[Snyk] Upgrade: , , , , oracledb, reflect-metadata, rimraf, rxjs, typeorm

[CAscencio]

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

@nestjs/common
from 6.8.2 to 6.11.11 | 32 versions ahead of your current version | 5 years ago
on 2020-03-03
@nestjs/core
from 6.8.2 to 6.11.11 | 32 versions ahead of your current version | 5 years ago
on 2020-03-03
@nestjs/platform-express
from 6.8.2 to 6.11.11 | 32 versions ahead of your current version | 5 years ago
on 2020-03-03
@nestjs/typeorm
from 6.2.0 to 6.3.4 | 5 versions ahead of your current version | 5 years ago
on 2020-03-11
oracledb
from 4.0.1 to 4.2.0 | 2 versions ahead of your current version | 5 years ago
on 2020-01-22
reflect-metadata
from 0.1.13 to 0.2.2 | 5 versions ahead of your current version | 5 months ago
on 2024-03-29
rimraf
from 3.0.0 to 3.0.2 | 2 versions ahead of your current version | 5 years ago
on 2020-02-09
rxjs
from 6.5.3 to 6.6.7 | 9 versions ahead of your current version | 3 years ago
on 2021-03-28
typeorm
from 0.2.20 to 0.3.20 | 532 versions ahead of your current version | 8 months ago
on 2024-01-26

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ES5EXT-6095076	504	Proof of Concept
	Arbitrary Code Execution SNYK-JS-THENIFY-571690	504	Proof of Concept
	Prototype Pollution SNYK-JS-TYPEORM-590152	504	Mature
	Prototype Pollution SNYK-JS-Y18N-1021887	504	Proof of Concept
	Prototype Pollution SNYK-JS-HIGHLIGHTJS-1045326	504	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HIGHLIGHTJS-1048676	504	No Known Exploit
	Prototype Pollution SNYK-JS-XML2JS-5414874	504	Proof of Concept
	Prototype Pollution SNYK-JS-YARGSPARSER-560381	504	Proof of Concept
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	504	Proof of Concept

Release notes

Package name: @nestjs/common

• 6.11.11 - 2020-03-03
• 6.11.10 - 2020-03-03
• 6.11.9 - 2020-03-02
• 6.11.8 - 2020-02-20
• 6.11.7 - 2020-02-13
• 6.11.6 - 2020-02-06
• 6.11.5 - 2020-01-31
• 6.11.4 - 2020-01-28
• 6.11.3 - 2020-01-28
• 6.11.2 - 2020-01-28
• 6.11.1 - 2020-01-24
• 6.11.0 - 2020-01-24
• 6.11.0-next.1 - 2020-01-24
• 6.10.14 - 2020-01-05
• 6.10.13 - 2019-12-27
• 6.10.12 - 2019-12-18
• 6.10.11 - 2019-12-13
• 6.10.10 - 2019-12-11
• 6.10.9 - 2019-12-10
• 6.10.8 - 2019-12-08
• 6.10.7 - 2019-12-05
• 6.10.6 - 2019-12-05
• 6.10.5 - 2019-12-02
• 6.10.4 - 2019-11-30
• 6.10.3 - 2019-11-29
• 6.10.2 - 2019-11-26
• 6.10.1 - 2019-11-15
• 6.10.0 - 2019-11-15
• 6.9.0 - 2019-11-03
• 6.8.5 - 2019-10-27
• 6.8.4 - 2019-10-24
• 6.8.3 - 2019-10-10
• 6.8.2 - 2019-10-04

from @nestjs/common GitHub release notes

Package name: @nestjs/core

• 6.11.11 - 2020-03-03
• 6.11.10 - 2020-03-03
• 6.11.9 - 2020-03-02
• 6.11.8 - 2020-02-20
• 6.11.7 - 2020-02-13
• 6.11.6 - 2020-02-06
• 6.11.5 - 2020-01-31
• 6.11.4 - 2020-01-28
• 6.11.3 - 2020-01-28
• 6.11.2 - 2020-01-28
• 6.11.1 - 2020-01-24
• 6.11.0 - 2020-01-24
• 6.11.0-next.1 - 2020-01-24
• 6.10.14 - 2020-01-05
• 6.10.13 - 2019-12-27
• 6.10.12 - 2019-12-18
• 6.10.11 - 2019-12-13
• 6.10.10 - 2019-12-11
• 6.10.9 - 2019-12-10
• 6.10.8 - 2019-12-08
• 6.10.7 - 2019-12-05
• 6.10.6 - 2019-12-05
• 6.10.5 - 2019-12-02
• 6.10.4 - 2019-11-30
• 6.10.3 - 2019-11-29
• 6.10.2 - 2019-11-26
• 6.10.1 - 2019-11-15
• 6.10.0 - 2019-11-15
• 6.9.0 - 2019-11-03
• 6.8.5 - 2019-10-27
• 6.8.4 - 2019-10-24
• 6.8.3 - 2019-10-10
• 6.8.2 - 2019-10-04

from @nestjs/core GitHub release notes

Package name: @nestjs/platform-express

• 6.11.11 - 2020-03-03
• 6.11.10 - 2020-03-03
• 6.11.9 - 2020-03-02
• 6.11.8 - 2020-02-20
• 6.11.7 - 2020-02-13
• 6.11.6 - 2020-02-06
• 6.11.5 - 2020-01-31
• 6.11.4 - 2020-01-28
• 6.11.3 - 2020-01-28
• 6.11.2 - 2020-01-28
• 6.11.1 - 2020-01-24
• 6.11.0 - 2020-01-24
• 6.11.0-next.1 - 2020-01-24
• 6.10.14 - 2020-01-05
• 6.10.13 - 2019-12-27
• 6.10.12 - 2019-12-18
• 6.10.11 - 2019-12-13
• 6.10.10 - 2019-12-11
• 6.10.9 - 2019-12-10
• 6.10.8 - 2019-12-08
• 6.10.7 - 2019-12-05
• 6.10.6 - 2019-12-05
• 6.10.5 - 2019-12-02
• 6.10.4 - 2019-11-30
• 6.10.3 - 2019-11-29
• 6.10.2 - 2019-11-26
• 6.10.1 - 2019-11-15
• 6.10.0 - 2019-11-15
• 6.9.0 - 2019-11-03
• 6.8.5 - 2019-10-27
• 6.8.4 - 2019-10-24
• 6.8.3 - 2019-10-10
• 6.8.2 - 2019-10-04

from @nestjs/platform-express GitHub release notes

Package name: @nestjs/typeorm

• 6.3.4 - 2020-03-11
• 6.3.3 - 2020-02-21
• 6.3.2 - 2020-02-21
• 6.3.1 - 2020-02-11
• 6.3.0 - 2020-02-11
• 6.2.0 - 2019-09-27

from @nestjs/typeorm GitHub release notes

Package name: oracledb

• 4.2.0 - 2020-01-22
  

  node-oracledb v4.2.0 is available. See the release announcement and CHANGELOG.

  Pre-built binaries are available for Node.js 8.16 or later, Node.js 10.16 or later, or Node.js 12.

  • Windows 64-bit (x64) (built with VS 2017)
  • macOS 64-bit (Intel x64)
  • Linux 64-bit (x86-64) (built on Oracle Linux 6)

  For other environments, refer to INSTALL on building from source code.

• 4.1.0 - 2019-11-25
  

  node-oracledb v4.1.0 is available. See the release announcement and CHANGELOG.

  Pre-built binaries are available for Node.js 8.16 or later, Node.js 10.16 or later, or Node.js 12.

  • Windows 64-bit (x64) (built with VS 2017)
  • macOS 64-bit (Intel x64)
  • Linux 64-bit (x86-64) (built on Oracle Linux 6)

  For other environments, refer to INSTALL on building from source code.

• 4.0.1 - 2019-08-19
  

  node-oracledb v4.0.1 is available. See the CHANGELOG for details.

  Pre-built binaries are available for Node.js 8.16 or later, Node.js 10.16 or later, or Node.js 12.

  • Windows 64-bit (x64) (built with VS 2017)
  • macOS 64-bit (Intel x64)
  • Linux 64-bit (x86-64) (built on Oracle Linux 6)

  For other environments, refer to INSTALL on building from source code.

from oracledb GitHub release notes

Package name: reflect-metadata

• 0.2.2 - 2024-03-29
• 0.2.1 - 2023-12-14
  

  What's Changed

  • Fix stack overflow crash in isProviderFor by @ rbuckton in #155
  • Update main to v0.2.1 by @ rbuckton in #156

  Full Changelog: v0.2.0...v0.2.1

• 0.2.0 - 2023-12-13
  

  What's Changed

  • Add /lite and /no-conflict exports by @ rbuckton in #144
  • No dynamic evaluation in /lite mode by @ rbuckton in #149

  Full Changelog: v0.1.14...v0.2.0

• 0.2.0-pre.0 - 2023-12-13
  

  What's Changed

  • Add /lite and /no-conflict exports by @ rbuckton in #144

  Full Changelog: v0.1.14...v0.2.0-pre.0

• 0.1.14 - 2023-12-07
  

  What's Changed

  • Fix variable name by @ amatiasq in #109
  • Bypass webpack process.env inlining by @ rbuckton in c8c06cc

  New Contributors

  • @ amatiasq made their first contribution in #109

  Full Changelog: v0.1.13...v0.1.14

• 0.1.13 - 2019-01-15
  

  Full Changelog: v0.1.12...v0.1.13

from reflect-metadata GitHub release notes

Package name: rimraf

• 3.0.2 - 2020-02-09
  

  3.0.2

• 3.0.1 - 2020-01-28
  

  3.0.1

• 3.0.0 - 2019-08-14
  

  3.0.0

from rimraf GitHub release notes

Package name: rxjs

• 6.6.7 - 2021-03-28
• 6.6.6 - 2021-02-25
• 6.6.4 - 2021-02-24
• 6.6.3 - 2020-09-06
• 6.6.2 - 2020-07-31
• 6.6.1 - 2020-07-31
• 6.6.0 - 2020-07-02
• 6.5.5 - 2020-04-03
• 6.5.4 - 2019-12-27
• 6.5.3 - 2019-09-03

from rxjs GitHub release notes

Package name: typeorm

• 0.3.20 - 2024-01-26
  

  Bug Fixes

  • added missing parentheses in where conditions (#10650) (4624930), closes #10534
  • don't escape indexPredicate (#10618) (dd49a25)
  • fallback runMigrations transaction to DataSourceOptions (#10601) (0cab0dd)
  • hangup when load relations with relationLoadStrategy: query (#10630) (54d8d9e), closes #10481
  • include asExpression columns in returning clause (#10632) (f232ba7), closes #8450 #8450
  • multiple insert in SAP Hana (#10597) (1b34c9a)
  • resolve issue CREATE/DROP Index concurrently (#10634) (8aa8690), closes #10626
  • type inferencing of EntityManager#create (#10569) (99d8249)

  Features

  • add json type support for Oracle (#10611) (7e85460)
  • add postgres multirange column types (#10627) (d0b7670), closes #10556
  • add table comment for postgres (#10613) (4493db4)

  Reverts

  • Revert "fix: prevent using absolute table path in migrations unless required (#10123)" (#10624) (8f371f2), closes #10123 #10624
  • revert "feat: nullable embedded entities (#10289)" (#10614) (15de46f), closes #10289 #10614
• 0.3.20-dev.fa86f6f - 2024-01-03
• 0.3.20-dev.f232ba7 - 2024-01-26
• 0.3.20-dev.dd8c0fd - 2024-01-26
• 0.3.20-dev.d0b7670 - 2024-01-26
• 0.3.20-dev.c22e30f - 2024-01-04
• 0.3.20-dev.8f371f2 - 2024-01-26
• 0.3.20-dev.8ebe769 - 2024-01-26
• 0.3.20-dev.73e3b49 - 2024-01-03
• 0.3.20-dev.62f574b - 2024-01-26
• 0.3.20-dev.54d8d9e - 2024-01-26
• 0.3.20-dev.1b34c9a - 2024-01-26
• 0.3.20-dev.15de46f - 2024-01-08
• 0.3.20-dev.0cab0dd - 2024-01-26
• 0.3.20-dev.4624930 - 2024-01-26
• 0.3.19 - 2024-01-03
  

  Bug Fixes

  • fixed Cannot read properties of undefined (reading 'sync') caused after glob package upgrade
• 0.3.19-dev.633c4e3 - 2024-01-03
• 0.3.18 - 2024-01-03
  

  Bug Fixes

  • add BaseEntity to model-shim (#10503) (3cf938e)
  • add error handling for missing join columns (#10525) (122c897), closes #7034
  • add missing export for View class (#10261) (7adbc9b)
  • added fail callback while opening the database in Cordova (#10566) (8b4df5b)
  • aggregate function throw error when column alias name is set (#10035) (022d2b5), closes #9927
  • backport postgres connection error handling to crdb (#10177) (149226d)
  • bump better-sqlite3 version range (#10452) (75ec8f2)
  • caching always enabled not caching queries (#10524) (8af533f)
  • circular dependency breaking node.js 20.6 (#10344) (ba7ad3c), closes #10338
  • correctly keep query.data from ormOption for commit / rollback subscribers (#10151) (73ee70b)
  • default value in child table/entity column decorator for multiple table inheritance is ignored for inherited columns (#10563) (#10564) (af77a5d)
  • deletedAt column leaking as side effect of object update while creating a row (#10435) (7de4890)
  • empty objects being hydrated when eager loading relations that have a @ VirtualColumn (#10432) (b53e410), closes #10431
  • extend GiST index with range types for Postgres driver (#10572) (a4900ae), closes #10567
  • ignore changes for columns with update: false in persistence (#10250) (f8fa1fd), closes #10249
  • improve helper for cli for commands missing positionals (#10133) (9f8899f)
  • loading datasource unable to process a regular default export (#10184) (201342d), closes #8810
  • logMigration has incorrect logging condition (#10323) (d41930f), closes #10322 #10322
  • ManyToMany ER_DUP_ENTRY error (#10343) (e296063), closes #5704
  • migrations on indexed TIMESTAMP WITH TIME ZONE Oracle columns (#10506) (cf37f13), closes #10493
  • mongodb - undefined is not constructor (#10559) (ad5bf11)
  • mongodb resolves leaked cursor (#10316) (2dc9624), closes #10315
  • mssql datasource testonborrow not affecting anything (#10589) (122b683)
  • nested transactions issues (#10210) (25e6ecd)
  • prevent using absolute table path in migrations unless required (#10123) (dd59524)
  • remove date-fns in favor of DayJs (#10306) (cf7147f)
  • remove dynamic require calls (#10196) (a939654)
  • resolve circular dependency when using Vite (#10273) (080528b)
  • resolve issue building eager relation alias for nested relations (#10004) (c6f608d), closes #9944
  • resolve issue of generating migration for numeric arrays repeatedly (#10471) (39fdcf6), closes #10043
  • resolve issue queryBuilder makes different parameter identifiers for same parameter (#10327) (6c918ea), closes #7308
  • resolve issues on upsert (#10588) (dc1bfed), closes #10587
  • scrub all comment end markers from comments (#10163) (d937f61)
  • serialize bigint when building a query id #10336 (#10337) (bfc1cc5)
  • should automatically cache if alwaysEnable (#10137) (173910e), closes #9910
  • SQLite simple-enum column parsing (#10550) (696e688)
  • update UpdateDateColumn on upsert (#10458) (fdb9866), closes #9015
  • upgrade ts-node version to latest(10.9.1) version (#10143) (fcb9904)
  • using async datasource to configure typeorm (#10170) (fbd45db)

  Features

  • ability to change default replication mode (#10419) (72b1d1b)
  • add concurrent indexes for postgres (#10442) (f4e6eaf)
  • add exists and exists by (#10291) (b6b46fb)
  • add isolated where statements (#10213) (3cda7ec)
  • add MSSQL disableAsciiToUnicodeParamConversion option and tests (#10161) (df7c069), closes #10131
  • add support for mssql server DefaultAzureCredential usage (#10246) (c8ee5b1)
  • add support for table comment in MySQL (#10017) (338df16)
  • allow to use custom type witch extends object type for find where argument (#10475) (48f5f85)
  • BeforeQuery and AfterQuery events (#10234) (5c28154), closes #3302
  • custom STI discriminator value for EntitySchema (#10508) (b240d87), closes #10494
  • enabled CTE for oracle driver (#10319) (65858f3)
  • entityId in InsertEvent (#10540) (ae006af)
  • expose countDocuments in mongodb (#10314) (ebd61d1)
  • exposed entity and criteria properties on EntityNotFoundError (#10202) (bafcd17)
  • implement column comments for SAP HANA (#10502) (45e31cc)
  • implement OR operator (#10086) (a00b1df), closes #10054 #10054 #10054 #10054 #10054 #10054 #10054
  • implement streaming for SAP HANA (#10512) (7e9cead)
  • implements QueryFailedError generic for driverError typing (#10253) (78b2f48)
  • modify repository.extend method for chaining repositories (#10256) (ca29c0f)
  • nullable embedded entities (#10289) (e67d704)
  • support for MongoDB 6.x (#10545) (3647b26)
  • support mssql@10 (#10356) (f6bb671), closes #10340
  • use node-oracledb 6 (#10285) (3af891a), closes #10277
  • user-defined index name for STI discriminator column (#10509) (89c5257), closes #10496

  Performance Improvements

  • improve SapQueryRunner performance (#10198) (f6b87e3)

  BREAKING CHANGES

  • With node-oracledb the thin client is used as default. Added a option to use the thick client. Also added the option to specify the instant client lib
  • MongoDB: from the previous behavior of returning a result with metadata describing when a document is not found.
    See: https://github.com/mongodb/node-mongodb-native/blob/HEAD/etc/notes/CHANGES_6.0.0.md
  • new nullable embeds feature introduced a breaking change which might enforce you to update types on your entities to | null,
    if all columns in your embed entity are nullable. Since database queries now return embedded property as null if all its column values are null.
• 0.3.18-dev.ff6e875 - 2023-07-22
• 0.3.18-dev.fdb9866 - 2023-12-29
• 0.3.18-dev.fbd45db - 2023-08-19
• 0.3.18-dev.f6bb671 - 2023-12-29
• 0.3.18-dev.f6b87e3 - 2023-12-29
• 0.3.18-dev.ebd61d1 - 2023-09-30
• 0.3.18-dev.e72a9da - 2023-08-19
• 0.3.18-dev.e67d704 - 2024-01-02
• 0.3.18-dev.dff2d53 - 2023-07-22
• 0.3.18-dev.dd59524 - 2024-01-02
• 0.3.18-dev.d184d85 - 2023-10-05
• 0.3.18-dev.c8ee5b1 - 2023-08-19
• 0.3.18-dev.c6f608d - 2023-08-19
• 0.3.18-dev.befe4f9 - 2023-09-02
• 0.3.18-dev.b8af97a - 2023-09-30
• 0.3.18-dev.b6b46fb - 2023-12-29
• 0.3.18-dev.b5ec088 - 2024-01-03
• 0.3.18-dev.b240d87 - 2023-12-29
• 0.3.18-dev.ad5bf11 - 2023-12-29
• 0.3.18-dev.aa8d24c - 2023-12-29
• 0.3.18-dev.a939654 - 2023-12-29
• 0.3.18-dev.a909d5b - 2023-07-12
• 0.3.18-dev.a4900ae - 2023-12-29
• 0.3.18-dev.a00b1df - 2024-01-02
• 0.3.18-dev.9471bfc - 2023-09-22
• 0.3.18-dev.8d0e7f9 - 2023-09-30
• 0.3.18-dev.7e9cead - 2023-12-29
• 0.3.18-dev.7adbc9b - 2023-08-19
• 0.3.18-dev.7a58bbf - 2023-12-29
• 0.3.18-dev.6d5b5d9 - 2023-12-29
• 0.3.18-dev.65858f3 - 2023-12-29
• 0.3.18-dev.48f5f85 - 2023-12-29
• 0.3.18-dev.3cf938e - 2023-12-29
• 0.3.18-dev.3cda7ec - 2024-01-02
• 0.3.18-dev.2dc9624 - 2023-12-29
• 0.3.18-dev.173910e - 2024-01-02
• 0.3.18-dev.15bc887 - 2024-01-03
• 0.3.18-dev.122c897 - 2023-12-29
• 0.3.18-dev.0f11739 - 2024-01-02
• 0.3.18-dev.022d2b5 - 2023-08-19
• 0.3.17 - 2023-06-20
  

  Bug Fixes

  • #10040 TypeORM synchronize database even if it is up to date (#10041) (b1a3a39)
  • add missing await (#10084) (f5d4397)
• 0.3.17-dev.f5d4397 - 2023-06-19
• 0.3.17-dev.d4607a8 - 2023-05-10
• 0.3.17-dev.b1a3a39 - 2023-06-20
• 0.3.17-dev.abb9079 - 2023-05-09
• 0.3.17-dev.7108cc6 - 2023-06-20
• 0.3.16 - 2023-05-09
  

  0.3.16 (2023-05-09)

  Bug Fixes

  • add trustServerCertificate option to SqlServerConnectionOptions (#9985) (0305805), closes #8093
  • add directConnection options to MongoDB connection (#9955) (e0165e7)
  • add onDelete option validation for oracle (#9786) (938f94b), closes #9189
  • added instanceName to options (#9968) (7c5627f)
  • added transaction retry logic in cockroachdb (#10032) (607d6f9)
  • allow json as alias for longtext mariadb (#10018) (2a2bb4b)
  • convert the join table ID to the referenceColumn ID type (#9887) (9460296)
  • correct encode mongodb auth credentials (