Skip to content

[Snyk] Upgrade: , , , , oracledb, reflect-metadata, rimraf, rxjs, typeorm #222

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
CAscencio wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade: , , , , oracledb, reflect-metadata, rimraf, rxjs, typeorm #222

CAscencio wants to merge 1 commit into from

Conversation

@CAscencio
Copy link
Owner

@CAscencio CAscencio commented Sep 11, 2024

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

@nestjs/common
from 6.8.2 to 6.11.11 | 32 versions ahead of your current version | 5 years ago
on 2020-03-03
@nestjs/core
from 6.8.2 to 6.11.11 | 32 versions ahead of your current version | 5 years ago
on 2020-03-03
@nestjs/platform-express
from 6.8.2 to 6.11.11 | 32 versions ahead of your current version | 5 years ago
on 2020-03-03
@nestjs/typeorm
from 6.2.0 to 6.3.4 | 5 versions ahead of your current version | 5 years ago
on 2020-03-11
oracledb
from 4.0.1 to 4.2.0 | 2 versions ahead of your current version | 5 years ago
on 2020-01-22
reflect-metadata
from 0.1.13 to 0.2.2 | 5 versions ahead of your current version | 5 months ago
on 2024-03-29
rimraf
from 3.0.0 to 3.0.2 | 2 versions ahead of your current version | 5 years ago
on 2020-02-09
rxjs
from 6.5.3 to 6.6.7 | 9 versions ahead of your current version | 3 years ago
on 2021-03-28
typeorm
from 0.2.20 to 0.3.20 | 532 versions ahead of your current version | 8 months ago
on 2024-01-26

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-ES5EXT-6095076		 504 Proof of Concept
high severity Arbitrary Code Execution
SNYK-JS-THENIFY-571690		 504 Proof of Concept
high severity Prototype Pollution
SNYK-JS-TYPEORM-590152		 504 Mature
high severity Prototype Pollution
SNYK-JS-Y18N-1021887		 504 Proof of Concept
medium severity Prototype Pollution
SNYK-JS-HIGHLIGHTJS-1045326		 504 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-HIGHLIGHTJS-1048676		 504 No Known Exploit
medium severity Prototype Pollution
SNYK-JS-XML2JS-5414874		 504 Proof of Concept
medium severity Prototype Pollution
SNYK-JS-YARGSPARSER-560381		 504 Proof of Concept
low severity Regular Expression Denial of Service (ReDoS)
npm:debug:20170905		 504 Proof of Concept
Release notes
Package name: @nestjs/common
  • 6.11.11 - 2020-03-03
  • 6.11.10 - 2020-03-03
  • 6.11.9 - 2020-03-02
  • 6.11.8 - 2020-02-20
  • 6.11.7 - 2020-02-13
  • 6.11.6 - 2020-02-06
  • 6.11.5 - 2020-01-31
  • 6.11.4 - 2020-01-28
  • 6.11.3 - 2020-01-28
  • 6.11.2 - 2020-01-28
  • 6.11.1 - 2020-01-24
  • 6.11.0 - 2020-01-24
  • 6.11.0-next.1 - 2020-01-24
  • 6.10.14 - 2020-01-05
  • 6.10.13 - 2019-12-27
  • 6.10.12 - 2019-12-18
  • 6.10.11 - 2019-12-13
  • 6.10.10 - 2019-12-11
  • 6.10.9 - 2019-12-10
  • 6.10.8 - 2019-12-08
  • 6.10.7 - 2019-12-05
  • 6.10.6 - 2019-12-05
  • 6.10.5 - 2019-12-02
  • 6.10.4 - 2019-11-30
  • 6.10.3 - 2019-11-29
  • 6.10.2 - 2019-11-26
  • 6.10.1 - 2019-11-15
  • 6.10.0 - 2019-11-15
  • 6.9.0 - 2019-11-03
  • 6.8.5 - 2019-10-27
  • 6.8.4 - 2019-10-24
  • 6.8.3 - 2019-10-10
  • 6.8.2 - 2019-10-04
from @nestjs/common GitHub release notes
Package name: @nestjs/core
  • 6.11.11 - 2020-03-03
  • 6.11.10 - 2020-03-03
  • 6.11.9 - 2020-03-02
  • 6.11.8 - 2020-02-20
  • 6.11.7 - 2020-02-13
  • 6.11.6 - 2020-02-06
  • 6.11.5 - 2020-01-31
  • 6.11.4 - 2020-01-28
  • 6.11.3 - 2020-01-28
  • 6.11.2 - 2020-01-28
  • 6.11.1 - 2020-01-24
  • 6.11.0 - 2020-01-24
  • 6.11.0-next.1 - 2020-01-24
  • 6.10.14 - 2020-01-05
  • 6.10.13 - 2019-12-27
  • 6.10.12 - 2019-12-18
  • 6.10.11 - 2019-12-13
  • 6.10.10 - 2019-12-11
  • 6.10.9 - 2019-12-10
  • 6.10.8 - 2019-12-08
  • 6.10.7 - 2019-12-05
  • 6.10.6 - 2019-12-05
  • 6.10.5 - 2019-12-02
  • 6.10.4 - 2019-11-30
  • 6.10.3 - 2019-11-29
  • 6.10.2 - 2019-11-26
  • 6.10.1 - 2019-11-15
  • 6.10.0 - 2019-11-15
  • 6.9.0 - 2019-11-03
  • 6.8.5 - 2019-10-27
  • 6.8.4 - 2019-10-24
  • 6.8.3 - 2019-10-10
  • 6.8.2 - 2019-10-04
from @nestjs/core GitHub release notes
Package name: @nestjs/platform-express
  • 6.11.11 - 2020-03-03
  • 6.11.10 - 2020-03-03
  • 6.11.9 - 2020-03-02
  • 6.11.8 - 2020-02-20
  • 6.11.7 - 2020-02-13
  • 6.11.6 - 2020-02-06
  • 6.11.5 - 2020-01-31
  • 6.11.4 - 2020-01-28
  • 6.11.3 - 2020-01-28
  • 6.11.2 - 2020-01-28
  • 6.11.1 - 2020-01-24
  • 6.11.0 - 2020-01-24
  • 6.11.0-next.1 - 2020-01-24
  • 6.10.14 - 2020-01-05
  • 6.10.13 - 2019-12-27
  • 6.10.12 - 2019-12-18
  • 6.10.11 - 2019-12-13
  • 6.10.10 - 2019-12-11
  • 6.10.9 - 2019-12-10
  • 6.10.8 - 2019-12-08
  • 6.10.7 - 2019-12-05
  • 6.10.6 - 2019-12-05
  • 6.10.5 - 2019-12-02
  • 6.10.4 - 2019-11-30
  • 6.10.3 - 2019-11-29
  • 6.10.2 - 2019-11-26
  • 6.10.1 - 2019-11-15
  • 6.10.0 - 2019-11-15
  • 6.9.0 - 2019-11-03
  • 6.8.5 - 2019-10-27
  • 6.8.4 - 2019-10-24
  • 6.8.3 - 2019-10-10
  • 6.8.2 - 2019-10-04
from @nestjs/platform-express GitHub release notes
Package name: @nestjs/typeorm
  • 6.3.4 - 2020-03-11
  • 6.3.3 - 2020-02-21
  • 6.3.2 - 2020-02-21
  • 6.3.1 - 2020-02-11
  • 6.3.0 - 2020-02-11
  • 6.2.0 - 2019-09-27
from @nestjs/typeorm GitHub release notes
Package name: oracledb
  • 4.2.0 - 2020-01-22

    node-oracledb v4.2.0 is available. See the release announcement and CHANGELOG.

    Pre-built binaries are available for Node.js 8.16 or later, Node.js 10.16 or later, or Node.js 12.

    • Windows 64-bit (x64) (built with VS 2017)
    • macOS 64-bit (Intel x64)
    • Linux 64-bit (x86-64) (built on Oracle Linux 6)

    For other environments, refer to INSTALL on building from source code.

  • 4.1.0 - 2019-11-25

    node-oracledb v4.1.0 is available. See the release announcement and CHANGELOG.

    Pre-built binaries are available for Node.js 8.16 or later, Node.js 10.16 or later, or Node.js 12.

    • Windows 64-bit (x64) (built with VS 2017)
    • macOS 64-bit (Intel x64)
    • Linux 64-bit (x86-64) (built on Oracle Linux 6)

    For other environments, refer to INSTALL on building from source code.

  • 4.0.1 - 2019-08-19

    node-oracledb v4.0.1 is available. See the CHANGELOG for details.

    Pre-built binaries are available for Node.js 8.16 or later, Node.js 10.16 or later, or Node.js 12.

    • Windows 64-bit (x64) (built with VS 2017)
    • macOS 64-bit (Intel x64)
    • Linux 64-bit (x86-64) (built on Oracle Linux 6)

    For other environments, refer to INSTALL on building from source code.

from oracledb GitHub release notes
Package name: reflect-metadata from reflect-metadata GitHub release notes
Package name: rimraf from rimraf GitHub release notes
Package name: rxjs
  • 6.6.7 - 2021-03-28
  • 6.6.6 - 2021-02-25
  • 6.6.4 - 2021-02-24
  • 6.6.3 - 2020-09-06
  • 6.6.2 - 2020-07-31
  • 6.6.1 - 2020-07-31
  • 6.6.0 - 2020-07-02
  • 6.5.5 - 2020-04-03
  • 6.5.4 - 2019-12-27
  • 6.5.3 - 2019-09-03
from rxjs GitHub release notes
Package name: typeorm
  • 0.3.20 - 2024-01-26

    Bug Fixes

    Features

    Reverts

  • 0.3.20-dev.fa86f6f - 2024-01-03
  • 0.3.20-dev.f232ba7 - 2024-01-26
  • 0.3.20-dev.dd8c0fd - 2024-01-26
  • 0.3.20-dev.d0b7670 - 2024-01-26
  • 0.3.20-dev.c22e30f - 2024-01-04
  • 0.3.20-dev.8f371f2 - 2024-01-26
  • 0.3.20-dev.8ebe769 - 2024-01-26
  • 0.3.20-dev.73e3b49 - 2024-01-03
  • 0.3.20-dev.62f574b - 2024-01-26
  • 0.3.20-dev.54d8d9e - 2024-01-26
  • 0.3.20-dev.1b34c9a - 2024-01-26
  • 0.3.20-dev.15de46f - 2024-01-08
  • 0.3.20-dev.0cab0dd - 2024-01-26
  • 0.3.20-dev.4624930 - 2024-01-26
  • 0.3.19 - 2024-01-03

    Bug Fixes

    • fixed Cannot read properties of undefined (reading 'sync') caused after glob package upgrade
  • 0.3.19-dev.633c4e3 - 2024-01-03
  • 0.3.18 - 2024-01-03

    Bug Fixes

    Features

    Performance Improvements

    BREAKING CHANGES

    • With node-oracledb the thin client is used as default. Added a option to use the thick client. Also added the option to specify the instant client lib
    • MongoDB: from the previous behavior of returning a result with metadata describing when a document is not found.
      See: https://github.com/mongodb/node-mongodb-native/blob/HEAD/etc/notes/CHANGES_6.0.0.md
    • new nullable embeds feature introduced a breaking change which might enforce you to update types on your entities to | null,
      if all columns in your embed entity are nullable. Since database queries now return embedded property as null if all its column values are null.
  • 0.3.18-dev.ff6e875 - 2023-07-22
  • 0.3.18-dev.fdb9866 - 2023-12-29
  • 0.3.18-dev.fbd45db - 2023-08-19
  • 0.3.18-dev.f6bb671 - 2023-12-29
  • 0.3.18-dev.f6b87e3 - 2023-12-29
  • 0.3.18-dev.ebd61d1 - 2023-09-30
  • 0.3.18-dev.e72a9da - 2023-08-19
  • 0.3.18-dev.e67d704 - 2024-01-02
  • 0.3.18-dev.dff2d53 - 2023-07-22
  • 0.3.18-dev.dd59524 - 2024-01-02
  • 0.3.18-dev.d184d85 - 2023-10-05
  • 0.3.18-dev.c8ee5b1 - 2023-08-19
  • 0.3.18-dev.c6f608d - 2023-08-19
  • 0.3.18-dev.befe4f9 - 2023-09-02
  • 0.3.18-dev.b8af97a - 2023-09-30
  • 0.3.18-dev.b6b46fb - 2023-12-29
  • 0.3.18-dev.b5ec088 - 2024-01-03
  • 0.3.18-dev.b240d87 - 2023-12-29
  • 0.3.18-dev.ad5bf11 - 2023-12-29
  • 0.3.18-dev.aa8d24c - 2023-12-29
  • 0.3.18-dev.a939654 - 2023-12-29
  • 0.3.18-dev.a909d5b - 2023-07-12
  • 0.3.18-dev.a4900ae - 2023-12-29
  • 0.3.18-dev.a00b1df - 2024-01-02
  • 0.3.18-dev.9471bfc - 2023-09-22
  • 0.3.18-dev.8d0e7f9 - 2023-09-30
  • 0.3.18-dev.7e9cead - 2023-12-29
  • 0.3.18-dev.7adbc9b - 2023-08-19
  • 0.3.18-dev.7a58bbf - 2023-12-29
  • 0.3.18-dev.6d5b5d9 - 2023-12-29
  • 0.3.18-dev.65858f3 - 2023-12-29
  • 0.3.18-dev.48f5f85 - 2023-12-29
  • 0.3.18-dev.3cf938e - 2023-12-29
  • 0.3.18-dev.3cda7ec - 2024-01-02
  • 0.3.18-dev.2dc9624 - 2023-12-29
  • 0.3.18-dev.173910e - 2024-01-02
  • 0.3.18-dev.15bc887 - 2024-01-03
  • 0.3.18-dev.122c897 - 2023-12-29
  • 0.3.18-dev.0f11739 - 2024-01-02
  • 0.3.18-dev.022d2b5 - 2023-08-19
  • 0.3.17 - 2023-06-20

    Bug Fixes

  • 0.3.17-dev.f5d4397 - 2023-06-19
  • 0.3.17-dev.d4607a8 - 2023-05-10
  • 0.3.17-dev.b1a3a39 - 2023-06-20
  • 0.3.17-dev.abb9079 - 2023-05-09
  • 0.3.17-dev.7108cc6 - 2023-06-20
  • 0.3.16 - 2023-05-09

    0.3.16 (2023-05-09)

    Bug Fixes

    • add trustServerCertificate option to SqlServerConnectionOptions (#9985) (0305805), closes #8093
    • add directConnection options to MongoDB connection (#9955) (e0165e7)
    • add onDelete option validation for oracle (#9786) (938f94b), closes #9189
    • added instanceName to options (#9968) (7c5627f)
    • added transaction retry logic in cockroachdb (#10032) (607d6f9)
    • allow json as alias for longtext mariadb (#10018) (2a2bb4b)
    • convert the join table ID to the referenceColumn ID type (#9887) (9460296)
    • correct encode mongodb auth credentials (

@snyk-bot
fix: upgrade multiple dependencies with Snyk
ace0dee 
Snyk has created this PR to upgrade:
  - @nestjs/common from 6.8.2 to 6.11.11.
    See this package in npm: https://www.npmjs.com/package/@nestjs/common
  - @nestjs/core from 6.8.2 to 6.11.11.
    See this package in npm: https://www.npmjs.com/package/@nestjs/core
  - @nestjs/platform-express from 6.8.2 to 6.11.11.
    See this package in npm: https://www.npmjs.com/package/@nestjs/platform-express
  - @nestjs/typeorm from 6.2.0 to 6.3.4.
    See this package in npm: https://www.npmjs.com/package/@nestjs/typeorm
  - oracledb from 4.0.1 to 4.2.0.
    See this package in npm: https://www.npmjs.com/package/oracledb
  - reflect-metadata from 0.1.13 to 0.2.2.
    See this package in npm: https://www.npmjs.com/package/reflect-metadata
  - rimraf from 3.0.0 to 3.0.2.
    See this package in npm: https://www.npmjs.com/package/rimraf
  - rxjs from 6.5.3 to 6.6.7.
    See this package in npm: https://www.npmjs.com/package/rxjs
  - typeorm from 0.2.20 to 0.3.20.
    See this package in npm: https://www.npmjs.com/package/typeorm

See this project in Snyk:
https://app.snyk.io/org/cascencio/project/1d4392e0-2013-4a34-a74f-ed9c5b147f36?utm_source=github&utm_medium=referral&page=upgrade-pr
@CAscencio CAscencio self-assigned this Sep 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@CAscencio CAscencio

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

SqlServerConnectionOptions interface is missing property options.trustServerCertificate Postgres: queryBuilder makes different parameter identifiers for same parameter, causing problems with groupby syntax error at or near "AND" Many-to-many gives error ER_DUP_ENTRY everytime I save. This one also related to inverseJoinColumn. Tracking query time for slow queries and statsd timers
Generated asExpression columns not in RETURNING clause on save Generating migrations with cli @UpdateDateColumn does not update on upsert onDelete: 'RESTRICT' should be ignored to avoid ORA-00905: missing keyword Incorrect behaivor of 'alwaysEnabled: true' after change from issue #9023

3 participants

@CAscencio @snyk-bot