node-express-sample
node-express-sample copied to clipboard
jeffandersen
[Snyk] Security upgrade pg from 4.2.0 to 4.5.7
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
416/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Changed, Exploit Maturity: Functional, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.04579, Social Trends: No, Days since published: 2360, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 10.1, Likelihood: 4.12, Score Version: V5 |
Arbitrary Code Execution npm:pg:20170813 |
No | Mature |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: pg
The new version differs by 117 commits.- cb392c6 Bump version
- 6d0fdb8 Fix vulnerability
- 6cc1b2c Bump version
- d7307b1 use latest generic-pool (#1031)
- 55abbaa don't mutate params when preparing statement (#992)
- 5d3b506 Change test matrix in .travis.yml (#1002)
- 4047dd1 Bump version
- 6fddc56 Use Buffer concatenation for binary data instead of binary strings. Fixes Node.js v6.0.0 breakage. (#1001)
- 3433ed9 Bump version
- 52aa25d added Client constructor back on pool to enable instrumentation (#998)
- fe6f32a Bump version
- a8bd44a Requiring native bindings polutes 'global' (#984)
- beb8eef Merge pull request #971 from LinusU/patch-1
- c2650d8 Bump version
- ff4794d Merge pull request #951 from langpavel/readme-extras-wiki
- eabbeba Merge pull request #963 from dorianj/cancellation
- fe6215d readme: fix pool size
- eb7b15c Fix byte representation of CancelRequest message
- b584d15 Move Extras section from README.md to Github wiki
- 93aa52d Bump version
- 2a04d92 Bump version
- dbe0588 Update news
- 1c6da45 Merge pull request #943 from RivalIQ/utc-date-input
- f558ce4 Merge pull request #942 from koistya/patch-1
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
