Security vulnerability in libpq thus dependency tree issue: pg-native -> libpq

Question

Security vulnerability in libpq thus dependency tree issue: pg-native -> libpq

Closed this issue 2 years ago · 1 comments

pg-native has a high severity vulnerability issue with its version of libpq. Thus 'npm audit fix' does not work. Or with '--force' flag breaks the build.

Will install pg@8.3.3, which is a breaking change
node_modules/libpq
pg-native *
Depends on vulnerable versions of libpq
node_modules/pg-native
pg >=8.4.0
Depends on vulnerable versions of pg-native
node_modules/pg

Answer 1 · 2022-08-19T16:05:19.000Z

node-libpq doesn't mandate any particular version of libpq be installed - it uses whatever's available on the system.