Security vulnerability in libpq thus dependency tree issue:  pg -> pg-native -> libpq

pg depends on pg-native. pg-native has a high severity vulnerability issue with its version of libpq. Thus 'npm audit fix' does not work. Or with '--force' flag breaks the build.

Will install pg@8.3.3, which is a breaking change
node_modules/libpq
  pg-native  *
  Depends on vulnerable versions of libpq
  node_modules/pg-native
    pg  >=8.4.0
    Depends on vulnerable versions of pg-native
    node_modules/pg

Just registering here so it is logged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Security vulnerability in libpq thus dependency tree issue: pg -> pg-native -> libpq #2786

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Uh oh!

Security vulnerability in libpq thus dependency tree issue: pg -> pg-native -> libpq #2786

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions