Giters

oguimbal / pg-mem

An in memory postgres DB instance for your unit tests

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

@mikro-orm/postgresql@4.5.10 has a security issue

Mykyta-Chernenko opened this issue · comments

commented

Describe the bug

Our snyk test has found a vulnerability in version 2.6.13

Issues with no direct upgrade or patch:
✗ SQL Injection [High Severity][https://security.snyk.io/vuln/SNYK-JS-KNEX-3175610] in knex@0.21.19
introduced by pg-mem@2.6.13 > @mikro-orm/postgresql@4.5.10 > @mikro-orm/knex@4.5.10 > knex@0.21.19
This issue was fixed in versions: 2.4.0
✗ Prototype Pollution [High Severity][https://security.snyk.io/vuln/SNYK-JS-UNSETVALUE-2400660] in unset-value@1.0.0
introduced by pg-mem@2.6.13 > @mikro-orm/postgresql@4.5.10 > @mikro-orm/knex@4.5.10 > knex@0.21.19 > liftoff@3.1.0 > findup-sync@3.0.0 > micromatch@3.1.10 > braces@2.3.2 > snapdragon@0.8.2 > base@0.11.2 > cache-base@1.0.1 > unset-value@1.0.0
This issue was fixed in versions: 2.0.1

To Reproduce

Install the pgmem version 2.6.13

pg-mem version

2.6.13