[Snyk] Fix for 1 vulnerabilities

[tomahawk-pilot]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @nestjs/jwt

The new version differs by 250 commits.

• 0274acc Merge pull request #1144 from nestjs/renovate/typescript-eslint-monorepo
• c6bbf14 Merge pull request #1150 from nestjs/renovate/prettier-2.x
• 414aea3 chore(deps): update typescript-eslint monorepo to v5.47.1
• 44fd45a chore(deps): update dependency prettier to v2.8.1
• d8ed56a Merge pull request #1149 from nestjs/renovate/commitlint-monorepo
• 74a21f9 Merge pull request #1057 from nestjs/renovate/jsonwebtoken-8.x
• f367329 Merge pull request #1159 from nestjs/renovate/release-it-15.x
• b3f4fc7 chore(deps): update dependency release-it to v15.5.1
• 15ad133 chore(deps): update commitlint monorepo to v17.3.0
• d14521f fix(deps): update dependency @ types/jsonwebtoken to v8.5.9
• cc04cce Merge pull request #1158 from nestjs/renovate/node-18.x
• 3ebfaf0 chore(deps): update dependency @ types/node to v18.11.18
• a14a3be Merge pull request #1146 from nestjs/renovate/typescript-4.x
• df59940 chore(deps): update dependency typescript to v4.9.4
• e5661b9 Merge pull request #1157 from nestjs/dependabot/npm_and_yarn/minimatch-3.1.2
• 8d74976 Merge pull request #1151 from nestjs/renovate/lint-staged-13.x
• 76b0ee3 Merge pull request #1148 from nestjs/renovate/eslint-8.x
• f3dd100 chore(deps): bump minimatch from 3.0.4 to 3.1.2
• 7b3319a chore(deps): update dependency lint-staged to v13.1.0
• a97c753 Merge pull request #1145 from nestjs/renovate/jest-monorepo
• 73a7440 Merge pull request #1155 from nestjs/renovate/npm-jsonwebtoken-vulnerability
• 8a6a459 chore(deps): update dependency eslint to v8.30.0
• 20c2366 chore(deps): update dependency @ types/jest to v29.2.4
• 98a4464 chore(deps): update dependency jsonwebtoken to 9.0.0 [security]

See the full diff

Package name: newrelic

The new version differs by 250 commits.

• 83bcdaa Merge pull request #1322 from newrelic/release/v9.0.0
• 04bc2ec changelog updates based on feedback from team
• f3e93a4 Adds auto-generated release notes.
• 9cf6626 Merge pull request #1319 from mrickard/NR-35280/drop-async-from-pricing-tests
• a485a28 Setting version to v9.0.0.
• 4ee22c8 Dropped async lib from pricing meminfo and cpu tests
• d3b006f Merge pull request #1318 from bizob2828/backport-8-17-1-changelog
• b88b41e backported 8.17.1 changelog section as we could not merge the release branch since it was made out of band from main
• 5fb4199 Merge pull request #1311 from michaelgoin/bump-external-instrumentation
• 6f0db2d Bumped @ newrelic/native-metrics to ^9.0.0.
• f2cae07 Merge pull request #1313 from mrickard/NR-35280/drop-async-lib-from-dt-int-test
• 4c2c5b5 Merge pull request #1314 from bizob2828/update-pg-tests
• a13f56d removed unused instrumentation branches since we only support 8.2.x+ now
• 3f613e4 Merge pull request #1312 from jordigh/grpc-callback-issue
• b176d9d Code cleanup of async/await/promise conversion
• 3554fa2 * removed pre-7 as it is no longer applicable on node 14+
• b23f3a5 grpc: bind the client segment to the onReceiveStatus listener
• 5b68b38 Refactored dt tap test to remove async lib
• c024773 Bumps minimum external instrumentation modules to new major versions.
• 547c546 Merge pull request #1309 from bizob2828/defensive-truncate
• 53788ee Added defensive code in util/applicationLogging truncate to check if value is string before checking its length
• 7bdeda1 Merge pull request #1307 from mrickard/NR-38203/rmSync-instead-of-rmdirSync
• 4a731dd Merge pull request #1293 from newrelic/remove-cert-bundle
• ad8b3d1 removed unused ssl bundle re-generation code

See the full diff

Package name: passport-jwt

The new version differs by 31 commits.

• fed94fa 4.0.1 release
• cfb5566 Merge pull request #248 from mikenicholson/update-minmatch
• 8e4ad5b Address minmatch vulnerability
• e9cf2ce Merge pull request #247 from mikenicholson/jsonwebtoken-9
• bfbc6cc Update jsonwebtoken to 9.0.0
• a49b43e Update minimist due to prototype pollution vulnerability in previous version
• a5137c6 Merge pull request [Snyk] Security upgrade @nestjs-modules/mailer from 1.4.2 to 2.0.0 #192 from markhoney/patch-1
• ea824cd Update jsonwebtoken and run npm audit fix
• 8e57eec Remove older node versions shiping npm without support for "ci"
• 3ab9305 Add CI workflow in GitHub Actions
• 96a6e55 Merge pull request #218 from Sambego/patch-1
• 809cdbf Update Auth0 sponsorship link
• ec35fa4 Add nodejs 13 & 14 to CI
• 2cab4dd Update mocha to resolve vulnerabilities
• b196eb8 Use nyc for coverage
• ddafcd2 Fix typo
• 6b92631 Merge pull request [Snyk] Security upgrade @nestjs/common from 6.11.11 to 9.0.0 #176 from epicfaace/patch-1
• 154af70 Stop building for Node v5 and earlier
• d311551 Add newer node versions to Travis CI build
• 0e39a48 Update dependencies to resolve vulnerabilities.
• d488147 Update URLs to reference new GitHub username
• 89152d5 Rename extrators-test.js to extractors-test.js
• 0bb68bf Clarify use of custom extractor function.
• 499bd4a Add js formatting to extractor example in README.

See the full diff

Package name: pg

The new version differs by 179 commits.

• 7ffe68e Publish
• 125a268 Update changelog
• da2bb85 Bump node-fetch from 2.6.0 to 2.6.1
• 7649890 Update SPONSORS.md
• c5445f0 Fix metadata for pg-connection-string
• a02dfac Replace semver with optional peer dependencies
• 5825843 Public export of DatabaseError
• e421167 Add ssl=true into the test
• 9cbea21 Solve issues caused by config.ssl = true
• 6be3b90 Add support for ?sslmode connection string param
• f0fc470 Update README.md (#2330)
• 95b5daa Publish
• 1f0d3d5 Add test for pgpass check function scope
• 0758b76 Fix context (this) in _checkPgPass.
• acfbafa Publish
• 07ee1ba Bump version
• 65156e7 Small readme updates & auto-formatting
• 61e4b7f Merge pull request #2309 from chris--young/ssl-err
• f4d123b Prevents bad ssl credentials from causing a crash
• 316bec3 Merge pull request #2294 from charmander/test-fixes
• 3edcbb7 Fix most SSL negotiation packet tests being ignored
• 1b022f8 Remove accidentally duplicated methods
• b8773ce Merge pull request #2289 from brianc/dependabot/npm_and_yarn/lodash-4.17.19
• 692e418 Fix documenation typo in README (#2291)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)