Bump semver and pg-promise

[dependabot]

Removes semver. It's no longer used after updating ancestor dependency pg-promise. These dependencies need to be updated together.

Removes semver

Updates pg-promise from 10.5.6 to 10.15.4

Release notes

Sourced from pg-promise's releases.

10.15.4

• Fixes #854 TypeScript declaration issue.

10.15.3

• Updating pg-subset declarations, to let pg-iterator detect types automatically.

10.15.2

• Fixing #853 (crash in NodeJS v12)

10.15.1

• Event error now reports query + params even for regular query errors (see pr #852)

10.15.0

• Minimum version of NodeJS required is now v12.0.0 (was v8.0.0 previously). See the check.

10.14.2

• Assertions were refactored internally, so now they can be overridden via global.pgPromiseAssert. See assert-options module.
• Improved Buffer detection
• Documentation updates

10.14.1

Fixes for TypeScript declarations:

• Fixing declaration for method result
• Fixing declaration for txMode namespace, so it is consistent with how the library works:

Example of correct txMode usage:

import {txMode} from 'pg-promise';
const {isolationLevel, TransactionMode} = txMode;
const mode = new TransactionMode({tiLevel: isolationLevel.none});

Or, you still can extract those from both uninitialized library:

import * as pgPromise from 'pg-promise';
const {isolationLevel, TransactionMode} = pgPromise.txMode; // from uninitialized library

... and from initialized library instance:

... (truncated)

Commits

• 29ff3c3 update package
• 084a52a fixing #854
• 6ace7d4 update pg-subset declarations
• b5b098f fixing #853
• 0569369 refactoring #852 change
• 63cf21b update package
• a790646 replacing pr #852
• 1347c96 increase Node requirement to v12
• 240c50a refactor assertions
• 4c4ad33 improve spelling check
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	pg-promise@​10.5.6 ⏵ 10.15.4				+7

View full report