Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump semver and pg in /roto/node/CVE-2017-16082 #7

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump semver and pg in /roto/node/CVE-2017-16082 #7

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 2, 2024

Removes semver. It's no longer used after updating ancestor dependency pg. These dependencies need to be updated together.

Removes semver

Updates pg from 7.1.0 to 8.13.1

Changelog

Sourced from pg's changelog.

All major and minor releases are briefly explained below.

For richer information consult the commit log on github with referenced pull requests.

We do not include break-fix version release in this file.

[email protected]

[email protected]

[email protected]

  • Emit release event when client is returned to the pool.

[email protected]

[email protected]

[email protected]

[email protected]

  • Add optional config to pool to allow process to exit if pool is idle.

[email protected]

[email protected]

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump semver and pg in /roto/node/CVE-2017-16082
08e8845 
Removes [semver](https://github.com/npm/node-semver). It's no longer used after updating ancestor dependency [pg](https://github.com/brianc/node-postgres/tree/HEAD/packages/pg). These dependencies need to be updated together.


Removes `semver`

Updates `pg` from 7.1.0 to 8.13.1
- [Changelog](https://github.com/brianc/node-postgres/blob/master/CHANGELOG.md)
- [Commits](https://github.com/brianc/node-postgres/commits/[email protected]/packages/pg)

---
updated-dependencies:
- dependency-name: semver
  dependency-type: indirect
- dependency-name: pg
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Nov 2, 2024
@stacklok-cloud Stacklok Cloud
Copy link
Contributor

stacklok-cloud bot commented Nov 2, 2024

Minder Vulnerability Report ✅

Minder analyzed this PR and found it does not add any new vulnerable dependencies.

Vulnerability scan of 08e88454:

  • 🐞 vulnerable packages: 0
  • 🛠 fixes available for: 0

@stacklok-cloud Stacklok Cloud
Copy link
Contributor

stacklok-cloud bot commented Nov 2, 2024

Dependency Information

Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.

📦 Dependency: pg-int8

Trusty Score: 2.5

Scoring details
Component Score
Repository activity 1.1
Package activity 2.5
Trust-summary 3.3
From activity
Provenance 5
User activity 4
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 2
Number of git tags or releases 2
Versions matched to tags or releases 2
Alternatives
Package Score Description
pg-query-stream 8
pg-promise 6.8

📦 Dependency: pgpass

Trusty Score: 4.6

Scoring details
Component Score
Trust-summary 3.3
From activity
Provenance 8
User activity 7.2
Repository activity 2
Package activity 4.6
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 11
Number of git tags or releases 9
Versions matched to tags or releases 7
Alternatives
Package Score Description
pg-promise 6.8

📦 Dependency: postgres-array

Trusty Score: 4.4

Scoring details
Component Score
Trust-summary 3.8
User activity 6.9
Repository activity 1.9
From activity
Package activity 4.4
Provenance 8
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 8
Number of git tags or releases 9
Versions matched to tags or releases 8

📦 Dependency: postgres-date

Trusty Score: 4.5

Scoring details
Component Score
Provenance 8
Trust-summary 4.2
User activity 6.9
Repository activity 2.1
From activity
Package activity 4.5
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 12
Number of git tags or releases 11
Versions matched to tags or releases 10

📦 Dependency: xtend

⚠️ Archived Package: This package is marked as deprecated. Proceed with caution!

Archived packages are no longer updated or maintained. This can lead to security vulnerabilities and compatibility issues.

Trusty Score: 6.5

Scoring details
Component Score
From activity
Provenance 8
User activity 9.6
Repository activity 3.4
Package activity 6.5
Trust-summary 4.6
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 17
Number of git tags or releases 14
Versions matched to tags or releases 12
Alternatives
Package Score Description
lodash 8
ramda 8
underscore 8

@stacklok-cloud Stacklok Cloud
Copy link
Contributor

Dependency Information

Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.

📦 Dependency: pg

Trusty Score: 0

Scoring details
Component Score
Repository activity 8.1
Package activity 8.5
Trust-summary 6.7
Provenance_type historical_provenance_match
Provenance 0
From provenance
User activity 8.9
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 251
Number of git tags or releases 128
Versions matched to tags or releases 28

📦 Dependency: pg-cloudflare

Trusty Score: 0

Scoring details
Component Score
Package activity 8.5
Provenance_type historical_provenance_match
Provenance 0
Trust-summary 5
From provenance
User activity 8.9
Repository activity 8.1
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 2
Number of git tags or releases 93
Versions matched to tags or releases 2

📦 Dependency: pg-connection-string

Trusty Score: 0

Scoring details
Component Score
Trust-summary 5.1
Provenance_type historical_provenance_match
Provenance 0
User activity 8.9
Repository activity 8.1
From provenance
Package activity 8.5
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 19
Number of git tags or releases 125
Versions matched to tags or releases 10

📦 Dependency: pg-int8

Trusty Score: 0

Scoring details
Component Score
Provenance 0
Trust-summary 3.3
User activity 4
Repository activity 1.1
From activity
Package activity 2.5
Provenance_type unknown
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 2
Number of git tags or releases 2
Versions matched to tags or releases 2

📦 Dependency: pg-pool

Trusty Score: 0

Scoring details
Component Score
Trust-summary 6.3
User activity 8.9
Repository activity 8.1
From provenance
Package activity 8.5
Provenance_type historical_provenance_match
Provenance 0
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 46
Number of git tags or releases 125
Versions matched to tags or releases 12

📦 Dependency: pg-protocol

Trusty Score: 0

Scoring details
Component Score
From provenance
User activity 8.9
Repository activity 8.1
Alert/suspicious 0
Trust-summary 6
Provenance_type historical_provenance_match
Package activity 8.5
Provenance 0
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 12
Number of git tags or releases 125
Versions matched to tags or releases 9

📦 Dependency: pg-types

Trusty Score: 0

Scoring details
Component Score
Package activity 6.2
Trust-summary 4.9
Provenance_type historical_provenance_match
Provenance 0
User activity 8.2
Repository activity 4.2
From activity
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 24
Number of git tags or releases 26
Versions matched to tags or releases 24

📦 Dependency: pgpass

Trusty Score: 0

Scoring details
Component Score
Provenance 0
User activity 7.2
Repository activity 2
From activity
Package activity 4.6
Trust-summary 3.6
Provenance_type historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 11
Number of git tags or releases 9
Versions matched to tags or releases 7

📦 Dependency: postgres-array

Trusty Score: 0

Scoring details
Component Score
User activity 6.9
Repository activity 1.9
Package activity 4.4
Trust-summary 4.2
Provenance_type historical_provenance_match
Provenance 0
From activity
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 8
Number of git tags or releases 9
Versions matched to tags or releases 8

📦 Dependency: postgres-date

Trusty Score: 0

Scoring details
Component Score
User activity 6.9
Repository activity 2.3
Package activity 4.6
Provenance_type historical_provenance_match
Provenance 0
Trust-summary 3.9
From activity
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 12
Number of git tags or releases 11
Versions matched to tags or releases 10

📦 Dependency: postgres-interval

Trusty Score: 0

Scoring details
Component Score
Repository activity 2.5
Package activity 5
Provenance_type historical_provenance_match
Provenance 0
Trust-summary 4.3
From activity
User activity 7.5
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 14
Number of git tags or releases 14
Versions matched to tags or releases 14

📦 Dependency: split2

Trusty Score: 0

Scoring details
Component Score
User activity 9.4
Repository activity 3.5
From activity
Package activity 6.4
Trust-summary 4.9
Provenance_type historical_provenance_match
Provenance 0
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 22
Number of git tags or releases 14
Versions matched to tags or releases 13

📦 Dependency: xtend

⚠️ Archived Package: This package is marked as deprecated. Proceed with caution!

Archived packages are no longer updated or maintained. This can lead to security vulnerabilities and compatibility issues.

Trusty Score: 0

Scoring details
Component Score
Package activity 6.5
Provenance_type historical_provenance_match
Provenance 0
Trust-summary 4.1
From activity
User activity 9.6
Repository activity 3.4
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 17
Number of git tags or releases 14
Versions matched to tags or releases 12

@stacklok-cloud Stacklok Cloud
Copy link
Contributor

Dependency Information

Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.

📦 Dependency: pg

Trusty Score: 0

Scoring details
Component Score
Provenance_type historical_provenance_match
Provenance 0
From provenance
User activity 8.9
Repository activity 8.1
Package activity 8.5
Trust-summary 6.7
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 251
Number of git tags or releases 128
Versions matched to tags or releases 28

📦 Dependency: pg-cloudflare

Trusty Score: 0

Scoring details
Component Score
Package activity 8.5
Provenance_type historical_provenance_match
Provenance 0
Trust-summary 5
From provenance
User activity 8.9
Repository activity 8.1
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 2
Number of git tags or releases 93
Versions matched to tags or releases 2

📦 Dependency: pg-connection-string

Trusty Score: 0

Scoring details
Component Score
Repository activity 8.1
From provenance
Package activity 8.5
Trust-summary 5.1
Provenance_type historical_provenance_match
Provenance 0
User activity 8.9
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 19
Number of git tags or releases 125
Versions matched to tags or releases 10

📦 Dependency: pg-int8

Trusty Score: 0

Scoring details
Component Score
User activity 4
Repository activity 1.1
From activity
Package activity 2.5
Provenance_type unknown
Provenance 0
Trust-summary 3.3
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 2
Number of git tags or releases 2
Versions matched to tags or releases 2

📦 Dependency: pg-pool

Trusty Score: 0

Scoring details
Component Score
Package activity 8.5
Provenance_type historical_provenance_match
Provenance 0
Trust-summary 6.3
User activity 8.9
Repository activity 8.1
From provenance
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 46
Number of git tags or releases 125
Versions matched to tags or releases 12

📦 Dependency: pg-protocol

Trusty Score: 0

Scoring details
Component Score
Provenance 0
From provenance
User activity 8.9
Provenance_type historical_provenance_match
Repository activity 8.1
Package activity 8.5
Alert/suspicious 0
Trust-summary 6.3
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 12
Number of git tags or releases 125
Versions matched to tags or releases 9

📦 Dependency: pg-types

Trusty Score: 0

Scoring details
Component Score
User activity 8.2
Repository activity 4.2
From activity
Package activity 6.2
Trust-summary 4.9
Provenance_type historical_provenance_match
Provenance 0
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 24
Number of git tags or releases 26
Versions matched to tags or releases 24

📦 Dependency: pgpass

Trusty Score: 0

Scoring details
Component Score
Repository activity 2
From activity
Package activity 4.6
Trust-summary 3.6
Provenance_type historical_provenance_match
Provenance 0
User activity 7.2
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 11
Number of git tags or releases 9
Versions matched to tags or releases 7

📦 Dependency: postgres-array

Trusty Score: 0

Scoring details
Component Score
Provenance 0
From activity
User activity 6.9
Repository activity 1.9
Package activity 4.4
Trust-summary 4.2
Provenance_type historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 8
Number of git tags or releases 9
Versions matched to tags or releases 8

📦 Dependency: postgres-date

Trusty Score: 0

Scoring details
Component Score
Provenance 0
Trust-summary 3.9
From activity
User activity 6.9
Repository activity 2.3
Package activity 4.6
Provenance_type historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 12
Number of git tags or releases 11
Versions matched to tags or releases 10

📦 Dependency: postgres-interval

Trusty Score: 0

Scoring details
Component Score
User activity 7.5
Repository activity 2.5
Package activity 5
Provenance_type historical_provenance_match
Provenance 0
Trust-summary 4.3
From activity
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 14
Number of git tags or releases 14
Versions matched to tags or releases 14

📦 Dependency: split2

Trusty Score: 0

Scoring details
Component Score
User activity 9.4
Repository activity 3.5
From activity
Package activity 6.4
Trust-summary 4.9
Provenance_type historical_provenance_match
Provenance 0
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 22
Number of git tags or releases 14
Versions matched to tags or releases 13

📦 Dependency: xtend

⚠️ Archived Package: This package is marked as deprecated. Proceed with caution!

Archived packages are no longer updated or maintained. This can lead to security vulnerabilities and compatibility issues.

Trusty Score: 0

Scoring details
Component Score
Repository activity 3.4
Package activity 6.5
Provenance_type historical_provenance_match
Provenance 0
Trust-summary 4.1
From activity
User activity 9.6
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 17
Number of git tags or releases 14
Versions matched to tags or releases 12

@stacklok-cloud Stacklok Cloud
Copy link
Contributor

stacklok-cloud bot commented Dec 2, 2024

Dependency Information

Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.

📦 Dependency: pg

Trusty Score: 0

Scoring details
Component Score
Package activity 8.5
Repository activity 8.1
User activity 8.9
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 251
Number of git tags or releases 128
Versions matched to tags or releases 28
Alternatives
Package Score Description
sequelize 0
knex 0
pg-promise 0

📦 Dependency: pg-cloudflare

Trusty Score: 0

Scoring details
Component Score
Package activity 8.5
Repository activity 8.1
User activity 8.9
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 2
Number of git tags or releases 93
Versions matched to tags or releases 2
Alternatives
Package Score Description
cloudflare-cli 0
cloudflare 0
cloudflare-api 0

📦 Dependency: pg-connection-string

Trusty Score: 0

Scoring details
Component Score
Package activity 8.5
Repository activity 8.1
User activity 8.9
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 19
Number of git tags or releases 125
Versions matched to tags or releases 10

📦 Dependency: pg-int8

Trusty Score: 0

Scoring details
Component Score
Package activity 2.5
Repository activity 1.1
User activity 4
Provenance unknown
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 2
Number of git tags or releases 2
Versions matched to tags or releases 2

📦 Dependency: pg-pool

Trusty Score: 0

Scoring details
Component Score
Package activity 8.5
Repository activity 8.1
User activity 8.9
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 46
Number of git tags or releases 125
Versions matched to tags or releases 12

📦 Dependency: pg-protocol

Trusty Score: 0

Scoring details
Component Score
Package activity 8.5
Repository activity 8.1
User activity 8.9
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 12
Number of git tags or releases 125
Versions matched to tags or releases 9

📦 Dependency: pg-types

Trusty Score: 0

Scoring details
Component Score
Package activity 6.2
Repository activity 4.2
User activity 8.2
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 19
Number of git tags or releases 21
Versions matched to tags or releases 19

📦 Dependency: pgpass

Trusty Score: 0

Scoring details
Component Score
Package activity 4.6
Repository activity 2
User activity 7.2
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 11
Number of git tags or releases 9
Versions matched to tags or releases 7

📦 Dependency: postgres-array

Trusty Score: 0

Scoring details
Component Score
Package activity 4.4
Repository activity 1.9
User activity 6.9
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 5
Number of git tags or releases 6
Versions matched to tags or releases 5

📦 Dependency: postgres-date

Trusty Score: 0

Scoring details
Component Score
Package activity 4.5
Repository activity 2.1
User activity 6.9
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 9
Number of git tags or releases 8
Versions matched to tags or releases 8

📦 Dependency: postgres-interval

Trusty Score: 0

Scoring details
Component Score
Package activity 5
Repository activity 2.5
User activity 7.5
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 8
Number of git tags or releases 8
Versions matched to tags or releases 8

📦 Dependency: split2

Trusty Score: 0

Scoring details
Component Score
Package activity 6.4
Repository activity 3.5
User activity 9.4
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 22
Number of git tags or releases 14
Versions matched to tags or releases 13

📦 Dependency: xtend

⚠️ Archived Package: This package is marked as deprecated. Proceed with caution!

Archived packages are no longer updated or maintained. This can lead to security vulnerabilities and compatibility issues.

Trusty Score: 0

Scoring details
Component Score
Package activity 6.5
Repository activity 3.4
User activity 9.6
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 17
Number of git tags or releases 14
Versions matched to tags or releases 12

@stacklok-cloud Stacklok Cloud
Copy link
Contributor

stacklok-cloud bot commented Dec 2, 2024

Dependency Information

Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.

📦 Dependency: pg

Trusty Score: 0

Scoring details
Component Score
Package activity 8.5
Repository activity 8.1
User activity 8.9
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 251
Number of git tags or releases 128
Versions matched to tags or releases 28
Alternatives
Package Score Description
sequelize 0
knex 0
pg-promise 0

📦 Dependency: pg-cloudflare

Trusty Score: 0

Scoring details
Component Score
Package activity 8.6
Repository activity 8.1
User activity 9.1
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 2
Number of git tags or releases 93
Versions matched to tags or releases 2
Alternatives
Package Score Description
cloudflare-cli 0
cloudflare 0
cloudflare-api 0

📦 Dependency: pg-connection-string

Trusty Score: 0

Scoring details
Component Score
Package activity 8.6
Repository activity 8.1
User activity 9.1
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 19
Number of git tags or releases 125
Versions matched to tags or releases 10
Alternatives
Package Score Description
pg 0
pg-promise 0

📦 Dependency: pg-int8

Trusty Score: 0

Scoring details
Component Score
Package activity 2.5
Repository activity 1.1
User activity 4
Provenance unknown
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 2
Number of git tags or releases 2
Versions matched to tags or releases 2
Alternatives
Package Score Description
pg 0
pg-query-stream 0
pg-promise 0

📦 Dependency: pg-pool

Trusty Score: 0

Scoring details
Component Score
Package activity 8.6
Repository activity 8.1
User activity 9.1
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 46
Number of git tags or releases 125
Versions matched to tags or releases 12

📦 Dependency: pg-protocol

Trusty Score: 0

Scoring details
Component Score
Package activity 8.6
Repository activity 8.1
User activity 9.1
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 12
Number of git tags or releases 125
Versions matched to tags or releases 9
Alternatives
Package Score Description
pg 0

📦 Dependency: pg-types

Trusty Score: 0

Scoring details
Component Score
Package activity 6.2
Repository activity 4.2
User activity 8.2
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 19
Number of git tags or releases 21
Versions matched to tags or releases 19

📦 Dependency: pgpass

Trusty Score: 0

Scoring details
Component Score
Package activity 4.6
Repository activity 2
User activity 7.2
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 11
Number of git tags or releases 9
Versions matched to tags or releases 7
Alternatives
Package Score Description
pg-pool 0
pg-promise 0

📦 Dependency: postgres-array

Trusty Score: 0

Scoring details
Component Score
Package activity 4.4
Repository activity 1.9
User activity 6.9
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 5
Number of git tags or releases 6
Versions matched to tags or releases 5

📦 Dependency: postgres-date

Trusty Score: 0

Scoring details
Component Score
Package activity 4.6
Repository activity 2.3
User activity 6.9
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 9
Number of git tags or releases 8
Versions matched to tags or releases 8
Alternatives
Package Score Description
pg-types 0

📦 Dependency: postgres-interval

Trusty Score: 0

Scoring details
Component Score
Package activity 5
Repository activity 2.5
User activity 7.5
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 8
Number of git tags or releases 8
Versions matched to tags or releases 8

📦 Dependency: split2

Trusty Score: 0

Scoring details
Component Score
Package activity 6.4
Repository activity 3.5
User activity 9.4
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 22
Number of git tags or releases 14
Versions matched to tags or releases 13

📦 Dependency: xtend

⚠️ Archived Package: This package is marked as deprecated. Proceed with caution!

Archived packages are no longer updated or maintained. This can lead to security vulnerabilities and compatibility issues.

Trusty Score: 0

Scoring details
Component Score
Package activity 6.5
Repository activity 3.4
User activity 9.7
Provenance historical_provenance_match
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 17
Number of git tags or releases 14
Versions matched to tags or releases 12
Alternatives
Package Score Description
ramda 0
underscore 0
lodash 0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants