Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Some vulnerabilities require your attention to resolve. [High : Server-Side Request Forgery] #68

Open
bug249286 opened this issue Jan 11, 2021 · 5 comments
Open

Some vulnerabilities require your attention to resolve. [High : Server-Side Request Forgery] #68

bug249286 opened this issue Jan 11, 2021 · 5 comments

Comments

@bug249286
Copy link

───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Server-Side Request Forgery │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ axios │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=0.21.1 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ nestjs-redis │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ nestjs-redis > @nestjs/common > axios │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/1594
rifatdover added a commit to rifatdover/nestjs-redis that referenced this issue Jan 11, 2021
@rifatdover
Fix for skunight#68
e7fe701 
These should be a peer dependency also but this is fixing. https://www.npmjs.com/advisories/1594
@eyalyoli
Copy link

eyalyoli commented Jan 15, 2021
edited
Loading

Need to update @nestjs/common. Published npm package is v1.2.8 while the git is v1.3.2. Please publish the latest version to npm.

A workaround - npm rm nestjs-redis and then npm i https://github.com/skunight/nestjs-redis (install directly from git's latest version).

It seems that the package name has changed, so change all the imports to import from nest-redis.

@bug249286
Copy link
Author

@eyalyoli Thanks.

@eyalyoli
Copy link

eyalyoli commented Jan 18, 2021
edited
Loading

OK, since the package name changed, it is now published under the new name which is at https://www.npmjs.com/package/nest-redis

@skunight can you please update the readme that the package name has changed?

@rifatdover
Copy link
Contributor

Did you see fix? But it will be better if it becomes a peer dependency.

@sashkopavlenko
Copy link
Contributor

sashkopavlenko commented Mar 5, 2021
edited
Loading

@eyalyoli I doubt it was intentionally. There was a PR to revert this change, but it was closed. There is also an open PR that changes the package name back to nestjs-redis. Merging this should resolve the confusion.

@skunight @wisekaa03 please shed the light what is the correct name of the library at this point? Is it going to be further maintenance for nestjs-redis?

It's frustrating to see the project appreciated by the community like this unmaintained.

skunight added a commit that referenced this issue Mar 19, 2021
@skunight
Merge pull request #69 from rifatdover/patch-1
9c02dda 
Fix for #68
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@rifatdover @eyalyoli @sashkopavlenko @bug249286