Skip to content

Update dependency pg-promise to v5 #32

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dev-mend-for-github-com wants to merge 1 commit into
base: master
Choose a base branch
from

Update dependency pg-promise to v5

0077e3a
Select commit
Loading
Failed to load commit list.
Open

Update dependency pg-promise to v5 #32

Update dependency pg-promise to v5
0077e3a
Select commit
Loading
Failed to load commit list.
Dev - Mend for GitHub.com / Mend Security Check failed Jun 30, 2025 in 1m 47s

Security Report

You have successfully remediated 2 vulnerabilities, but introduced 2 new vulnerabilities in this branch.

❌ New vulnerabilities:

Vulnerability Severity CVSS Score Vulnerable Library Suggested Fix Issue Reachability
CVE-2017-16082

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/pg/package.json

Dependency Hierarchy:

-> pg-promise-5.9.7.tgz (Root Library)

   -> ❌ pg-5.2.1.tgz (Vulnerable Library)

Critical 9.8 pg-5.2.1.tgz Upgrade to version: pg - 6.2.5 None

Reachable
CVE-2025-29744

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/pg-promise/package.json

Dependency Hierarchy:

-> ❌ pg-promise-5.9.7.tgz (Vulnerable Library)

Medium 5.4 pg-promise-5.9.7.tgz None

Reachable

✔️ Remediated vulnerabilities:

Vulnerability Vulnerable Library
CVE-2017-16082 pg-5.1.0.tgz
CVE-2025-29744 pg-promise-4.8.1.tgz

Base branch total remaining vulnerabilities: 33
Base branch commit: 1bf1d83efeac9bd5edf365240449cfbdb7fa58b0


Total libraries scanned: 97

Scan token: 65302cf8063946c29e86c8a75a72ec9e

View more details on Dev - Mend for GitHub.com