search

nestjs / typeorm

TypeORM module for Nest framework (node.js) 🍇
https://nestjs.com
MIT License
1.9k stars 206 forks source link

typeorm@0.3.20 not compatible with mssql@11.0.1 #2033

Closed SkeletonGamer closed 1 month ago

SkeletonGamer commented 1 month ago

Is there an existing issue for this?

Current behavior

npm WARN ERESOLVE overriding peer dependency npm WARN While resolving: bcp-invoice-backend@0.0.1 npm WARN Found: mssql@11.0.1 npm WARN node_modules/mssql npm WARN mssql@"11.0.1" from the root project npm WARN npm WARN Could not resolve dependency: npm WARN peerOptional mssql@"^9.1.1 || ^10.0.1" from typeorm@0.3.20 npm WARN node_modules/typeorm npm WARN peer typeorm@"^0.3.0" from @nestjs/typeorm@10.0.2 npm WARN node_modules/@nestjs/typeorm npm WARN 1 more (the root project) npm WARN ERESOLVE overriding peer dependency npm WARN While resolving: bcp-invoice-backend@0.0.1 npm WARN Found: mssql@11.0.1 npm WARN node_modules/mssql npm WARN mssql@"11.0.1" from the root project npm WARN npm WARN Could not resolve dependency: npm WARN peerOptional mssql@"^9.1.1 || ^10.0.1" from typeorm@0.3.20 npm WARN node_modules/typeorm npm WARN peer typeorm@"^0.3.0" from @nestjs/typeorm@10.0.2 npm WARN node_modules/@nestjs/typeorm npm WARN 1 more (the root project)

Minimum reproduction code

npm install --save mssql@11.0.1

Steps to reproduce

npm install --save mssql@11.0.1

Expected behavior

I need to update mssql package for resolving 4 moderate severity vulnerabilities :

npm audit report

@azure/identity <4.2.1 Severity: moderate Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability - https://github.com/advisories/GHSA-m5vv-6r4h-3vj9 fix available via npm audit fix --force Will install mssql@11.0.1, which is a breaking change node_modules/@azure/identity tedious 11.0.9 - 18.2.0 Depends on vulnerable versions of @azure/identity node_modules/tedious mssql 7.2.1 - 10.0.4 Depends on vulnerable versions of tedious node_modules/mssql typeorm 0.3.6-dev.0418ebc - 0.3.6-dev.ef025bd || >=0.3.7-dev.1b5aa62 Depends on vulnerable versions of mssql node_modules/typeorm

4 moderate severity vulnerabilities

But typeorm@0.3.20 accept only mssql@"^9.1.1 || ^10.0.1"

Can you update the dependency to mssql@11.0.1 ? Thank you so much.

Package version

10.0.2

NestJS version

10.3.10

Node.js version

20.15.1

In which operating systems have you tested?

Other

No response

micalevisk commented 1 month ago

Report this to typeorm repository. This is not related with nestjs

SkeletonGamer commented 1 month ago

My bad...

I have just opened an issue on TypeORM repository : https://github.com/typeorm/typeorm/issues/11003

Thank you @micalevisk

micalevisk commented 1 month ago

you can close this now then :)