))
@github-actions
Copy link

🎉 This PR is included in version 1.22.5 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

brandonrobinson5060 pushed a commit to VIDA-Global/nostream that referenced this pull request Feb 22, 2023
@snyk-bot @cameri @brandonrobinson5060
fix: upgrade pg from 8.8.0 to 8.9.0 (cameri#213)
cb0ceeb 
Snyk has created this PR to upgrade pg from 8.8.0 to 8.9.0.

See this package in npm:
https://www.npmjs.com/package/pg

See this project in Snyk:
https://app.snyk.io/org/cameri/project/2f0c25a2-d08a-45e1-a6f4-84766cbed88d?utm_source=github&utm_medium=referral&page=upgrade-pr

Co-authored-by: Ricardo Arturo Cabral Mejía <me@ricardocabral.io>
brandonrobinson5060 pushed a commit to VIDA-Global/nostream that referenced this pull request Feb 22, 2023
@semantic-release-bot @brandonrobinson5060
chore(release): 1.22.5 [skip ci]
ffa86bc 
## [1.22.5](cameri/nostream@v1.22.4...v1.22.5) (2023-02-20)

### Bug Fixes

* confirm invoice function ambiguous unit variable ([cameri#221](cameri#221)) ([fd32949](cameri@fd32949))
* Dockerfile.test to reduce vulnerabilities ([cameri#196](cameri#196)) ([eac8c50](cameri@eac8c50))
* upgrade axios from 1.2.4 to 1.2.5 ([cameri#211](cameri#211)) ([a390e29](cameri@a390e29))
* upgrade axios from 1.2.5 to 1.2.6 ([cameri#215](cameri#215)) ([e99ac5d](cameri@e99ac5d))
* upgrade pg from 8.8.0 to 8.9.0 ([cameri#213](cameri#213)) ([fe3726b](cameri@fe3726b))
* upgrade pg-query-stream from 4.2.4 to 4.3.0 ([cameri#214](cameri#214)) ([9272389](cameri@9272389))
* upgrade redis from 4.5.1 to 4.6.2 ([cameri#212](cameri#212)) ([86e8818](cameri@86e8818))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cameri cameri cameri approved these changes

Assignees
No one assigned
Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@snyk-bot @coveralls @cameri