Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump min version of pg-native #2787

Merged
merged 1 commit into from
Aug 22, 2022
Merged

Conversation

brianc
Copy link
Owner

@brianc brianc commented Aug 19, 2022

Fixes #2786

Pull requests for reference:
brianc/node-pg-native#108
brianc/node-libpq#86

This shouldn't actually affect anything in this library as there's no way to get an array into the offending parameters variable in node-libpq from this library directly anyway AFAICT, but still...I take any security issue extremely seriously (and even stopped working today to fix this). Please LMK if there are other issues related to this.

A note for anyone on how to upgrade:
You technically don't even need to install a new version of pg. Just make sure you install [email protected] if you're using the native bindings. e.g. yarn add [email protected] etc...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Security vulnerability in libpq thus dependency tree issue: pg -> pg-native -> libpq
1 participant