Closed juansedo closed 9 months ago
Any updates on this one? Is it resolved in new versions?
@pavleprica 1.6.1 version doesn't solve this problem. Anyway, I was just reading about "resolutions" in yarn documentation, and it can be used for temporally solving this issue.
Resolutions allow to change the used package in any dependency depth level, regardless dependency's package.json says.
I added this at the end of package.json:
"resolutions": {
"@nestjs-modules/mailer/**/nth-check": "2.1.0"
}
Run yarn install
, and it will be solved!
With npm list nth-check
you can get the dependency tree and you will see a new warning:
But you can assure that the vulnerability was solved.
Program runs normally:
And mailer service works so good, this is my Gmail Inbox:
npm
has something like resolutions, it is called "overrides". You can see a link in Sources section.
Also, I found this info: https://nvd.nist.gov/vuln/detail/CVE-2021-3803