parse-server
parse-server copied to clipboard
parse-community
refactor: Upgrade pg-promise from 11.5.4 to 11.6.0
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade pg-promise from 11.5.4 to 11.6.0.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is 2 versions ahead of your current version.
- The recommended version was released 21 days ago, on 2024-04-06.
The recommended version fixes:
| Severity | Issue | PriorityScore (*) | Exploit Maturity |
|---|---|---|---|
 |
SQL Injection SNYK-JS-PGPROMISE-6501690 |
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5 |
Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: pg-promise
-
11.6.0 - 2024-04-06
- Dependencies updated, including the underlying driver, to v8.11.5
- Removing some deprecated JavaScript
- Upgrading CI tests to use new Postgres v16 and Node v20
- Documentation updates
-
11.5.5 - 2024-03-21
- Addressing sql injection issue; All negative numbers are now wrapped in parentheses.
- Dev dependencies updated.
Thanks to @ paul-gerste-sonarsource!
-
11.5.4 - 2023-08-22
- Dependencies updated, including the driver, to v8.11.3
Commit messages
Package name: pg-promise
- 2bb86f4 downgrade eslint
- c000db3 upgrade deps
- b657044 downgrade node version
- f5f773f downgrade pg->node tests
- 89e977d upgrade node + pg tests
- ad5f18e remove use of substr
- 06947b2 docs
- 1a4dfe6 Fixing issue https://github.com/vitaly-t/pg-promise/discussions/911#discussion-6223443
- 79199d4 update the package
- 8f30428 Fix node-postgres.com/apis/... links (#912)
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🔕 Ignore this dependency or unsubscribe from future upgrade PRs
I will reformat the title to use the proper commit message syntax.
![parse-github-assistant[bot] avatar](https://avatars.githubusercontent.com/in/136195?v=4 "Published by a pub.dev verified publisher"){kind=small}
Thanks for opening this pull request!
- ❌ Please link an issue that describes the reason for this pull request, otherwise your pull request will be closed. Make sure to write it as
Closes: #123in the PR description, so I can recognize it.