Release notes
*Sourced from [connect-pg-simple's releases](https://github.com/voxpelli/node-connect-pg-simple/releases).*
> ## v6.0.1
> * **Very minor security fix:** `schemaName` and `tableName` wasn't escaped. If any of the two contained a string with a double quote in it, then that would enable an SQL injection. This was previously a feature of `tableName`, before the introduction of a separate `schemaName`, as that allowed a schema to be defined as part of `tableName`. Defining schema name through `tableName` is still supported after this fix, but is now *deprecated*.
> * **Fix:** Errors wasn't propagated properly. Fixed in [#150](https://github-redirect.dependabot.com/voxpelli/node-connect-pg-simple/issues/150). Thanks [@bobnil](https://github.com/bobnil)!
>
> https://github.com/voxpelli/node-connect-pg-simple/compare/v6.0.0...v6.0.1
>
> ## v6.0.0
> * **Breaking change**: Now requires at least Node.js 10.x, this as Node.js 8.x [only have a short time left in its LTS](https://github.com/nodejs/Release)
> * **Breaking change:** This project now uses [`INSERT ... ON CONFLICT`](https://www.postgresql.org/docs/current/sql-insert.html#SQL-ON-CONFLICT), more popularly known as `UPSERT`. This is only supported on PostgreSQL version 9.5 and above.
> * Update pg-promise dev dependency to 9.x
> * Listen on pool errors. Fixes [#29](https://github-redirect.dependabot.com/voxpelli/node-connect-pg-simple/issues/29)
> * Lots of dev dependency updates
>
> https://github.com/voxpelli/node-connect-pg-simple/compare/v5.0.0...v6.0.0
Changelog
*Sourced from [connect-pg-simple's changelog](https://github.com/voxpelli/node-connect-pg-simple/blob/master/CHANGELOG.md).*
> ## 6.0.1 (2019-08-21)
>
> * Very minor security fix: `schemaName` and `tableName` wasn't escaped. If any of the two contained a string with a double quote in it, then that would enable an SQL injection. This was previously a feature of `tableName`, before the introduction of a separate `schemaName`, as that allowed a schema to be defined as part of `tableName`. Defining schema name through `tableName` is still supported after this fix, but is now *deprecated*.
> * Fix: Errors wasn't propagated properly. Fixed in [#150](https://github-redirect.dependabot.com/voxpelli/node-connect-pg-simple/issues/150). Thanks [@bobnil](https://github.com/bobnil)!
>
> ## 6.0.0 (2019-07-28)
>
> * Breaking change: Now requires at least Node.js 10.x, this as Node.js 8.x [only have a short time left in its LTS](https://github.com/nodejs/Release)
> * Breaking change: This project now uses [`INSERT ... ON CONFLICT`](https://www.postgresql.org/docs/current/sql-insert.html#SQL-ON-CONFLICT), more popularly known as `UPSERT`. This is only supported on PostgreSQL version 9.5 and above.
> * Listen on pool errors. Fixes [#29](https://github-redirect.dependabot.com/voxpelli/node-connect-pg-simple/issues/29)
Commits
- [`876348d`](https://github.com/voxpelli/node-connect-pg-simple/commit/876348ddb672295cf139e547671049041ecea02a) 6.0.1
- [`ad9bf56`](https://github.com/voxpelli/node-connect-pg-simple/commit/ad9bf56cfd30567cef9856de81013235a6053576) Update CHANGELOG
- [`3aced7b`](https://github.com/voxpelli/node-connect-pg-simple/commit/3aced7b85a22e74ca8da9b4e839f0fb0108b2b8d) Add GitHub Actions flow
- [`c2b937f`](https://github.com/voxpelli/node-connect-pg-simple/commit/c2b937f9313bfc2701d18f7ca87bb800364150a7) Minor refactoring: Remove some .bind()
- [`df61c95`](https://github.com/voxpelli/node-connect-pg-simple/commit/df61c9507f804ba72803e4f567c3cbcfa0a9d7e1) Security: Escape schemaName + tableName
- [`5779bd2`](https://github.com/voxpelli/node-connect-pg-simple/commit/5779bd26e7374028771141366b419a13778c84a6) Bugfix: errors not propagated
- [`c03f05d`](https://github.com/voxpelli/node-connect-pg-simple/commit/c03f05d877b87b7266124b4728d50669249d1d0c) Remove unneeded denodeify
- [`d64a89d`](https://github.com/voxpelli/node-connect-pg-simple/commit/d64a89deae780f17ae4c602f6c6505eaea13fea4) Unpin dev dependencies
- [`5b99a86`](https://github.com/voxpelli/node-connect-pg-simple/commit/5b99a8617a5785f71fef26b8e1661406b4069318) Update dev dependencies
- [`424300e`](https://github.com/voxpelli/node-connect-pg-simple/commit/424300e89c5335c69ba4e1d873811b81186e11e1) Update dependency husky to v3.0.2
- Additional commits viewable in [compare view](https://github.com/voxpelli/node-connect-pg-simple/compare/v5.0.0...v6.0.1)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hackforla/jobs-for-hope/network/alerts).
Bumps connect-pg-simple from 5.0.0 to 6.0.1.
Release notes
*Sourced from [connect-pg-simple's releases](https://github.com/voxpelli/node-connect-pg-simple/releases).* > ## v6.0.1 > * **Very minor security fix:** `schemaName` and `tableName` wasn't escaped. If any of the two contained a string with a double quote in it, then that would enable an SQL injection. This was previously a feature of `tableName`, before the introduction of a separate `schemaName`, as that allowed a schema to be defined as part of `tableName`. Defining schema name through `tableName` is still supported after this fix, but is now *deprecated*. > * **Fix:** Errors wasn't propagated properly. Fixed in [#150](https://github-redirect.dependabot.com/voxpelli/node-connect-pg-simple/issues/150). Thanks [@bobnil](https://github.com/bobnil)! > > https://github.com/voxpelli/node-connect-pg-simple/compare/v6.0.0...v6.0.1 > > ## v6.0.0 > * **Breaking change**: Now requires at least Node.js 10.x, this as Node.js 8.x [only have a short time left in its LTS](https://github.com/nodejs/Release) > * **Breaking change:** This project now uses [`INSERT ... ON CONFLICT`](https://www.postgresql.org/docs/current/sql-insert.html#SQL-ON-CONFLICT), more popularly known as `UPSERT`. This is only supported on PostgreSQL version 9.5 and above. > * Update pg-promise dev dependency to 9.x > * Listen on pool errors. Fixes [#29](https://github-redirect.dependabot.com/voxpelli/node-connect-pg-simple/issues/29) > * Lots of dev dependency updates > > https://github.com/voxpelli/node-connect-pg-simple/compare/v5.0.0...v6.0.0Changelog
*Sourced from [connect-pg-simple's changelog](https://github.com/voxpelli/node-connect-pg-simple/blob/master/CHANGELOG.md).* > ## 6.0.1 (2019-08-21) > > * Very minor security fix: `schemaName` and `tableName` wasn't escaped. If any of the two contained a string with a double quote in it, then that would enable an SQL injection. This was previously a feature of `tableName`, before the introduction of a separate `schemaName`, as that allowed a schema to be defined as part of `tableName`. Defining schema name through `tableName` is still supported after this fix, but is now *deprecated*. > * Fix: Errors wasn't propagated properly. Fixed in [#150](https://github-redirect.dependabot.com/voxpelli/node-connect-pg-simple/issues/150). Thanks [@bobnil](https://github.com/bobnil)! > > ## 6.0.0 (2019-07-28) > > * Breaking change: Now requires at least Node.js 10.x, this as Node.js 8.x [only have a short time left in its LTS](https://github.com/nodejs/Release) > * Breaking change: This project now uses [`INSERT ... ON CONFLICT`](https://www.postgresql.org/docs/current/sql-insert.html#SQL-ON-CONFLICT), more popularly known as `UPSERT`. This is only supported on PostgreSQL version 9.5 and above. > * Listen on pool errors. Fixes [#29](https://github-redirect.dependabot.com/voxpelli/node-connect-pg-simple/issues/29)Commits
- [`876348d`](https://github.com/voxpelli/node-connect-pg-simple/commit/876348ddb672295cf139e547671049041ecea02a) 6.0.1 - [`ad9bf56`](https://github.com/voxpelli/node-connect-pg-simple/commit/ad9bf56cfd30567cef9856de81013235a6053576) Update CHANGELOG - [`3aced7b`](https://github.com/voxpelli/node-connect-pg-simple/commit/3aced7b85a22e74ca8da9b4e839f0fb0108b2b8d) Add GitHub Actions flow - [`c2b937f`](https://github.com/voxpelli/node-connect-pg-simple/commit/c2b937f9313bfc2701d18f7ca87bb800364150a7) Minor refactoring: Remove some .bind() - [`df61c95`](https://github.com/voxpelli/node-connect-pg-simple/commit/df61c9507f804ba72803e4f567c3cbcfa0a9d7e1) Security: Escape schemaName + tableName - [`5779bd2`](https://github.com/voxpelli/node-connect-pg-simple/commit/5779bd26e7374028771141366b419a13778c84a6) Bugfix: errors not propagated - [`c03f05d`](https://github.com/voxpelli/node-connect-pg-simple/commit/c03f05d877b87b7266124b4728d50669249d1d0c) Remove unneeded denodeify - [`d64a89d`](https://github.com/voxpelli/node-connect-pg-simple/commit/d64a89deae780f17ae4c602f6c6505eaea13fea4) Unpin dev dependencies - [`5b99a86`](https://github.com/voxpelli/node-connect-pg-simple/commit/5b99a8617a5785f71fef26b8e1661406b4069318) Update dev dependencies - [`424300e`](https://github.com/voxpelli/node-connect-pg-simple/commit/424300e89c5335c69ba4e1d873811b81186e11e1) Update dependency husky to v3.0.2 - Additional commits viewable in [compare view](https://github.com/voxpelli/node-connect-pg-simple/compare/v5.0.0...v6.0.1)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hackforla/jobs-for-hope/network/alerts).