Security vulnerability in libpq thus dependency tree issue: pg-native -> libpq
Closed this issue · 1 comments
Leigh-M commented
pg-native has a high severity vulnerability issue with its version of libpq. Thus 'npm audit fix' does not work. Or with '--force' flag breaks the build.
Will install pg@8.3.3, which is a breaking change
node_modules/libpq
pg-native *
Depends on vulnerable versions of libpq
node_modules/pg-native
pg >=8.4.0
Depends on vulnerable versions of pg-native
node_modules/pg
brianc commented
node-libpq doesn't mandate any particular version of libpq be installed - it uses whatever's available on the system.