Update dependency @nestjs/core to v9 [SECURITY] by renovate[bot] · Pull Request #17 · PLMore/PLMore-CDN

renovate · 2024-08-06T07:27:43Z

This PR contains the following updates:

Package	Change	Age	Confidence
@nestjs/core (source)	`8.4.6` → `9.0.5`

GitHub Vulnerability Alerts

CVE-2023-26108

Versions of the package @nestjs/core before 9.0.5 are vulnerable to Information Exposure via the StreamableFile pipe. Exploiting this vulnerability is possible when the client cancels a request while it is streaming a StreamableFile, the stream wrapped by the StreamableFile will be kept open.

Release Notes

nestjs/nest (@nestjs/core)

`v9.0.5`

Compare Source

v9.0.5 (2022-07-20)

Bug fixes

common, platform-express
- #9819 fix: use pipeline over stream.pipe (@jmcdo29)

Enhancements

microservices
- #9798 feat(microservices): add noAssert option for RMQ connection (@frankmangone)
- #9954 feat(microservices): add Kafka heartbeat callback to KafkaContext (@kosh-b)
platform-express, platform-fastify
- #9926 fix(express,fastify): raw body for urlencoded requests (@tolgap)

Dependencies

Other
- #9959 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/30-event-emitter (@dependabot[bot])
- #9960 chore(deps): bump terser from 5.14.1 to 5.14.2 in /sample/32-graphql-federation-schema-first/users-application (@dependabot[bot])
- #9961 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/31-graphql-federation-code-first/gateway (@dependabot[bot])
- #9962 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/31-graphql-federation-code-first/users-application (@dependabot[bot])
- #9963 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/32-graphql-federation-schema-first/posts-application (@dependabot[bot])
- #9964 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/32-graphql-federation-schema-first/gateway (@dependabot[bot])
- #9965 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/29-file-upload (@dependabot[bot])
- #9966 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/28-sse (@dependabot[bot])
- #9967 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/31-graphql-federation-code-first/posts-application (@dependabot[bot])
- #9951 chore(deps-dev): bump mongoose from 6.4.4 to 6.4.5 (@dependabot[bot])
- #9952 chore(deps-dev): bump concurrently from 7.2.2 to 7.3.0 (@dependabot[bot])
platform-fastify
- #9950 chore(deps): bump light-my-request from 5.1.0 to 5.2.0 (@dependabot[bot])

Committers: 4

Franco Mangone (@frankmangone)
Jay McDoniel (@jmcdo29)
Tolga Paksoy (@tolgap)
@kosh-b

v9.0.2

Bug fixes

common
- #9904 fix(common): Fix CacheModule registerAsync (@tugascript)

Enhancements

core
- #9902 refactor(core): replace our own 1-level flatten by the native one (@micalevisk)

Dependencies

#9906 chore(deps-dev): bump mongoose from 6.4.3 to 6.4.4 (@dependabot[bot])
#9908 chore(deps-dev): bump cache-manager from 4.0.1 to 4.1.0 (@dependabot[bot])
#9910 chore(deps-dev): bump @nestjs/graphql from 10.0.16 to 10.0.18 (@dependabot[bot])
#9911 chore(deps-dev): bump core-js from 3.23.3 to 3.23.4 (@dependabot[bot])

Committers: 3

Afonso Barracha (@tugascript)
Antonio T. alias Tony (@Tony133)
Micael Levi L. Cavalcante (@micalevisk)

`v9.0.1`

Compare Source

`v9.0.0`

Compare Source

v9.0.0 (2022-07-08)

Article: https://trilon.io/blog/nestjs-9-is-now-available

Migration guide: https://docs.nestjs.com/migration-guide

Features

common
- #9718 Feature/4752 file validators pipe (@thiagomini)
- #9534 feat(core): add configurable module builder, module utils (@kamilmysliwiec)
common, core
- #9684 feat(core): read–eval–print loop feature (@kamilmysliwiec)
- #9697 feat(core): add durable providers feature (@kamilmysliwiec)

Bug fixes

microservices
- #9674 fix(microservices): Fixed typings for MessageHandler (@dkonasov)
- #9587 fix(microservices): revert grpc client interceptors (grpc-specific) (@kamilmysliwiec)

Enhancements

common, core, platform-express, platform-fastify
- #8802 fix: only send exception responses if header is not already sent (@wSedlacek)
- #9591 feat(common,core): make HttpServer#applyVersionFilter mandatory (@micalevisk)
common
- #9705 feat(common): Add error chaining support to http exception (@vinnymac)
- #9383 feat(common): disallow usage of inject on class and value providers at type level (@micalevisk)
- #9023 fix: fix factory provider definition (@ZanMinKian)
- #8459 fix(common): ParseUUIDPipe - throw exceptions with exceptionFactory only (@titivuk)
microservices
- #9681 fix(microservices): allow postfixId on KafkaOptions to be an empty string (@micalevisk)
- #8798 feat(microservices): migrate redis transporter to internally use ioredis package (@kamilmysliwiec)
- #9586 feat(microservices): add kafka retriable exception, auto-unwrap payloads (@kamilmysliwiec)
core
- #9720 fix(core): prevent renaming global providers and modules in the repl (@micalevisk)
- #9596 feat(core): throw an exception instead of logging due to module import misusage (@micalevisk)
common, core, microservices
- #9604 refactor(common,core,microservices): drop all deprecated methods (@micalevisk)
core, websockets
- #9491 feat(core,websockets): use rxjs to check if values are observables (@micalevisk)

Dependencies

Other
- #9885 chore(deps-dev): bump @fastify/static from 5.0.0 to 6.4.0 (@dependabot[bot])
- #9883 chore(deps-dev): bump ioredis from 5.0.4 to 5.1.0 (@dependabot[bot])
- #9884 chore(deps-dev): bump nodemon from 2.0.18 to 2.0.19 (@dependabot[bot])
- #9886 chore(deps-dev): bump supertest from 6.2.3 to 6.2.4 (@dependabot[bot])
- #9888 chore(deps-dev): bump @types/cache-manager from 4.0.0 to 4.0.1 (@dependabot[bot])
- #9889 chore(deps): bump cli-color from 2.0.2 to 2.0.3 (@dependabot[bot])
- #9890 chore(deps-dev): bump @types/node from 18.0.0 to 18.0.3 (@dependabot[bot])
- #9882 chore(deps-dev): bump @fastify/multipart from 6.0.0 to 7.1.0 (@dependabot[bot])
- #9869 chore(deps): bump fast-json-stringify from 5.0.1 to 5.0.6 (@dependabot[bot])
- #9851 chore(deps-dev): bump kafkajs from 2.0.2 to 2.1.0 (@dependabot[bot])
- #9848 chore(deps-dev): bump graphql-tools from 8.2.13 to 8.3.0 (@dependabot[bot])
- #9837 chore(deps-dev): bump @commitlint/config-angular from 17.0.0 to 17.0.3 (@dependabot[bot])
- #9871 chore(deps-dev): bump redis from 3.1.2 to 4.2.0 (@dependabot[bot])
- #9870 chore(deps-dev): bump mongoose from 6.4.0 to 6.4.3 (@dependabot[bot])
- #9852 chore(deps-dev): bump @types/sinon from 10.0.11 to 10.0.12 (@dependabot[bot])
- #9766 chore(deps): bump middie from 6.1.0 to 7.1.0 (@dependabot[bot])
- #9876 chore(deps): bump moment from 2.29.2 to 2.29.4 in /sample/07-sequelize (@dependabot[bot])
- #9875 chore(deps): bump moment from 2.29.2 to 2.29.4 in /sample/26-queues (@dependabot[bot])
- #9877 chore(deps): bump moment from 2.29.2 to 2.29.4 in /sample/27-scheduling (@dependabot[bot])
- #9878 chore(deps): bump moment from 2.29.2 to 2.29.4 (@dependabot[bot])
- #9838 chore(deps-dev): bump core-js from 3.23.2 to 3.23.3 (@dependabot[bot])
- #9839 chore(deps-dev): bump @commitlint/cli from 17.0.2 to 17.0.3 (@dependabot[bot])
- #9841 chore(deps-dev): bump lint-staged from 13.0.2 to 13.0.3 (@dependabot[bot])
- #9830 chore(deps-dev): bump nodemon from 2.0.16 to 2.0.18 (@dependabot[bot])
- #9828 chore(deps): bump fast-json-stringify from 4.2.0 to 5.0.1 (@dependabot[bot])
- #9827 chore(deps-dev): bump graphql-tools from 8.2.12 to 8.2.13 (@dependabot[bot])
- #9815 chore(deps-dev): bump core-js from 3.23.1 to 3.23.2 (@dependabot[bot])
- #9796 chore(deps-dev): bump prettier from 2.7.0 to 2.7.1 (@dependabot[bot])
- #9807 chore(deps-dev): bump mongoose from 6.3.8 to 6.4.0 (@dependabot[bot])
- #9808 chore(deps-dev): bump typescript from 4.7.3 to 4.7.4 (@dependabot[bot])
- #9791 chore(deps-dev): bump apollo-server-core from 3.8.2 to 3.9.0 (@dependabot[bot])
- #9790 chore(deps-dev): bump @nestjs/apollo from 10.0.14 to 10.0.16 (@dependabot[bot])
- #9787 chore(deps-dev): bump apollo-server-express from 3.8.2 to 3.9.0 (@dependabot[bot])
- #9788 chore(deps-dev): bump @types/node from 17.0.43 to 18.0.0 (@dependabot[bot])
- #9792 chore(deps-dev): bump @nestjs/graphql from 10.0.15 to 10.0.16 (@dependabot[bot])
- #9794 chore(deps-dev): bump lint-staged from 13.0.1 to 13.0.2 (@dependabot[bot])
- #9779 chore(deps-dev): bump concurrently from 7.2.1 to 7.2.2 (@dependabot[bot])
- #9780 chore(deps-dev): bump @types/node from 17.0.42 to 17.0.43 (@dependabot[bot])
- #9781 chore(deps-dev): bump core-js from 3.23.0 to 3.23.1 (@dependabot[bot])
- #9782 chore(deps-dev): bump @nestjs/mongoose from 9.1.0 to 9.1.1 (@dependabot[bot])
- #9772 chore(deps-dev): bump prettier from 2.6.2 to 2.7.0 (@dependabot[bot])
- #9734 chore(deps-dev): bump ts-node from 10.8.0 to 10.8.1 (@dependabot[bot])
- #9761 chore(deps): bump fast-json-stringify from 4.1.0 to 4.2.0 (@dependabot[bot])
- #9771 chore(deps-dev): bump core-js from 3.22.8 to 3.23.0 (@dependabot[bot])
- #9773 chore(deps-dev): bump @types/cache-manager from 3.4.3 to 4.0.0 (@dependabot[bot])
- #9522 chore(deps-dev): bump mocha from 9.2.2 to 10.0.0 (@dependabot[bot])
platform-fastify
- #9853 chore(deps): bump fastify from 3.29.0 to 4.2.0 (@dependabot[bot])
microservices, testing
- #9825 chore(deps): update dependency got to 11.8.5 [security] (@renovate[bot])
platform-ws
- #9770 chore(deps): bump ws from 8.7.0 to 8.8.0 (@dependabot[bot])

Committers: 13

Dylan Lundy (@diesal11)
Kamil Mysliwiec (@kamilmysliwiec)
Kanstantsin Tatarchuk (@titivuk)
Marcin Wojciechowski (@Wojciechowski-Marcin)
Micael Levi L. Cavalcante (@micalevisk)
Thiago Valentim (@thiagomini)
Vincent Taverna (@vinnymac)
William Sedlacek (@wSedlacek)
@chunghha
@dkonasov
@yevgeniypak
曾明健 (@ZanMinKian)
정우병 (@woobottle)

`v8.4.7`

Compare Source

v8.4.7 (2022-06-14)

Enhancements

microservices
- #9719 feat(microservices): exposes base context on the main package (@delucca)
- #9751 fix(microservices): adds feedback message when RabbitMQ server connection hangs (@delucca)
common
- #9742 Improve stripProtoKeys performance, especially for TypedArray (@mjgp2)

Dependencies

#9731 chore(deps-dev): bump apollo-server-core from 3.8.1 to 3.8.2 (@dependabot[bot])
#9762 chore(deps-dev): bump lint-staged from 13.0.0 to 13.0.1 (@dependabot[bot])
#9764 chore(deps-dev): bump graphql-tools from 8.2.11 to 8.2.12 (@dependabot[bot])
#9765 chore(deps-dev): bump point-of-view from 6.2.1 to 6.3.0 (@dependabot[bot])
#9769 chore(deps-dev): bump mongoose from 6.3.5 to 6.3.8 (@dependabot[bot])
#9729 chore(deps-dev): bump cache-manager from 4.0.0 to 4.0.1 (@dependabot[bot])
#9730 chore(deps-dev): bump typescript from 4.7.2 to 4.7.3 (@dependabot[bot])
#9732 chore(deps-dev): bump apollo-server-express from 3.8.1 to 3.8.2 (@dependabot[bot])
#9735 chore(deps-dev): bump ts-morph from 15.0.0 to 15.1.0 (@dependabot[bot])
#9740 chore(deps-dev): bump @grpc/proto-loader from 0.6.12 to 0.6.13 (@dependabot[bot])
#9756 chore(deps-dev): bump @types/node from 17.0.38 to 17.0.42 (@dependabot[bot])
#9757 chore(deps): bump fast-json-stringify from 3.2.0 to 4.1.0 (@dependabot[bot])
#9711 chore(deps-dev): bump @nestjs/apollo from 10.0.13 to 10.0.14 (@dependabot[bot])
#9712 chore(deps-dev): bump lint-staged from 12.5.0 to 13.0.0 (@dependabot[bot])
#9710 chore(deps-dev): bump cache-manager from 3.6.3 to 4.0.0 (@dependabot[bot])
#9709 chore(deps-dev): bump @commitlint/cli from 17.0.1 to 17.0.2 (@dependabot[bot])
#9713 chore(deps-dev): bump core-js from 3.22.7 to 3.22.8 (@dependabot[bot])
#9723 chore(deps-dev): bump @nestjs/graphql from 10.0.13 to 10.0.15 (@dependabot[bot])
#9722 chore(deps): bump protobufjs from 6.11.2 to 6.11.3 (@dependabot[bot])
#9721 chore(deps): bump protobufjs from 6.11.2 to 6.11.3 in /sample/04-grpc (@dependabot[bot])
#9724 chore(deps-dev): bump amqplib from 0.9.1 to 0.10.0 (@dependabot[bot])
#9700 chore(deps-dev): bump kafkajs from 2.0.1 to 2.0.2 (@dependabot[bot])
#9701 chore(deps-dev): bump @types/node from 17.0.36 to 17.0.38 (@dependabot[bot])
#9702 chore(deps-dev): bump point-of-view from 5.3.0 to 6.2.1 (@dependabot[bot])
#9703 chore(deps-dev): bump lint-staged from 12.4.3 to 12.5.0 (@dependabot[bot])

Committers: 5

Antonio T. alias Tony (@Tony133)
Daniel De Lucca (@delucca)
Matthew Painter (@mjgp2)
Sushant Zope (@sushant9096)
Volodymyr Tytarenko (@bovatitar)

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate · 2024-08-06T07:27:44Z

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

any of the package files in this branch needs updating, or
the branch becomes conflicted, or
you click the rebase/retry checkbox if found above, or
you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json

npm ERR! code ERESOLVE
npm ERR! ERESOLVE unable to resolve dependency tree
npm ERR! 
npm ERR! While resolving: cdn@0.0.1
npm ERR! Found: @nestjs/common@8.4.6
npm ERR! node_modules/@nestjs/common
npm ERR!   @nestjs/common@"8.4.6" from the root project
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! peer @nestjs/common@"^9.0.0" from @nestjs/core@9.0.5
npm ERR! node_modules/@nestjs/core
npm ERR!   @nestjs/core@"9.0.5" from the root project
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR! 
npm ERR! See /runner/cache/others/npm/eresolve-report.txt for a full report.

npm ERR! A complete log of this run can be found in:
npm ERR!     /runner/cache/others/npm/_logs/2026-02-02T21_09_26_465Z-debug-0.log

Update dependency @nestjs/core to v9 [SECURITY]

69f9fe3

renovate bot changed the title ~~Update dependency @nestjs/core to v9 [SECURITY]~~ Update dependency @nestjs/core to v9 [SECURITY] - autoclosed Dec 8, 2024

renovate bot closed this Dec 8, 2024

renovate bot deleted the renovate/npm-nestjs-core-vulnerability branch December 8, 2024 18:45

renovate bot changed the title ~~Update dependency @nestjs/core to v9 [SECURITY] - autoclosed~~ Update dependency @nestjs/core to v9 [SECURITY] Dec 8, 2024

renovate bot reopened this Dec 8, 2024

renovate bot force-pushed the renovate/npm-nestjs-core-vulnerability branch from 13d5629 to 69f9fe3 Compare December 8, 2024 22:41

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update dependency @nestjs/core to v9 [SECURITY]#17

Update dependency @nestjs/core to v9 [SECURITY]#17
renovate[bot] wants to merge 1 commit intomainfrom
renovate/npm-nestjs-core-vulnerability

renovate bot commented Aug 6, 2024 •

edited

Loading

Uh oh!

renovate bot commented Aug 6, 2024 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

renovate bot commented Aug 6, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

GitHub Vulnerability Alerts

Release Notes

v9.0.5 (2022-07-20)

Bug fixes

Enhancements

Dependencies

Committers: 4

v9.0.2

Bug fixes

Enhancements

Dependencies

Committers: 3

v9.0.0 (2022-07-08)

Article: https://trilon.io/blog/nestjs-9-is-now-available

Migration guide: https://docs.nestjs.com/migration-guide

Features

Bug fixes

Enhancements

Dependencies

Committers: 13

v8.4.7 (2022-06-14)

Enhancements

Dependencies

Committers: 5

Configuration

Uh oh!

renovate bot commented Aug 6, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

⚠️ Artifact update problem

File name: package-lock.json

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

renovate bot commented Aug 6, 2024 •

edited

Loading

renovate bot commented Aug 6, 2024 •

edited

Loading