Some vulnerabilities require your attention to resolve. [High : Server-Side Request Forgery]

[bug249286]

───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Server-Side Request Forgery │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ axios │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=0.21.1 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ nestjs-redis │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ nestjs-redis > @nestjs/common > axios │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/1594

[eyalyoli]

Need to update @nestjs/common. Published npm package is v1.2.8 while the git is v1.3.2. Please publish the latest version to npm.

A workaround - npm rm nestjs-redis and then npm i https://github.com/skunight/nestjs-redis (install directly from git's latest version).

It seems that the package name has changed, so change all the imports to import from nest-redis.

[bug249286]

@eyalyoli Thanks.

[eyalyoli]

OK, since the package name changed, it is now published under the new name which is at https://www.npmjs.com/package/nest-redis

@skunight can you please update the readme that the package name has changed?

[rifatdover]

Did you see fix? But it will be better if it becomes a peer dependency.

[sashkopavlenko]

@eyalyoli I doubt it was intentionally. There was a PR to revert this change, but it was closed. There is also an open PR that changes the package name back to nestjs-redis. Merging this should resolve the confusion.

@skunight @wisekaa03 please shed the light what is the correct name of the library at this point? Is it going to be further maintenance for nestjs-redis?

It's frustrating to see the project appreciated by the community like this unmaintained.