Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade @nestjs/platform-express from 10.3.4 to 10.3.6 #137

Merged
merged 1 commit into from
Apr 2, 2024

Conversation

TheSlimvReal
Copy link
Contributor

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
⚠️ Warning
Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 591/1000
Why? Recently disclosed, Has a fix available, CVSS 6.1
Open Redirect
SNYK-JS-EXPRESS-6474509
No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @nestjs/platform-express The new version differs by 58 commits.
  • 1f2fae7 chore(@ nestjs) publish v10.3.6 release
  • 50385de Merge pull request #13362 from nestjs/dependabot/npm_and_yarn/grpc/proto-loader-0.7.11
  • 872ab40 Merge pull request #13367 from nestjs/revert-13328-fix/redundant-emit-code
  • f416f5a Revert "fix(microservices): fix redundant code to emit error"
  • f29f932 Merge pull request #13366 from breeeew/fix-request-scope-leak
  • 274011d chore(deps-dev): bump @ grpc/proto-loader from 0.7.10 to 0.7.11
  • ccbbe06 Merge pull request #13358 from nestjs/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-7.4.0
  • 1757840 Merge pull request #13361 from nestjs/dependabot/npm_and_yarn/mocha-10.4.0
  • e133595 Merge pull request #13363 from nestjs/dependabot/npm_and_yarn/grpc/grpc-js-1.10.4
  • 743c4b6 Merge pull request #13364 from nestjs/dependabot/npm_and_yarn/mysql2-3.9.3
  • 6a7f74f fix(core): break reference chain to instance object
  • 4510f6d chore(deps-dev): bump mysql2 from 3.9.2 to 3.9.3
  • b3f0b65 chore(deps-dev): bump @ grpc/grpc-js from 1.10.3 to 1.10.4
  • 0782837 chore(deps-dev): bump mocha from 10.3.0 to 10.4.0
  • 334b27b chore(deps-dev): bump @ typescript-eslint/eslint-plugin
  • ddc1265 Merge pull request #13355 from nestjs/dependabot/npm_and_yarn/apollo/server-4.10.2
  • 560e350 Merge pull request #13359 from nestjs/dependabot/npm_and_yarn/typescript-eslint/parser-7.4.0
  • b3a7510 Merge pull request #13357 from nestjs/dependabot/npm_and_yarn/express-4.19.2
  • 70dea80 chore(deps-dev): bump @ typescript-eslint/parser from 7.3.1 to 7.4.0
  • 8b1a1dd chore(deps): bump express from 4.19.1 to 4.19.2
  • 2957483 chore(deps-dev): bump @ apollo/server from 4.10.1 to 4.10.2
  • 1a605dd Merge branch 'master' of https://github.com/nestjs/nest
  • 8bf0015 chore: update readme
  • 09857ae Merge pull request #13343 from nestjs/dependabot/npm_and_yarn/core-js-3.36.1

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Open Redirect

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-EXPRESS-6474509
@sleidig sleidig merged commit c6d2e56 into master Apr 2, 2024
5 checks passed
@sleidig sleidig deleted the snyk-fix-3b7cb199a85d23e8377ff796c219710d branch April 2, 2024 09:46
Copy link

🎉 This PR is included in version 1.0.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants