[Snyk] Fix for 2 vulnerabilities
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this Merge Request
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
---|---|---|---|---|
661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5 |
Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116 |
Yes | No Known Exploit | |
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3 |
Prototype Pollution SNYK-JS-LODASHSET-1320032 |
Yes | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: @nestjs/config
The new version differs by 250 commits.- 9d56134 Merge pull request #792 from shaunek/remediate-lodash.set-vuln
- f308a20 Merge branch 'master' into remediate-lodash.set-vuln
- 51070a9 chore(deps): update dependency eslint-plugin-import to v2.25.4
- 3e17ba1 chore(deps): update dependency lint-staged to v12.1.5
- bad5b3f chore(deps): update dependency eslint to v8.6.0
- fbce8f1 chore(deps): update dependency @ types/jest to v27.4.0
- 5d20935 fix(): use full lodash instead of per-method pkgs
- d4ebe89 chore(deps): update dependency @ commitlint/cli to v16.0.1
- 8614d98 chore(deps): update dependency rxjs to v7.5.1
- c4c9ec7 chore(deps): update dependency rxjs to v7.5.0
- 3773b38 chore(deps): update typescript-eslint monorepo to v5.8.1
- d63fe7c chore(deps): update commitlint monorepo to v16
- 7ec3bb1 chore(deps): update dependency lint-staged to v12.1.4
- c3fde60 chore(deps): update dependency @ types/node to v16.11.17
- a6b0281 chore(deps): update dependency @ types/node to v16.11.16
- 5cbcb47 chore(deps): update dependency @ types/node to v16.11.15
- 057ed41 chore(deps): update typescript-eslint monorepo to v5.8.0
- 2744e05 Merge pull request #779 from micalevisk/master
- 5aa9145 chore(deps): update dependency lint-staged to v12.1.3
- 477dbd8 chore(deps): update dependency eslint to v8.5.0
- 74b4748 style: fix formatting
- d9151c0 chore(deps): update nest monorepo to v8.2.4
- f0b9482 chore(deps): update dependency ts-jest to v27.1.2
- 1307c98 chore(deps): update dependency @ types/node to v16.11.14
Package name: rimraf
The new version differs by 40 commits.- 3b6b098 4.0.0
- e0cffea ci: reduce workload even more
- 0e6646d ci: remove unnecessary lint filter
- 546e017 update action versions
- 6d88a65 tone down benchmark intensity
- 842a8d2 fix benchmark workflow yaml
- 1b91697 chore: add copyright year to license
- 08bbb06 rewrite in TS, export hybrid, update changelog, docs
- 1b3f46e drop support for node versions below 14
- 2e1f003 gh actions workflow for benchmarks
- 52f9370 tests for retry-busy behavior
- 188e3ed don't test on very old node versions
- d1d5495 test for fix-eperm
- e7501cd prettier formatting
- 40f64ec windows: only fall back to move-remove when absolutely necessary
- b6f7819 update tap
- 99496cd test: run posix test on windows, why not?
- 51d43c1 benchmarks
- 6b8aa29 doc: correct os.tmp default
- 4b228c9 do not ever actually try to rmdir /
- 2442655 consolidate all the spellings of 'opt' into one
- d4eec2e add cli script
- 0c82d74 accept strings, arrays of strings, and no other types
- ad4f2db Do not rimraf /, override with preserveRoot:false
Check the changes in this Merge Request to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: 🧐 View latest project report
Learn how to fix vulnerabilities with free interactive lessons: