search

RobinCK / typeorm-fixtures

:pill: Fixtures loader for typeorm 🇺🇦
https://robinck.github.io/typeorm-fixtures/
MIT License
566 stars 45 forks source link

[Bug] Update dependencies #191

Open leandro-gomez opened 2 years ago

leandro-gomez commented 2 years ago

Your Environment

Locally

Software Version(s)
typeorm-fixtures 1.11.1
Node v16.14.0
npm/Yarn 8.6.0
Operating System Linux

I'm getting a npm audit error:

# npm audit report

async  <3.2.2
Severity: high
Prototype Pollution in async - https://github.com/advisories/GHSA-fwr7-v2mv-hh25
fix available via `npm audit fix --force`
Will install typeorm-fixtures-cli@1.5.0, which is a breaking change
node_modules/jake/node_modules/async
  jake  >=8.0.1
  Depends on vulnerable versions of async
  node_modules/jake
    ejs  >=3.1.2
    Depends on vulnerable versions of jake
    node_modules/ejs
      typeorm-fixtures-cli  >=1.6.0
      Depends on vulnerable versions of ejs
      node_modules/typeorm-fixtures-cli

4 high severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force
kevin-lot commented 2 years ago

Wait for a response of the creator.

https://github.com/RobinCK/typeorm-fixtures/pull/196

kevin-lot commented 2 years ago

@leandro-gomez Check new version but it is only compatible with typeorm 0.3.