Closed SkeletonGamer closed 1 month ago
Report this to typeorm repository. This is not related with nestjs
My bad...
I have just opened an issue on TypeORM repository : https://github.com/typeorm/typeorm/issues/11003
Thank you @micalevisk
you can close this now then :)
Is there an existing issue for this?
Current behavior
npm WARN ERESOLVE overriding peer dependency npm WARN While resolving: bcp-invoice-backend@0.0.1 npm WARN Found: mssql@11.0.1 npm WARN node_modules/mssql npm WARN mssql@"11.0.1" from the root project npm WARN npm WARN Could not resolve dependency: npm WARN peerOptional mssql@"^9.1.1 || ^10.0.1" from typeorm@0.3.20 npm WARN node_modules/typeorm npm WARN peer typeorm@"^0.3.0" from @nestjs/typeorm@10.0.2 npm WARN node_modules/@nestjs/typeorm npm WARN 1 more (the root project) npm WARN ERESOLVE overriding peer dependency npm WARN While resolving: bcp-invoice-backend@0.0.1 npm WARN Found: mssql@11.0.1 npm WARN node_modules/mssql npm WARN mssql@"11.0.1" from the root project npm WARN npm WARN Could not resolve dependency: npm WARN peerOptional mssql@"^9.1.1 || ^10.0.1" from typeorm@0.3.20 npm WARN node_modules/typeorm npm WARN peer typeorm@"^0.3.0" from @nestjs/typeorm@10.0.2 npm WARN node_modules/@nestjs/typeorm npm WARN 1 more (the root project)
Minimum reproduction code
npm install --save mssql@11.0.1
Steps to reproduce
npm install --save mssql@11.0.1
Expected behavior
I need to update mssql package for resolving 4 moderate severity vulnerabilities :
npm audit report
@azure/identity <4.2.1 Severity: moderate Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability - https://github.com/advisories/GHSA-m5vv-6r4h-3vj9 fix available via
npm audit fix --force
Will install mssql@11.0.1, which is a breaking change node_modules/@azure/identity tedious 11.0.9 - 18.2.0 Depends on vulnerable versions of @azure/identity node_modules/tedious mssql 7.2.1 - 10.0.4 Depends on vulnerable versions of tedious node_modules/mssql typeorm 0.3.6-dev.0418ebc - 0.3.6-dev.ef025bd || >=0.3.7-dev.1b5aa62 Depends on vulnerable versions of mssql node_modules/typeorm4 moderate severity vulnerabilities
But typeorm@0.3.20 accept only mssql@"^9.1.1 || ^10.0.1"
Can you update the dependency to mssql@11.0.1 ? Thank you so much.
Package version
10.0.2
NestJS version
10.3.10
Node.js version
20.15.1
In which operating systems have you tested?
Other
No response