Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade: , , dotenv, , , , , bcrypt, class-validator, pg, reflect-metadata, rxjs, typeorm #170

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

Rahul-D78
Copy link
Contributor

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

@nestjs/common
from 8.4.4 to 8.4.7 | 3 versions ahead of your current version | 2 years ago
on 2022-06-14
@nestjs/core
from 8.4.4 to 8.4.7 | 3 versions ahead of your current version | 2 years ago
on 2022-06-14
dotenv
from 16.0.0 to 16.4.5 | 20 versions ahead of your current version | 7 months ago
on 2024-02-20
@nestjs/config
from 2.0.0 to 2.3.4 | 8 versions ahead of your current version | a year ago
on 2023-06-14
@nestjs/platform-fastify
from 8.4.4 to 8.4.7 | 3 versions ahead of your current version | 2 years ago
on 2022-06-14
@nestjs/typeorm
from 8.0.3 to 8.1.4 | 7 versions ahead of your current version | 2 years ago
on 2022-06-15
@types/bcrypt
from 5.0.0 to 5.0.2 | 2 versions ahead of your current version | a year ago
on 2023-11-06
bcrypt
from 5.0.1 to 5.1.1 | 2 versions ahead of your current version | a year ago
on 2023-08-16
class-validator
from 0.13.2 to 0.14.1 | 2 versions ahead of your current version | 8 months ago
on 2024-01-12
pg
from 8.7.3 to 8.12.0 | 11 versions ahead of your current version | 4 months ago
on 2024-06-04
reflect-metadata
from 0.1.13 to 0.2.2 | 5 versions ahead of your current version | 6 months ago
on 2024-03-29
rxjs
from 7.5.5 to 7.8.1 | 6 versions ahead of your current version | a year ago
on 2023-04-26
typeorm
from 0.3.6 to 0.3.20 | 206 versions ahead of your current version | 8 months ago
on 2024-01-26

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908
432 Proof of Concept
high severity Improper Handling of Extra Parameters
SNYK-JS-FOLLOWREDIRECTS-6141137
432 Proof of Concept
medium severity Uncontrolled Resource Consumption ('Resource Exhaustion')
SNYK-JS-TAR-6476909
432 Proof of Concept
medium severity Prototype Pollution
SNYK-JS-XML2JS-5414874
432 Proof of Concept
medium severity Information Exposure
SNYK-JS-FOLLOWREDIRECTS-6444610
432 Proof of Concept
low severity Improper Input Validation
SNYK-JS-CLASSVALIDATOR-1730566
432 No Known Exploit
Release notes
Package name: @nestjs/common
  • 8.4.7 - 2022-06-14
  • 8.4.6 - 2022-05-31
  • 8.4.5 - 2022-05-13
  • 8.4.4 - 2022-04-07
from @nestjs/common GitHub release notes
Package name: @nestjs/core
  • 8.4.7 - 2022-06-14
  • 8.4.6 - 2022-05-31
  • 8.4.5 - 2022-05-13
  • 8.4.4 - 2022-04-07
from @nestjs/core GitHub release notes
Package name: dotenv from dotenv GitHub release notes
Package name: @nestjs/config
  • 2.3.4 - 2023-06-14
    • fix: stringify primitives to avoid regressions (d2236e6)
    • Merge pull request #1345 from nestjs/renovate/cimg-node-20.x (9f9b3fa)
    • Merge pull request #1351 from nestjs/renovate/node-18.x (ebbc527)
    • chore(deps): update dependency @ types/node to v18.16.18 (f5c25ac)
    • chore(deps): update typescript-eslint monorepo to v5.59.11 (fe32a0c)
    • chore(deps): update nest monorepo to v9.4.3 (64c2c6e)
    • chore(deps): update dependency @ types/node to v18.16.17 (12a8a5b)
    • chore(deps): update node.js to v20.3 (7d3301e)
  • 2.3.3 - 2023-06-12
    • Merge pull request #1346 from MatthiasKunnen/fix-process-env-undefined-assignment (7973ee2)
    • fix(): do not assign a non-string to process.env (efdb29e)
    • test(): unexpected stringification of variables assigned to process.env (5ee253c)
    • Merge pull request #1336 from nestjs/renovate/dotenv-16.x (0a2ca57)
    • chore(deps): update dependency @ types/uuid to v9.0.2 (75ea3cd)
    • chore(deps): update dependency release-it to v15.11.0 (f505033)
    • chore(deps): update typescript-eslint monorepo to v5.59.9 (82e6349)
    • fix(deps): update dependency dotenv to v16.1.4 (7b698fe)
    • chore(deps): update dependency eslint to v8.42.0 (2960856)
    • chore(deps): update dependency release-it to v15.10.5 (3447171)
    • chore(deps): update dependency typescript to v5.1.3 (2ebec41)
    • chore(deps): update dependency @ types/jest to v29.5.2 (4eaa59e)
    • chore(deps): update commitlint monorepo to v17.6.5 (05ceed9)
    • chore(deps): update typescript-eslint monorepo to v5.59.8 (46ace89)
    • chore(deps): update dependency @ types/node to v18.16.16 (b29e460)
    • chore(deps): update dependency @ types/node to v18.16.15 (b177ccf)
    • chore(deps): update dependency @ types/lodash to v4.14.195 (8e640ea)
    • chore(deps): update nest monorepo to v9.4.2 (47a2a7d)
    • chore(deps): update typescript-eslint monorepo to v5.59.7 (b7e0f2e)
    • chore(deps): update dependency @ types/node to v18.16.14 (d21959d)
    • chore(deps): update dependency eslint to v8.41.0 (b255adc)
    • Merge pull request #1321 from nestjs/renovate/cimg-node-20.x (122273e)
    • chore(deps): update dependency @ types/node to v18.16.13 (7e6a991)
    • chore(deps): update dependency rimraf to v5.0.1 (9cbd5e0)
    • chore(deps): update dependency @ types/node to v18.16.12 (fbb5051)
    • chore(deps): update node.js to v20.2 (0b303b1)
    • chore(deps): update nest monorepo to v9.4.1 (1babdd4)
  • 2.3.2 - 2023-05-16
  • 2.3.1 - 2023-02-09
  • 2.3.0 - 2023-02-01
  • 2.2.0 - 2022-07-08
  • 2.1.0 - 2022-06-02
  • 2.0.1 - 2022-05-18
  • 2.0.0 - 2022-03-17
from @nestjs/config GitHub release notes
Package name: @nestjs/platform-fastify
  • 8.4.7 - 2022-06-14
  • 8.4.6 - 2022-05-31
  • 8.4.5 - 2022-05-13
  • 8.4.4 - 2022-04-07
from @nestjs/platform-fastify GitHub release notes
Package name: @nestjs/typeorm
  • 8.1.4 - 2022-06-15
  • 8.1.3 - 2022-06-14
    • chore(): add todo comments (153da09)
    • Merge pull request #1300 from mo4islona/master (3a4c65c)
    • chore(deps): update typescript-eslint monorepo to v5.28.0 (3454481)
    • chore(deps): update dependency ts-jest to v28.0.5 (0bf3259)
    • chore(deps): update dependency lint-staged to v13.0.1 (e1b4953)
    • fix(): do not initialize datasource if already initialized (d359f4d)
    • chore(deps): update dependency jest to v28.1.1 (4566ab0)
    • chore(deps): update typescript-eslint monorepo to v5.27.1 (523cb49)
    • chore(deps): update dependency @ types/jest to v28.1.1 (15aa891)
    • chore(deps): update dependency eslint to v8.17.0 (492cd59)
    • chore(deps): update dependency typescript to v4.7.3 (0ab0773)
    • chore(deps): update dependency ts-jest to v28.0.4 (38e173c)
  • 8.1.2 - 2022-06-02
  • 8.1.1 - 2022-06-02
  • 8.1.0 - 2022-06-01

    Breaking changes

    v8.1.0 uses typeorm v0.3+ instead of v0.2+

    See breaking changes here https://github.com/typeorm/typeorm/releases/tag/0.3.0

    Changelog

    • chore(): upgrade typeorm to the latest version (cbca8ba)
    • Merge pull request #1233 from nestjs/feat/typeorm-0.3-migration (9271d25)
    • Merge branch 'feat/typeorm-0.3-migration' of https://github.com/nestjs/typeorm into feat/typeorm-0.3-migration (d4ff918)
    • chore(): resolve conflicts (1f699cd)
    • chore(deps): update dependency @ commitlint/cli to v17.0.2 (06372e8)
    • chore(deps): update dependency lint-staged to v12.5.0 (e5163a0)
    • chore(deps): update nest monorepo to v8.4.6 (5fd8ccf)
    • chore(deps): update typescript-eslint monorepo to v5.27.0 (d65d38c)
    • chore(deps): update dependency lint-staged to v12.4.3 (7cf50d1)
    • chore(deps): update dependency @ commitlint/cli to v17.0.1 (5394906)
    • chore(deps): update dependency typescript to v4.7.2 (80f9a5d)
    • chore(deps): update dependency lint-staged to v12.4.2 (c46b7ab)
    • chore(deps): update dependency ts-jest to v28.0.3 (7a623ce)
    • chore(deps): update typescript-eslint monorepo to v5.26.0 (9372964)
    • chore(deps): update dependency eslint to v8.16.0 (3e77ee1)
    • Merge pull request #1269 from thomasconner/feat/typeorm-0.3-migration (3b14f13)
    • fix: check if the dataSource is initialized before destroying it (a5e84c1)
    • feat(): add get connection token alias for backward comp (3d3a3f1)
    • chore(): add inject connection alias and mark it as deprecated (2f91da4)
    • Update lib/common/typeorm.decorators.ts (9ce3a03)
    • chore(): resolve merge conflicts (42d0e92)
    • feat(): support typeorm ^0.3.0 version (9001b56)
  • 8.0.5 - 2023-03-06
  • 8.0.4 - 2022-05-20
  • 8.0.3 - 2022-01-17
from @nestjs/typeorm GitHub release notes
Package name: @types/bcrypt
  • 5.0.2 - 2023-11-06
  • 5.0.1 - 2023-10-17
  • 5.0.0 - 2021-05-09
from @types/bcrypt GitHub release notes
Package name: bcrypt from bcrypt GitHub release notes
Package name: class-validator

Snyk has created this PR to upgrade:
  - @nestjs/common from 8.4.4 to 8.4.7.
    See this package in npm: https://www.npmjs.com/package/@nestjs/common
  - @nestjs/core from 8.4.4 to 8.4.7.
    See this package in npm: https://www.npmjs.com/package/@nestjs/core
  - dotenv from 16.0.0 to 16.4.5.
    See this package in npm: https://www.npmjs.com/package/dotenv
  - @nestjs/config from 2.0.0 to 2.3.4.
    See this package in npm: https://www.npmjs.com/package/@nestjs/config
  - @nestjs/platform-fastify from 8.4.4 to 8.4.7.
    See this package in npm: https://www.npmjs.com/package/@nestjs/platform-fastify
  - @nestjs/typeorm from 8.0.3 to 8.1.4.
    See this package in npm: https://www.npmjs.com/package/@nestjs/typeorm
  - @types/bcrypt from 5.0.0 to 5.0.2.
    See this package in npm: https://www.npmjs.com/package/@types/bcrypt
  - bcrypt from 5.0.1 to 5.1.1.
    See this package in npm: https://www.npmjs.com/package/bcrypt
  - class-validator from 0.13.2 to 0.14.1.
    See this package in npm: https://www.npmjs.com/package/class-validator
  - pg from 8.7.3 to 8.12.0.
    See this package in npm: https://www.npmjs.com/package/pg
  - reflect-metadata from 0.1.13 to 0.2.2.
    See this package in npm: https://www.npmjs.com/package/reflect-metadata
  - rxjs from 7.5.5 to 7.8.1.
    See this package in npm: https://www.npmjs.com/package/rxjs
  - typeorm from 0.3.6 to 0.3.20.
    See this package in npm: https://www.npmjs.com/package/typeorm

See this project in Snyk:
https://app.snyk.io/org/rahul-d78/project/0b0b9ded-bba3-40a0-8301-26c67adb30e0?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants