[Snyk] Fix for 8 vulnerabilities
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this Merge Request
-
Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
-
Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches. Find out more.
Vulnerabilities that will be fixed
With an upgrade:
Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
---|---|---|---|---|
616/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9 |
Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255 |
No | Proof of Concept | |
531/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.2 |
Prototype Pollution SNYK-JS-CLASSTRANSFORMER-564431 |
No | Proof of Concept | |
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905 |
No | Proof of Concept | |
681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2 |
Command Injection SNYK-JS-LODASH-1040724 |
No | Proof of Concept | |
601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6 |
Prototype Pollution SNYK-JS-MONGOOSE-1086688 |
No | Proof of Concept | |
579/1000 Why? Has a fix available, CVSS 7.3 |
Prototype Pollution SNYK-JS-MQUERY-1050858 |
No | No Known Exploit | |
768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5 |
Prototype Pollution SNYK-JS-MQUERY-1089718 |
No | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: @nestjs/swagger
The new version differs by 239 commits.- f90cb7b Merge pull request #1205 from nestjs/renovate/class-transformer-0.x
- bd18c89 chore(deps): update dependency class-transformer to v0.4.0
- 28127a1 Merge pull request #1251 from nestjs/renovate/nestjs-mapped-types-0.x
- 61fecaa fix(deps): update dependency @ nestjs/mapped-types to v0.4.0
- e4f8d2f Merge pull request #1219 from nestjs/renovate/lodash-monorepo
- 649f666 chore(deps): update typescript-eslint monorepo to v4.17.0
- 40cbb0f chore(deps): update dependency @ types/node to v11.15.48
- 17e45c4 chore(deps): update dependency fastify-swagger to v4.4.0
- 7684efd chore(deps): update dependency typescript to v4.2.3
- e9863b0 chore(deps): update dependency ts-jest to v26.5.3
- bef1c0e chore(deps): update dependency fastify-swagger to v4.3.3
- 4c3059c chore(deps): update dependency fastify-swagger to v4.3.2
- 97c68df chore(deps): update dependency husky to v5.1.3
- 48c2555 chore(deps): update typescript-eslint monorepo to v4.16.1
- 5012037 chore(deps): update typescript-eslint monorepo to v4.16.0
- 91e997a chore(deps): update dependency husky to v5.1.2
- 2004131 chore(deps): update dependency eslint to v7.21.0
- de629e4 chore(deps): update commitlint monorepo to v12.0.1
- 1408043 chore(deps): update dependency eslint-config-prettier to v8.1.0
- 9c5bdf1 chore(): release v4.7.15
- 3e3b78b Merge branch 'master' of https://github.com/nestjs/swagger
- b417b92 fix(plugin): support typescript 4.2+
- a54b765 chore(deps): update dependency typescript to v4.2.2
- 27becc1 chore(): release v4.7.14
Package name: mongoose
The new version differs by 250 commits.- f8d2721 chore: release 5.12.3
- 58cad73 fix(connection): use queueing instead of event emitter for `createCollection()` and other helpers to avoid event emitter warning
- 5382408 fix(index.d.ts): add `transform` to PopulateOptions interface
- dca1d70 Merge branch 'master' of github.com:Automattic/mongoose
- 2648088 fix(index.d.ts): add DocumentQuery type for backwards compatibility
- 966770f Merge pull request #10063 from Automattic/gh-10044
- 9e4a083 style: fix lint
- f3cd3a8 chore: use variable instead of function
- f24953c fix(query): add `writeConcern()` method to avoid writeConcern deprecation warning
- 7d2e9c9 chore: upgrade mquery -> 3.2.5 re: aheckmann/mquery#121
- d1a9a1e made requested changes
- cf1b666 Merge pull request #10078 from pezzu/master
- 2aef528 Merge pull request #10062 from Automattic/gh-10025
- 452c77c Fixes #10072
- c9bfb30 Update model.indexes.test.js
- 6f0133a removed comments
- 9e98cd8 Merge pull request #10055 from emrebass/patch-1
- 1c20044 Merge pull request #10054 from coro101/add-discriminator-type
- 4e74ea7 TIL that includes() is also not supported in all browsers
- f231d7b should work and is designed to handle multiple text fields
- c4897f9 TIL Object.values in not supported on all browsers
- 391ecec collation not added to text indexes
- 7a93c16 linter fix
- 6deb668 fix: connection ids are now scoped
Snyk patch:
With aSeverity | Priority Score (*) | Issue | Exploit Maturity |
---|---|---|---|
636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3 |
Prototype Pollution SNYK-JS-LODASH-567746 |
Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this Merge Request to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: 🧐 View latest project report