[Snyk] Fix for 8 vulnerabilities

[naiba4]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/adapter-typeorm-legacy/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-6124857	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-AXIOS-6144788	Yes	No Known Exploit
	631/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept
	534/1000 Why? Has a fix available, CVSS 6.4	Improper Authentication SNYK-JS-JSONWEBTOKEN-3180022	Yes	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Improper Restriction of Security Token Assignment SNYK-JS-JSONWEBTOKEN-3180024	Yes	No Known Exploit
	554/1000 Why? Has a fix available, CVSS 6.8	Use of a Broken or Risky Cryptographic Algorithm SNYK-JS-JSONWEBTOKEN-3180026	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Prototype Pollution SNYK-JS-XML2JS-5414874	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: jest

The new version differs by 250 commits.

• 75006e4 v29.0.0
• 7c82a9f chore: update jest-watch-typeahead again
• 352ff29 chore: update changelog for release
• 33ad8c3 docs: Jest 29 blog post (#13103)
• dda77e5 docs: collapse 28.0 and 28.1 docs (#13104)
• c0dc84c chore: update jest-watch-typeahead
• 05f6217 fix: support deep CJS re-exports when using ESM (#13170)
• 490fd88 chore: update yarn (#13169)
• 98936a2 docs: Update Enzyme links to use new URL (#13166)
• 187566a feat(pretty-format): allow to opt out from sorting object keys with `compareKeys: null` (#12443)
• ae2bed7 chore: tweak regex used in e2e tests (#13129)
• 8c56d74 docs: Update Configuration.md for added special notes on usage scenarios for pnpm. (#13115)
• fb1c53d feat(jest-config)!: remove undocumented `collectCoverageOnlyFrom` option (#13156)
• 075b489 fix: ignore `EISDIR` when resolving symlinks (#13157)
• 3bef02e feat(@ jest/test-result, @ jest/types)!: replace `Bytes` and `Milliseconds` types with `number` (#13155)
• 4def94b v29.0.0-alpha.6
• 0f00d4e fix: replace non-CLI `rimraf` usage (#13151)
• 6a90a2c fix: Allow updating inline snapshots when test includes JSX (#12760)
• 983274a feat: Let `babel` find config when updating inline snapshots (#13150)
• d2ff18a chore: make prettierPath optional in `SnapshotState` (#13149)
• 7d8d01c feat(circus): added each to failing tests (#13142)
• a5b52a5 chore(types): separate MatcherContext, MatcherUtils and MatcherState (#13141)
• 79b5e41 chore: get rid of peer dep warning in website
• 812763d chore: enable 'no-duplicate-imports' (#13138)

See the full diff

Package name: mssql

The new version differs by 191 commits.

• 4688d61 Merge pull request Server API: Redirect query parameter nextauthjs/next-auth#1547 from dhensby/pulls/tedious-upgrade
• 825692e docs: update changelog
• cd0bc02 feat: upgrade tedious to v16 and drop Node 14 support
• 4968b3b chore(deps): bump tedious from 15.0.1 to 16.4.0
• cb6f8e2 fix: force patch release
• 8a677c8 Merge pull request Unable to stop redirect with email signIn nextauthjs/next-auth#1546 from tediousjs/revert-1518-dependabot/npm_and_yarn/tedious-16.4.0
• 86d3276 Revert "chore(deps): bump tedious from 15.0.1 to 16.4.0"
• 31bdaca Merge branch '9.3.x'
• a702724 Merge remote-tracking branch 'origin/9.2.x' into 9.x
• 53fc9ea Merge pull request JWKS endpoint nextauthjs/next-auth#1543 from partik-mis/1542-fix
• ff05cce docs: update changelog
• eb3e4d0 fix: msnodesqlv8 connection string uses correct instance name
• 1e12437 Merge pull request How should I protect an external endpoint outside of next-auth? nextauthjs/next-auth#1518 from tediousjs/dependabot/npm_and_yarn/tedious-16.4.0
• b5cf976 Merge pull request Inconsistent session returns after 3.8.0 nextauthjs/next-auth#1461 from Shin-Aska/feature/aad-integration-conn-string
• 59aea21 feat: add AAD authentication support to connection strings
• 17b4962 feat!: upgrade tedious to v16 and drop Node 14 support
• 4d01ef7 chore(deps): bump tedious from 15.0.1 to 16.4.0
• 0c9ce86 Merge pull request Results from linkedin auth are null besides name nextauthjs/next-auth#1541 from dhensby/pulls/sqlserver-action
• 9a08da0 ci: use sqlserver action in CI
• e736c67 Merge pull request Signout only works after some time has passed nextauthjs/next-auth#1538 from tediousjs/dependabot/npm_and_yarn/release-tools-569e119392
• 9645d56 chore(deps-dev): bump the release-tools group with 3 updates
• ed01abc Merge pull request Is it possible to know the provider when using useSession() ? nextauthjs/next-auth#1537 from dhensby/pulls/dependabot-update
• f6fd19b ci: update dependabot to use groups
• f1bfc99 Merge pull request How to manually create users and accounts? nextauthjs/next-auth#1532 from tediousjs/dependabot/npm_and_yarn/semantic-release/npm-10.0.5

See the full diff

Package name: typeorm

The new version differs by 250 commits.

• b6ef306 updated glob version
• b5d2599 build(deps-dev): bump the npm_and_yarn group group with 1 update (Simplified signInPage example nextauthjs/next-auth#10591)
• 080528b fix: resolve circular dependency when using Vite ([Credentials provider] error API call been made to "/auth/auth/" instead of "/auth" nextauthjs/next-auth#10273)
• 338df16 feat: add support for table comment in MySQL (refactor: high-level tests nextauthjs/next-auth#10017)
• 15bc887 build: update CircleCI config & repair failing tests (JWT strings must contain exactly 2 period characters. Found: 4 nextauthjs/next-auth#10590)
• b5ec088 docs: update Chinese faq.md (Unexpected Modification of User Object in Next.js Authentication Callback nextauthjs/next-auth#10593)
• a00b1df feat: implement OR operator (Build error in Next.js 14.1.0 when using next-auth 5.0.0-beta.11 due to "cannot get final name for export 'default' of ./node_modules/.pnpm/jose@5.2.2/node_modules/jose/dist/node/esm/runtime/random.js" nextauthjs/next-auth#10086)
• dd59524 fix: prevent using absolute table path in migrations unless required (Added missing .js extension to import nextauthjs/next-auth#10123)
• 4329996 docs: update Soft-Delete, Restore-Soft-Delete examples (next.js 14.2.1 gives 404 on /auth/signin nextauthjs/next-auth#10585)
• 7ecc8f3 docs: updated id to _id (Improve Auth.js Intro nextauthjs/next-auth#10584)
• 8b4df5b fix: added fail callback while opening the database in Cordova (Issue with NextAuth, PrismaAdapter, and Resend with magic link: Not Saving name and tenantId in User Table and Passing Extra Props nextauthjs/next-auth#10566)
• 173910e fix: should automatically cache if alwaysEnable (Middleware doesn't work with Next Auth V5, "message": "There was a problem with the server configuration. Check the server logs for more information." nextauthjs/next-auth#10137)
• 73ee70b fix: correctly keep query.data from ormOption for commit / rollback subscribers (How can I access to request object from [...nextauth]/route? (NextJS 13/14, App Router) nextauthjs/next-auth#10151)
• e67d704 feat: nullable embedded entities (Pages configuration doesn't work in NextAuth V5 nextauthjs/next-auth#10289)
• 5c28154 feat: BeforeQuery and AfterQuery events (`basePath` is constructed incorrectly, resulting in invalid URLs nextauthjs/next-auth#10234)
• 0f11739 docs: fix typos (Custom redirect URL when signin? nextauthjs/next-auth#10243)
• b188c1e chore: initial setup of ESLint (Update Introduction with Enhancements nextauthjs/next-auth#10203)
• 25e6ecd fix: nested transactions issues ("OperationProcessingError: unexpected JWT "aud" (audience) claim value" on Google Provider callback nextauthjs/next-auth#10210)
• 3cda7ec feat: add isolated where statements (Forward credentials/access token from route handler in a request to another route handler nextauthjs/next-auth#10213)
• 149226d fix: backport postgres connection error handling to crdb (`@auth/sveltekit`: how to make working `adapter-node` build of the app? nextauthjs/next-auth#10177)
• 122b683 fix: mssql datasource testonborrow not affecting anything (JWT strings must contain exactly 2 period characters. Found: 4 nextauthjs/next-auth#10589)
• dc1bfed fix: resolve issues on upsert (authjs.session-token send to backend but is error nextauthjs/next-auth#10588)
• a939654 fix: remove dynamic require calls (How to use next-auth with mongodb v6.4? nextauthjs/next-auth#10196)
• f6b87e3 perf: improve SapQueryRunner performance (fix(docs): typo in docs for prisma adapter nextauthjs/next-auth#10198)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Request Forgery (CSRF)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn