Bump pg to patch security vulnerability

https://nodesecurity.io/advisories/521
2024-12-22 19:07:54 +01:00 · 2017-08-23 10:49:05 +02:00 · 2017-08-23 10:49:05 +02:00 · a8e777724a
commit a8e777724a
parent b3030d0d09
2 changed files with 8 additions and 7 deletions
--- a/package.json
+++ b/package.json
@ -72,7 +72,7 @@
    "log4js": "^1.0.1",
    "moment": "^2.15.2",
    "parse-database-url": "^0.3.0",
-    "pg": "^6.1.0",
+    "pg": "^6.4.2",
    "prom-client": "^9.1.1",
    "response-time": "^2.3.2",
    "serve-favicon": "^2.3.0",
--- a/yarn.lock
+++ b/yarn.lock
@ -2650,7 +2650,7 @@ joi@^10.0.1:
    items "2.x.x"
    topo "2.x.x"

-js-string-escape@^1.0.1:
+js-string-escape@1.0.1, js-string-escape@^1.0.1:
  version "1.0.1"
  resolved "https://registry.yarnpkg.com/js-string-escape/-/js-string-escape-1.0.1.tgz#e2625badbc0d67c7533e9edc1068c587ae4137ef"

@ -3601,16 +3601,17 @@ pg@^4.5.5:
    pgpass "0.0.3"
    semver "^4.1.0"

-pg@^6.1.0:
-  version "6.4.0"
-  resolved "https://registry.yarnpkg.com/pg/-/pg-6.4.0.tgz#cb76ba2e7c2eab89fc64bf7a9fe648ced72436dc"
+pg@^6.4.2:
+  version "6.4.2"
+  resolved "https://registry.yarnpkg.com/pg/-/pg-6.4.2.tgz#c364011060eac7a507a2ae063eb857ece910e27f"
  dependencies:
    buffer-writer "1.0.1"
+    js-string-escape "1.0.1"
    packet-reader "0.3.1"
    pg-connection-string "0.1.3"
    pg-pool "1.*"
    pg-types "1.*"
-    pgpass "1.x"
+    pgpass "1.*"
    semver "4.3.2"

 pgpass@0.0.3:
@ -3619,7 +3620,7 @@ pgpass@0.0.3:
  dependencies:
    split "~0.3"

-pgpass@1.x:
+pgpass@1.*:
  version "1.0.2"
  resolved "https://registry.yarnpkg.com/pgpass/-/pgpass-1.0.2.tgz#2a7bb41b6065b67907e91da1b07c1847c877b306"
  dependencies: