chore(deps): bump @electric-sql/pglite from 0.4.5 to 0.4.6 in the patch-dependencies group#16
Conversation
Bumps the patch-dependencies group with 1 update: [@electric-sql/pglite](https://github.com/electric-sql/pglite/tree/HEAD/packages/pglite). Updates `@electric-sql/pglite` from 0.4.5 to 0.4.6 - [Release notes](https://github.com/electric-sql/pglite/releases) - [Changelog](https://github.com/electric-sql/pglite/blob/main/packages/pglite/CHANGELOG.md) - [Commits](https://github.com/electric-sql/pglite/commits/HEAD/packages/pglite) --- updated-dependencies: - dependency-name: "@electric-sql/pglite" dependency-version: 0.4.6 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: patch-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
|
1 similar comment
|
No breakage from the @electric-sql/pglite 0.4.5 → 0.4.6 bump — build, lint, typecheck, and all 98 unit/integration/security tests pass. The test CI failure is caused by a pre-existing vulnerability in a transitive dependency unrelated to @electric-sql/pglite: - qs@>=6.11.1 <=6.15.1 (patched in >=6.15.2): packages__server>supertest>superagent>qs This is a moderate-severity CVE (GHSA-q8mj-m7cp-5q26) that requires an upstream fix in supertest/superagent, not in this PR.
|
2 similar comments
|
|
The pnpm audit step in CI fails with a moderate vulnerability in qs (transitive via supertest>superagent>qs). Adding qs to pnpm.overrides forces resolution to the patched version >=6.15.2.
✅ Dependabot PR Merged
|
reaatech
deleted the
dependabot/npm_and_yarn/patch-dependencies-95c802c6d9
branch
1 participant
Bumps the patch-dependencies group with 1 update: @electric-sql/pglite.
Updates
@electric-sql/pglitefrom 0.4.5 to 0.4.6Changelog
Sourced from @electric-sql/pglite's changelog.
Commits
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions