[Snyk] Upgrade pg from 8.8.0 to 8.11.3

[akroon3r]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade pg from 8.8.0 to 8.11.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 5 versions ahead of your current version.
• The recommended version was released 21 days ago, on 2023-08-01.

Release notes

Package name: pg

• 8.11.2 - 2023-08-01
  

  pg@8.11.2

• 8.11.1 - 2023-06-26
• 8.11.0 - 2023-05-15
• 8.10.0 - 2023-03-06
• 8.9.0 - 2023-01-27
• 8.8.0 - 2022-08-23

from pg GitHub release notes

Commit messages

Package name: pg

• a2a355a Publish
• cf24ef2 pg-connection-string: avoid clobbering port from queryparams (#2833)
• 3644730 Remove early return for non commonjs environments (#3033)
• 970804b Update pg-connection-string url in connecting.mdx (#3005)
• 8d211e2 Bump workerd from 1.20230419.0 to 1.20230518.0 (#3023)
• d17da9e Bump prettier from 2.7.1 to 2.8.8 (#3024)
• eaafac3 Publish
• 735683c Fix typo in project-structure.md (#3008)
• 46cfb25 Remove await from client release (#3006)
• e2d8fa2 Fix a typo in README.md (#3002)
• 4dbf1af Add note about case sensitivity of result of pg.escapeIdentifier (#2993)
• d59cd15 fix stack traces of query() to include the async context (Bump chromedriver from 106.0.1 to 119.0.1 in /src/backend #1762) (#2983)
• 0dfd955 fix: ensure that pg-cloudflare can be used with bundlers that don't know about Cloudflare sockets (#2978)
• 20d2c08 Make `async/await` the primary examples in the docs (#2932)
• dee3ae5 feat: add connection parameter nativeConnectionString (#2941)
• c38ecf3 Fix connection string parsing for overriden hosts (#2977)
• 6540698 Fix typo in types.mdx (#2989)
• 3039f1d Revert "Update utils.js (#2981)"
• 522e2dc Update utils.js (#2981)
• 14b840e Publish
• f206293 Clean up pg-native in Makefile better
• 7152d4d Add example Cloudflare Worker and test
• 0755342 Add Cloudflare Worker compatible socket
• 5532ca5 Use WebCrypto APIs where possible

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[github-actions]

# npm audit report

mockery  *
Severity: critical
mockery is vulnerable to prototype pollution - https://github.com/advisories/GHSA-gmwp-3pwc-3j3g
fix available via `npm audit fix --force`
Will install wdio-cucumberjs-json-reporter@1.0.4, which is a breaking change
node_modules/mockery
  @wdio/cucumber-framework  *
  Depends on vulnerable versions of @cucumber/cucumber
  Depends on vulnerable versions of mockery
  node_modules/@wdio/cucumber-framework
    wdio-cucumberjs-json-reporter  >=1.0.5
    Depends on vulnerable versions of @wdio/cucumber-framework
    node_modules/wdio-cucumberjs-json-reporter

semver  <=5.7.1 || 6.0.0 - 6.3.0 || 7.0.0 - 7.5.1
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix --force`
Will install wdio-cucumberjs-json-reporter@1.0.4, which is a breaking change
node_modules/@babel/core/node_modules/semver
node_modules/@babel/helper-compilation-targets/node_modules/semver
node_modules/@babel/helper-create-class-features-plugin/node_modules/semver
node_modules/@babel/helper-create-regexp-features-plugin/node_modules/semver
node_modules/@babel/helper-define-polyfill-provider/node_modules/semver
node_modules/@babel/preset-env/node_modules/semver
node_modules/@jest/core/node_modules/semver
node_modules/babel-plugin-istanbul/node_modules/semver
node_modules/babel-plugin-polyfill-corejs2/node_modules/semver
node_modules/cac/node_modules/semver
node_modules/eslint-config-airbnb-base/node_modules/semver
node_modules/eslint-plugin-jsx-a11y/node_modules/semver
node_modules/eslint-plugin-react/node_modules/semver
node_modules/istanbul-lib-report/node_modules/semver
node_modules/make-dir/node_modules/semver
node_modules/read-pkg-up/node_modules/semver
node_modules/semver
  @cucumber/cucumber  8.0.0-rc.1 - 9.2.0
  Depends on vulnerable versions of semver
  node_modules/@cucumber/cucumber

word-wrap  <1.2.4
Severity: moderate
word-wrap vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-j8xg-fqg3-53r7
fix available via `npm audit fix`
node_modules/word-wrap

6 vulnerabilities (3 moderate, 3 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force