Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade: , , , , , , , amqp-connection-manager, amqplib, module-alias, node-eventstore-client, pg, reflect-metadata, rxjs, typeorm #137

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

Baroshem
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

@nestjs/common
from 7.6.13 to 7.6.18 | 5 versions ahead of your current version | 3 years ago
on 2021-06-17
@nestjs/core
from 7.6.13 to 7.6.18 | 5 versions ahead of your current version | 3 years ago
on 2021-06-17
@nestjs/platform-express
from 7.6.13 to 7.6.18 | 5 versions ahead of your current version | 3 years ago
on 2021-06-17
@nestjs/config
from 0.6.2 to 0.6.3 | 1 version ahead of your current version | 4 years ago
on 2021-02-02
@nestjs/microservices
from 7.6.7 to 7.6.18 | 11 versions ahead of your current version | 3 years ago
on 2021-06-17
@nestjs/schedule
from 0.4.2 to 0.4.3 | 1 version ahead of your current version | 4 years ago
on 2021-03-11
@nestjs/terminus
from 7.1.0 to 7.2.0 | 4 versions ahead of your current version | 3 years ago
on 2021-05-13
amqp-connection-manager
from 3.2.1 to 3.9.0 | 18 versions ahead of your current version | 3 years ago
on 2022-01-04
amqplib
from 0.6.0 to 0.10.4 | 10 versions ahead of your current version | 5 months ago
on 2024-04-11
module-alias
from 2.2.2 to 2.2.3 | 1 version ahead of your current version | a year ago
on 2023-06-03
node-eventstore-client
from 0.2.18 to 0.2.19 | 1 version ahead of your current version | 2 years ago
on 2022-10-21
pg
from 8.5.1 to 8.12.0 | 15 versions ahead of your current version | 3 months ago
on 2024-06-04
reflect-metadata
from 0.1.13 to 0.2.2 | 5 versions ahead of your current version | 6 months ago
on 2024-03-29
rxjs
from 6.6.3 to 6.6.7 | 3 versions ahead of your current version | 3 years ago
on 2021-03-28
typeorm
from 0.2.30 to 0.3.20 | 520 versions ahead of your current version | 8 months ago
on 2024-01-26

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Improper Input Validation
SNYK-JS-URLPARSE-2407770
641 Proof of Concept
medium severity Authorization Bypass
SNYK-JS-URLPARSE-2407759
641 Proof of Concept
medium severity Authorization Bypass Through User-Controlled Key
SNYK-JS-URLPARSE-2412697
641 Proof of Concept
medium severity Prototype Pollution
SNYK-JS-XML2JS-5414874
641 Proof of Concept
medium severity Improper Input Validation
SNYK-JS-URLPARSE-1078283
641 No Known Exploit
medium severity Open Redirect
SNYK-JS-URLPARSE-1533425
641 Proof of Concept
medium severity Access Restriction Bypass
SNYK-JS-URLPARSE-2401205
641 Proof of Concept

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

Snyk has created this PR to upgrade:
  - @nestjs/common from 7.6.13 to 7.6.18.
    See this package in yarn: 
  - @nestjs/core from 7.6.13 to 7.6.18.
    See this package in yarn: 
  - @nestjs/platform-express from 7.6.13 to 7.6.18.
    See this package in yarn: 
  - @nestjs/config from 0.6.2 to 0.6.3.
    See this package in yarn: 
  - @nestjs/microservices from 7.6.7 to 7.6.18.
    See this package in yarn: 
  - @nestjs/schedule from 0.4.2 to 0.4.3.
    See this package in yarn: 
  - @nestjs/terminus from 7.1.0 to 7.2.0.
    See this package in yarn: 
  - amqp-connection-manager from 3.2.1 to 3.9.0.
    See this package in yarn: 
  - amqplib from 0.6.0 to 0.10.4.
    See this package in yarn: 
  - module-alias from 2.2.2 to 2.2.3.
    See this package in yarn: 
  - node-eventstore-client from 0.2.18 to 0.2.19.
    See this package in yarn: 
  - pg from 8.5.1 to 8.12.0.
    See this package in yarn: 
  - reflect-metadata from 0.1.13 to 0.2.2.
    See this package in yarn: 
  - rxjs from 6.6.3 to 6.6.7.
    See this package in yarn: 
  - typeorm from 0.2.30 to 0.3.20.
    See this package in yarn: 

See this project in Snyk:
https://app.snyk.io/org/otasoft/project/8c113353-4d35-446a-a680-b6f14b43919e?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants