dynajoe/tinypg

Is this module supported?

agorina opened this issue · 2 comments

I am running into the following issues and trying to understand if this module is currently supported:

  === npm audit security report ===                        
                                                                                
┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ lodash                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=4.17.19                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ tinypg                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ tinypg > lodash                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1523                            │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 1 low severity vulnerability in 1002 scanned packages
  1 vulnerability requires manual review. See the full report for details.
alla.gorina@MacBook-Pro prozaik % npm prune   
npm WARN tinypg@5.3.0 requires a peer of pg@^7.4.1 but none is installed. You must install peer dependencies yourself.

I am using the latest version of pg, which is 8, not 7 ^

Hi @agorina, it is supported! We'll get packages updated and make a new release.

thank you!