Is this module supported?
agorina opened this issue · 2 comments
agorina commented
I am running into the following issues and trying to understand if this module is currently supported:
=== npm audit security report ===
┌──────────────────────────────────────────────────────────────────────────────┐
│ Manual Review │
│ Some vulnerabilities require your attention to resolve │
│ │
│ Visit https://go.npm.me/audit-guide for additional guidance │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=4.17.19 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ tinypg │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ tinypg > lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/1523 │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 1 low severity vulnerability in 1002 scanned packages
1 vulnerability requires manual review. See the full report for details.
alla.gorina@MacBook-Pro prozaik % npm prune
npm WARN tinypg@5.3.0 requires a peer of pg@^7.4.1 but none is installed. You must install peer dependencies yourself.
I am using the latest version of pg, which is 8, not 7 ^
stephenreddek commented
Hi @agorina, it is supported! We'll get packages updated and make a new release.
agorina commented
thank you!