Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h

Is there an existing issue for this?

[X] I have searched the existing issues

Current behavior

Minimum reproduction code

https://github.com/ghanshyamca/nest

Steps to reproduce

npm install
npm audit

Expected behavior

used @angular-devkit/schematics-cli:13.3.1 instaed 13.0.3

Package

[ ] I don't know. Or some 3rd-party package
[ ] code>@nestjs/common</code
[ ] code>@nestjs/core</code
[ ] code>@nestjs/microservices</code
[ ] code>@nestjs/platform-express</code
[ ] code>@nestjs/platform-fastify</code
[ ] code>@nestjs/platform-socket.io</code
[ ] code>@nestjs/platform-ws</code
[ ] code>@nestjs/testing</code
[ ] code>@nestjs/websockets</code
[ ] Other (see below)

Other package

@nestjs/cli

NestJS version

8.2.4

Packages versions

{
  "name": "raw_api_boilerplate",
  "private": true,
  "version": "1.0.0",
  "description": "Nest TypeScript starter repository",
  "license": "All rights reserved",
  "scripts": {
    "prebuild": "rimraf dist",
    "prepare": "husky install",
    "build": "nest build",
    "format": "prettier --write \"apps/**/*.ts\" \"libs/**/*.ts\"",
    "start": "nest start",
    "start:dev": "nest start --watch",
    "start:debug": "nest start --debug --watch",
    "start:prod": "node dist/main",
    "lint": "eslint \"{src,apps,libs,test}/**/*.ts\" --fix",
    "test": "jest",
    "test:watch": "jest --watch",
    "test:cov": "jest --coverage",
    "test:debug": "node --inspect-brk -r tsconfig-paths/register -r ts-node/register node_modules/.bin/jest --runInBand",
    "test:e2e": "jest --config ./test/jest-e2e.json --forceExit --detectOpenHandles",
    "test:dj:e2e": "jest --config ./apps/dj/test/jest-e2e.json --coverage --forceExit --detectOpenHandles",
    "test:e2e:watch": "jest --config ./apps/api/test/jest-e2e.json --watch",
    "test:e2e:cov": "jest --config ./test/jest-e2e.json --coverage --forceExit --detectOpenHandles",
    "migrate:create": "migrate-mongo create",
    "migrate:up": "migrate-mongo up",
    "migrate:down": "migrate-mongo down",
    "migrate:status": "migrate-mongo status"
  },
  "dependencies": {
    "@nestjs/common": "8.2.6",
    "@nestjs/config": "1.1.5",
    "@nestjs/core": "8.2.6",
    "@nestjs/mapped-types": "1.0.1",
    "@nestjs/microservices": "8.2.6",
    "@nestjs/mongoose": "9.0.1",
    "@nestjs/platform-express": "8.2.3",
    "@nestjs/swagger": "5.1.5",
    "@nestjs/terminus": "^8.0.4",
    "auth0": "^2.39.0",
    "class-transformer": "0.4.0",
    "class-validator": "0.13.1",
    "cookies": "0.8.0",
    "cors": "2.8.5",
    "express-jwt": "6.1.0",
    "jwks-rsa": "2.0.5",
    "lodash": "4.17.21",
    "migrate-mongo": "8.2.3",
    "mock-jwks": "^1.0.3",
    "mongodb-memory-server": "8.2.0",
    "mongoose": "6.0.13",
    "nestjs-i18n": "8.2.2",
    "on-headers": "1.0.2",
    "reflect-metadata": "0.1.13",
    "rimraf": "3.0.2",
    "rxjs": "7.4.0",
    "swagger-ui-express": "4.3.0",
    "ts-morph": "13.0.2",
    "url": "0.11.0",
    "uuid": "8.3.2",
    "when": "3.7.8" 
   },
  "devDependencies": {
    "@nestjs/cli": "8.1.5",
    "@nestjs/schematics": "8.0.5",
    "@nestjs/testing": "8.2.3",
    "@types/auth0": "^2.34.13",
    "@types/cookies": "0.7.7",
    "@types/cors": "2.8.12",
    "@types/express": "4.17.13",
    "@types/jest": "27.0.3",
    "@types/lodash": "4.14.177",
    "@types/node": "16.11.10",
    "@types/supertest": "2.0.11",
    "@types/uuid": "8.3.3",
    "@typescript-eslint/eslint-plugin": "5.4.0",
    "@typescript-eslint/parser": "5.4.0",
    "eslint": "8.3.0",
    "eslint-config-prettier": "8.3.0",
    "eslint-plugin-prettier": "4.0.0",
    "fs-extra": "10.0.0",
    "husky": "7.0.4",
    "istanbul-api": "3.0.0",
    "jest": "27.3.1",
    "lint-staged": "12.1.2",
    "prettier": "2.5.0",
    "supertest": "6.2.2",
    "ts-jest": "27.0.7",
    "ts-loader": "9.2.6",
    "ts-node": "10.4.0",
    "tsc-watch": "4.5.0",
    "tsconfig-paths": "3.12.0",
    "tslint": "6.1.3",
    "typescript": "4.5.2"
  },
  "lint-staged": {
    "*.ts": [
      "npm run lint"
    ]
  }
}

Node.js version

16.13.2

In which operating systems have you tested?

[X] macOS
[ ] Windows
[X] Linux

Other

No response

nestjs / nest

Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h #9445

Is there an existing issue for this?

Current behavior

Minimum reproduction code

Steps to reproduce

Expected behavior

Package

Other package

NestJS version

Packages versions

Node.js version

In which operating systems have you tested?

Other