fix(deps): update dependency @nestjs/core to v9 [security]

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
@nestjs/core (source)	8.2.4 → 9.0.5

---

@​nestjs/core vulnerable to Information Exposure via StreamableFile pipe

CVE-2023-26108 / GHSA-4jpv-8r57-pv7j

More information

Details

Versions of the package @​nestjs/core before 9.0.5 are vulnerable to Information Exposure via the StreamableFile pipe. Exploiting this vulnerability is possible when the client cancels a request while it is streaming a StreamableFile, the stream wrapped by the StreamableFile will be kept open.

Severity

• CVSS Score: 5.3 / 10 (Medium)
• Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References

• https://nvd.nist.gov/vuln/detail/CVE-2023-26108
• https://github.com/nestjs/nest/issues/9759
• https://github.com/nestjs/nest/pull/9819
• https://github.com/nestjs/nest/pull/9819/commits/f59cf5e81ca73bcdf1b5b36713550fd93918db41
• https://security.snyk.io/vuln/SNYK-JS-NESTJSCORE-2869127
• https://github.com/advisories/GHSA-4jpv-8r57-pv7j

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Release Notes

nestjs/nest (@​nestjs/core)

v9.0.5

Compare Source

v9.0.5 (2022-07-20)

Bug fixes

• common, platform-express
  • #​9819 fix: use pipeline over stream.pipe (@​jmcdo29)

Enhancements

• microservices
  • #​9798 feat(microservices): add noAssert option for RMQ connection (@​frankmangone)
  • #​9954 feat(microservices): add Kafka heartbeat callback to KafkaContext (@​kosh-b)
• platform-express, platform-fastify
  • #​9926 fix(express,fastify): raw body for urlencoded requests (@​tolgap)

Dependencies

• Other
  • #​9959 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/30-event-emitter (@​dependabot[bot])
  • #​9960 chore(deps): bump terser from 5.14.1 to 5.14.2 in /sample/32-graphql-federation-schema-first/users-application (@​dependabot[bot])
  • #​9961 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/31-graphql-federation-code-first/gateway (@​dependabot[bot])
  • #​9962 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/31-graphql-federation-code-first/users-application (@​dependabot[bot])
  • #​9963 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/32-graphql-federation-schema-first/posts-application (@​dependabot[bot])
  • #​9964 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/32-graphql-federation-schema-first/gateway (@​dependabot[bot])
  • #​9965 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/29-file-upload (@​dependabot[bot])
  • #​9966 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/28-sse (@​dependabot[bot])
  • #​9967 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/31-graphql-federation-code-first/posts-application (@​dependabot[bot])
  • #​9951 chore(deps-dev): bump mongoose from 6.4.4 to 6.4.5 (@​dependabot[bot])
  • #​9952 chore(deps-dev): bump concurrently from 7.2.2 to 7.3.0 (@​dependabot[bot])
• platform-fastify
  • #​9950 chore(deps): bump light-my-request from 5.1.0 to 5.2.0 (@​dependabot[bot])

Committers: 4

• Franco Mangone (@​frankmangone)
• Jay McDoniel (@​jmcdo29)
• Tolga Paksoy (@​tolgap)
• @​kosh-b

v9.0.4

Compare Source

v9.0.3

Compare Source

v9.0.2

Compare Source

v9.0.2

Bug fixes

• common
  • #​9904 fix(common): Fix CacheModule registerAsync (@​tugascript)

Enhancements

• core
  • #​9902 refactor(core): replace our own 1-level flatten by the native one (@​micalevisk)

Dependencies

• #​9906 chore(deps-dev): bump mongoose from 6.4.3 to 6.4.4 (@​dependabot[bot])
• #​9908 chore(deps-dev): bump cache-manager from 4.0.1 to 4.1.0 (@​dependabot[bot])
• #​9910 chore(deps-dev): bump @​nestjs/graphql from 10.0.16 to 10.0.18 (@​dependabot[bot])
• #​9911 chore(deps-dev): bump core-js from 3.23.3 to 3.23.4 (@​dependabot[bot])

Committers: 3

• Afonso Barracha (@​tugascript)
• Antonio T. alias Tony (@​Tony133)
• Micael Levi L. Cavalcante (@​micalevisk)

v9.0.1

Compare Source

v9.0.0

Compare Source

v9.0.0 (2022-07-08)

Article: https://trilon.io/blog/nestjs-9-is-now-available

Migration guide: https://docs.nestjs.com/migration-guide

Features

• common
  • #​9718 Feature/4752 file validators pipe (@​thiagomini)
  • #​9534 feat(core): add configurable module builder, module utils (@​kamilmysliwiec)
• common, core
  • #​9684 feat(core): read–eval–print loop feature (@​kamilmysliwiec)
  • #​9697 feat(core): add durable providers feature (@​kamilmysliwiec)

Bug fixes

• microservices
  • #​9674 fix(microservices): Fixed typings for MessageHandler (@​dkonasov)
  • #​9587 fix(microservices): revert grpc client interceptors (grpc-specific) (@​kamilmysliwiec)

Enhancements

• common, core, platform-express, platform-fastify
  • #​8802 fix: only send exception responses if header is not already sent (@​wSedlacek)
  • #​9591 feat(common,core): make HttpServer#applyVersionFilter mandatory (@​micalevisk)
• common
  • #​9705 feat(common): Add error chaining support to http exception (@​vinnymac)
  • #​9383 feat(common): disallow usage of inject on class and value providers at type level (@​micalevisk)
  • #​9023 fix: fix factory provider definition (@​ZanMinKian)
  • #​8459 fix(common): ParseUUIDPipe - throw exceptions with exceptionFactory only (@​titivuk)
• microservices
  • #​9681 fix(microservices): allow postfixId on KafkaOptions to be an empty string (@​micalevisk)
  • #​8798 feat(microservices): migrate redis transporter to internally use ioredis package (@​kamilmysliwiec)
  • #​9586 feat(microservices): add kafka retriable exception, auto-unwrap payloads (@​kamilmysliwiec)
• core
  • #​9720 fix(core): prevent renaming global providers and modules in the repl (@​micalevisk)
  • #​9596 feat(core): throw an exception instead of logging due to module import misusage (@​micalevisk)
• common, core, microservices
  • #​9604 refactor(common,core,microservices): drop all deprecated methods (@​micalevisk)
• core, websockets
  • #​9491 feat(core,websockets): use rxjs to check if values are observables (@​micalevisk)

Dependencies

• Other
  • #​9885 chore(deps-dev): bump @​fastify/static from 5.0.0 to 6.4.0 (@​dependabot[bot])
  • #​9883 chore(deps-dev): bump ioredis from 5.0.4 to 5.1.0 (@​dependabot[bot])
  • #​9884 chore(deps-dev): bump nodemon from 2.0.18 to 2.0.19 (@​dependabot[bot])
  • #​9886 chore(deps-dev): bump supertest from 6.2.3 to 6.2.4 (@​dependabot[bot])
  • #​9888 chore(deps-dev): bump @​types/cache-manager from 4.0.0 to 4.0.1 (@​dependabot[bot])
  • #​9889 chore(deps): bump cli-color from 2.0.2 to 2.0.3 (@​dependabot[bot])
  • #​9890 chore(deps-dev): bump @​types/node from 18.0.0 to 18.0.3 (@​dependabot[bot])
  • #​9882 chore(deps-dev): bump @​fastify/multipart from 6.0.0 to 7.1.0 (@​dependabot[bot])
  • #​9869 chore(deps): bump fast-json-stringify from 5.0.1 to 5.0.6 (@​dependabot[bot])
  • #​9851 chore(deps-dev): bump kafkajs from 2.0.2 to 2.1.0 (@​dependabot[bot])
  • #​9848 chore(deps-dev): bump graphql-tools from 8.2.13 to 8.3.0 (@​dependabot[bot])
  • #​9837 chore(deps-dev): bump @​commitlint/config-angular from 17.0.0 to 17.0.3 (@​dependabot[bot])
  • #​9871 chore(deps-dev): bump redis from 3.1.2 to 4.2.0 (@​dependabot[bot])
  • #​9870 chore(deps-dev): bump mongoose from 6.4.0 to 6.4.3 (@​dependabot[bot])
  • #​9852 chore(deps-dev): bump @​types/sinon from 10.0.11 to 10.0.12 (@​dependabot[bot])
  • #​9766 chore(deps): bump middie from 6.1.0 to 7.1.0 (@​dependabot[bot])
  • #​9876 chore(deps): bump moment from 2.29.2 to 2.29.4 in /sample/07-sequelize (@​dependabot[bot])
  • #​9875 chore(deps): bump moment from 2.29.2 to 2.29.4 in /sample/26-queues (@​dependabot[bot])
  • #​9877 chore(deps): bump moment from 2.29.2 to 2.29.4 in /sample/27-scheduling (@​dependabot[bot])
  • #​9878 chore(deps): bump moment from 2.29.2 to 2.29.4 (@​dependabot[bot])
  • #​9838 chore(deps-dev): bump core-js from 3.23.2 to 3.23.3 (@​dependabot[bot])
  • #​9839 chore(deps-dev): bump @​commitlint/cli from 17.0.2 to 17.0.3 (@​dependabot[bot])
  • #​9841 chore(deps-dev): bump lint-staged from 13.0.2 to 13.0.3 (@​dependabot[bot])
  • #​9830 chore(deps-dev): bump nodemon from 2.0.16 to 2.0.18 (@​dependabot[bot])
  • #​9828 chore(deps): bump fast-json-stringify from 4.2.0 to 5.0.1 (@​dependabot[bot])
  • #​9827 chore(deps-dev): bump graphql-tools from 8.2.12 to 8.2.13 (@​dependabot[bot])
  • #​9815 chore(deps-dev): bump core-js from 3.23.1 to 3.23.2 (@​dependabot[bot])
  • #​9796 chore(deps-dev): bump prettier from 2.7.0 to 2.7.1 (@​dependabot[bot])
  • #​9807 chore(deps-dev): bump mongoose from 6.3.8 to 6.4.0 (@​dependabot[bot])
  • #​9808 chore(deps-dev): bump typescript from 4.7.3 to 4.7.4 (@​dependabot[bot])
  • #​9791 chore(deps-dev): bump apollo-server-core from 3.8.2 to 3.9.0 (@​dependabot[bot])
  • #​9790 chore(deps-dev): bump @​nestjs/apollo from 10.0.14 to 10.0.16 (@​dependabot[bot])
  • #​9787 chore(deps-dev): bump apollo-server-express from 3.8.2 to 3.9.0 (@​dependabot[bot])
  • #​9788 chore(deps-dev): bump @​types/node from 17.0.43 to 18.0.0 (@​dependabot[bot])
  • #​9792 chore(deps-dev): bump @​nestjs/graphql from 10.0.15 to 10.0.16 (@​dependabot[bot])
  • #​9794 chore(deps-dev): bump lint-staged from 13.0.1 to 13.0.2 (@​dependabot[bot])
  • #​9779 chore(deps-dev): bump concurrently from 7.2.1 to 7.2.2 (@​dependabot[bot])
  • #​9780 chore(deps-dev): bump @​types/node from 17.0.42 to 17.0.43 (@​dependabot[bot])
  • #​9781 chore(deps-dev): bump core-js from 3.23.0 to 3.23.1 (@​dependabot[bot])
  • #​9782 chore(deps-dev): bump @​nestjs/mongoose from 9.1.0 to 9.1.1 (@​dependabot[bot])
  • #​9772 chore(deps-dev): bump prettier from 2.6.2 to 2.7.0 (@​dependabot[bot])
  • #​9734 chore(deps-dev): bump ts-node from 10.8.0 to 10.8.1 (@​dependabot[bot])
  • #​9761 chore(deps): bump fast-json-stringify from 4.1.0 to 4.2.0 (@​dependabot[bot])
  • #​9771 chore(deps-dev): bump core-js from 3.22.8 to 3.23.0 (@​dependabot[bot])
  • #​9773 chore(deps-dev): bump @​types/cache-manager from 3.4.3 to 4.0.0 (@​dependabot[bot])
  • #​9522 chore(deps-dev): bump mocha from 9.2.2 to 10.0.0 (@​dependabot[bot])
• platform-fastify
  • #​9853 chore(deps): bump fastify from 3.29.0 to 4.2.0 (@​dependabot[bot])
• microservices, testing
  • #​9825 chore(deps): update dependency got to 11.8.5 [security] (@​renovate[bot])
• platform-ws
  • #​9770 chore(deps): bump ws from 8.7.0 to 8.8.0 (@​dependabot[bot])

Committers: 13

• Dylan Lundy (@​diesal11)
• Kamil Mysliwiec (@​kamilmysliwiec)
• Kanstantsin Tatarchuk (@​titivuk)
• Marcin Wojciechowski (@​Wojciechowski-Marcin)
• Micael Levi L. Cavalcante (@​micalevisk)
• Thiago Valentim (@​thiagomini)
• Vincent Taverna (@​vinnymac)
• William Sedlacek (@​wSedlacek)
• @​chunghha
• @​dkonasov
• @​yevgeniypak
• 曾明健 (@​ZanMinKian)
• 정우병 (@​woobottle)

v8.4.7

Compare Source

v8.4.7 (2022-06-14)

Enhancements

• microservices
  • #​9719 feat(microservices): exposes base context on the main package (@​delucca)
  • #​9751 fix(microservices): adds feedback message when RabbitMQ server connection hangs (@​delucca)
• common
  • #​9742 Improve stripProtoKeys performance, especially for TypedArray (@​mjgp2)

Dependencies

• #​9731 chore(deps-dev): bump apollo-server-core from 3.8.1 to 3.8.2 (@​dependabot[bot])
• #​9762 chore(deps-dev): bump lint-staged from 13.0.0 to 13.0.1 (@​dependabot[bot])
• #​9764 chore(deps-dev): bump graphql-tools from 8.2.11 to 8.2.12 (@​dependabot[bot])
• #​9765 chore(deps-dev): bump point-of-view from 6.2.1 to 6.3.0 (@​dependabot[bot])
• #​9769 chore(deps-dev): bump mongoose from 6.3.5 to 6.3.8 (@​dependabot[bot])
• #​9729 chore(deps-dev): bump cache-manager from 4.0.0 to 4.0.1 (@​dependabot[bot])
• #​9730 chore(deps-dev): bump typescript from 4.7.2 to 4.7.3 (@​dependabot[bot])
• #​9732 chore(deps-dev): bump apollo-server-express from 3.8.1 to 3.8.2 (@​dependabot[bot])
• #​9735 chore(deps-dev): bump ts-morph from 15.0.0 to 15.1.0 (@​dependabot[bot])
• #​9740 chore(deps-dev): bump @​grpc/proto-loader from 0.6.12 to 0.6.13 (@​dependabot[bot])
• #​9756 chore(deps-dev): bump @​types/node from 17.0.38 to 17.0.42 (@​dependabot[bot])
• #​9757 chore(deps): bump fast-json-stringify from 3.2.0 to 4.1.0 (@​dependabot[bot])
• #​9711 chore(deps-dev): bump @​nestjs/apollo from 10.0.13 to 10.0.14 (@​dependabot[bot])
• #​9712 chore(deps-dev): bump lint-staged from 12.5.0 to 13.0.0 (@​dependabot[bot])
• #​9710 chore(deps-dev): bump cache-manager from 3.6.3 to 4.0.0 (@​dependabot[bot])
• #​9709 chore(deps-dev): bump @​commitlint/cli from 17.0.1 to 17.0.2 (@​dependabot[bot])
• #​9713 chore(deps-dev): bump core-js from 3.22.7 to 3.22.8 (@​dependabot[bot])
• #​9723 chore(deps-dev): bump @​nestjs/graphql from 10.0.13 to 10.0.15 (@​dependabot[bot])
• #​9722 chore(deps): bump protobufjs from 6.11.2 to 6.11.3 (@​dependabot[bot])
• #​9721 chore(deps): bump protobufjs from 6.11.2 to 6.11.3 in /sample/04-grpc (@​dependabot[bot])
• #​9724 chore(deps-dev): bump amqplib from 0.9.1 to 0.10.0 (@​dependabot[bot])
• #​9700 chore(deps-dev): bump kafkajs from 2.0.1 to 2.0.2 (@​dependabot[bot])
• #​9701 chore(deps-dev): bump @​types/node from 17.0.36 to 17.0.38 (@​dependabot[bot])
• #​9702 chore(deps-dev): bump point-of-view from 5.3.0 to 6.2.1 (@​dependabot[bot])
• #​9703 chore(deps-dev): bump lint-staged from 12.4.3 to 12.5.0 (@​dependabot[bot])

Committers: 5

• Antonio T. alias Tony (@​Tony133)
• Daniel De Lucca (@​delucca)
• Matthew Painter (@​mjgp2)
• Sushant Zope (@​sushant9096)
• Volodymyr Tytarenko (@​bovatitar)

v8.4.6

Compare Source

v8.4.5

Compare Source

v8.4.5 (2022-05-13)

Bug fixes

• core
  • #​9456 fix(core): scoped injection with symbol field name (@​MyAeroCode)

Enhancements

• common
  • #​9496 feat(common): improve extensibility on few built-in pipes (@​micalevisk)
• core
  • #​9506 feat(core): enhance circular dependency error message (@​ntibi)

Dependencies

• Other
  • #​9566 chore(deps-dev): bump kafkajs from 1.16.0 to 2.0.0 (@​dependabot[bot])
  • #​9565 chore(deps-dev): bump @​types/node from 17.0.23 to 17.0.33 (@​dependabot[bot])
  • #​9562 chore(deps): bump fast-json-stringify from 3.0.3 to 3.2.0 (@​dependabot[bot])
  • #​9559 chore(deps-dev): bump @​commitlint/cli from 16.2.3 to 16.2.4 (@​dependabot[bot])
  • #​9560 chore(deps-dev): bump supertest from 6.2.2 to 6.2.3 (@​dependabot[bot])
  • #​9561 chore(deps-dev): bump @​grpc/proto-loader from 0.6.9 to 0.6.12 (@​dependabot[bot])
  • #​9563 chore(deps-dev): bump apollo-server-express from 3.6.7 to 3.7.0 (@​dependabot[bot])
  • #​9551 chore(deps-dev): bump mongoose from 6.3.2 to 6.3.3 (@​dependabot[bot])
  • #​9538 chore(deps-dev): bump engine.io-client from 6.1.1 to 6.2.2 (@​dependabot[bot])
  • #​9533 chore(deps-dev): bump fastify-static from 4.6.1 to 4.7.0 (@​dependabot[bot])
  • #​9535 chore(deps-dev): bump amqp-connection-manager from 4.1.2 to 4.1.3 (@​dependabot[bot])
  • #​9537 chore(deps-dev): bump typescript from 4.6.3 to 4.6.4 (@​dependabot[bot])
  • #​9532 chore(deps-dev): bump lint-staged from 12.3.7 to 12.4.1 (@​dependabot[bot])
  • #​9524 chore(deps-dev): bump fastify-multipart from 5.3.1 to 5.4.0 (@​dependabot[bot])
  • #​9530 chore(deps-dev): bump @​commitlint/config-angular from 16.2.3 to 16.2.4 (@​dependabot[bot])
  • #​9531 chore(deps-dev): bump nodemon from 2.0.15 to 2.0.16 (@​dependabot[bot])
  • #​9523 chore(deps-dev): bump @​types/mocha from 9.1.0 to 9.1.1 (@​dependabot[bot])
  • #​9525 chore(deps-dev): bump socket.io-client from 4.4.1 to 4.5.0 (@​dependabot[bot])
  • #​9528 chore(deps-dev): bump core-js from 3.21.1 to 3.22.4 (@​dependabot[bot])
  • #​9512 chore(deps-dev): bump mongoose from 6.2.10 to 6.3.2 (@​dependabot[bot])
  • #​9513 chore(deps-dev): bump clang-format from 1.6.0 to 1.8.0 (@​dependabot[bot])
  • #​9460 chore(deps-dev): bump @​types/chai from 4.3.0 to 4.3.1 (@​dependabot[bot])
  • #​9461 chore(deps-dev): bump amqp-connection-manager from 4.1.1 to 4.1.2 (@​dependabot[bot])
  • #​9466 chore(deps-dev): bump sinon from 13.0.1 to 13.0.2 (@​dependabot[bot])
  • #​9478 chore(deps-dev): bump graphql-tools from 8.2.5 to 8.2.8 (@​dependabot[bot])
  • #​9482 chore(deps-dev): bump @​grpc/grpc-js from 1.6.2 to 1.6.7 (@​dependabot[bot])
  • #​9493 chore(deps): update dependency lodash to 4.17.21 [security] (@​renovate[bot])
  • #​9494 chore(deps): update dependency mem to 4.0.0 [security] (@​renovate[bot])
  • #​9499 chore(deps): bump github/codeql-action from 1 to 2 (@​dependabot[bot])
  • #​9505 chore(deps): update dependency cross-fetch to 3.1.5 [security] (@​renovate[bot])
  • #​9453 chore(deps): bump moment from 2.29.1 to 2.29.2 in /sample/27-scheduling (@​dependabot[bot])
  • #​9454 chore(deps): bump moment from 2.29.1 to 2.29.2 in /sample/26-queues (@​dependabot[bot])
  • #​9447 chore(deps-dev): bump graphql-tools from 8.2.4 to 8.2.5 (@​dependabot[bot])
  • #​9448 chore(deps-dev): bump cache-manager from 3.6.0 to 3.6.1 (@​dependabot[bot])
  • #​9451 chore(deps): bump moment from 2.29.1 to 2.29.2 in /sample/07-sequelize (@​dependabot[bot])
  • #​9452 chore(deps): bump moment from 2.24.0 to 2.29.2 (@​dependabot[bot])
• platform-fastify
  • #​9567 chore(deps): bump middie from 6.0.0 to 6.1.0 (@​dependabot[bot])
  • #​9540 chore(deps): bump fastify-cors from 6.0.3 to 6.1.0 (@​dependabot[bot])
  • #​9526 chore(deps): bump fastify from 3.28.0 to 3.29.0 (@​dependabot[bot])
  • #​9527 chore(deps): bump light-my-request from 4.9.0 to 4.10.1 (@​dependabot[bot])
• platform-socket.io
  • #​9536 chore(deps): bump socket.io from 4.4.1 to 4.5.0 (@​dependabot[bot])
• platform-express
  • #​9549 chore(deps): bump express from 4.17.3 to 4.18.1 (@​dependabot[bot])
• common
  • #​9548 chore(deps): bump axios from 0.26.1 to 0.27.2 (@​dependabot[bot])
• common, core, microservices, platform-express, platform-fastify, platform-socket.io, platform-ws, testing, websockets
  • #​9529 chore(deps): bump tslib from 2.3.1 to 2.4.0 (@​dependabot[bot])

Committers: 6

• Antonio T. alias Tony (@​Tony133)
• Francesco Soncina (@​phra)
• Lutz (@​MyAeroCode)
• Micael Levi L. Cavalcante (@​micalevisk)
• Oleg "OSA413" Sokolov (@​OSA413)
• TIBI Nicolas (@​ntibi)

v8.4.4

Compare Source

v8.4.4 (2022-04-07)

Bug fixes

• microservices
  • #​9425 fix(microservices): multiple rmq client urls issue #​9364 (@​kamilmysliwiec)

Enhancements

• common
  • #​9444 feat(common): change private modifer on built-in pipes to protected (@​micalevisk)
  • #​9435 feat(common): set default StreamableFile length automatically when possible (@​jonahsnider)

Dependencies

• Other
  • #​9441 chore(deps-dev): bump eslint-plugin-import from 2.25.4 to 2.26.0 (@​dependabot[bot])
  • #​9439 chore(deps): update dependency path-parse to 1.0.7 [security] (@​renovate[bot])
  • #​9438 chore(deps-dev): bump mongoose from 6.2.9 to 6.2.10 (@​dependabot[bot])
  • #​9437 chore(deps-dev): bump @​grpc/grpc-js from 1.6.1 to 1.6.2 (@​dependabot[bot])
  • #​9343 chore(deps-dev): bump @​commitlint/cli from 16.2.1 to 16.2.3 (@​dependabot[bot])
  • #​9418 chore(deps-dev): bump apollo-server-core from 3.6.6 to 3.6.7 (@​dependabot[bot])
  • #​9423 chore(deps-dev): bump graphql-tools from 8.2.3 to 8.2.4 (@​dependabot[bot])
  • #​9432 chore(deps-dev): bump concurrently from 7.0.0 to 7.1.0 (@​dependabot[bot])
  • #​9433 chore(deps-dev): bump prettier from 2.6.1 to 2.6.2 (@​dependabot[bot])
  • #​9434 chore(deps-dev): bump @​grpc/grpc-js from 1.5.10 to 1.6.1 (@​dependabot[bot])
  • #​9409 chore(deps-dev): bump point-of-view from 5.1.0 to 5.2.0 (@​dependabot[bot])
  • #​9410 chore(deps-dev): bump mongoose from 6.2.8 to 6.2.9 (@​dependabot[bot])
  • #​9411 chore(deps-dev): bump typescript from 4.6.2 to 4.6.3 (@​dependabot[bot])
  • #​9419 chore(deps): bump cli-color from 2.0.1 to 2.0.2 (@​dependabot[bot])
  • #​9408 chore(deps-dev): bump @​types/node from 17.0.21 to 17.0.23 (@​dependabot[bot])
  • #​9404 chore(deps): bump ansi-regex from 5.0.0 to 5.0.1 in /sample/31-graphql-federation-code-first/gateway (@​dependabot[bot])
  • #​9398 chore(deps): bump ansi-regex from 5.0.0 to 5.0.1 in /sample/25-dynamic-modules (@​dependabot[bot])
  • #​9407 chore(deps-dev): bump @​grpc/grpc-js from 1.5.9 to 1.5.10 (@​dependabot[bot])
  • #​9412 chore(deps): update dependency ansi-regex [security] (@​renovate[bot])
  • #​9415 chore(deps-dev): bump apollo-server-express from 3.6.6 to 3.6.7 (@​dependabot[bot])
  • #​9360 chore(deps-dev): bump graphql from 15.7.2 to 15.8.0 (@​dependabot[bot])
  • #​9378 chore(deps-dev): bump lint-staged from 12.3.5 to 12.3.7 (@​dependabot[bot])
  • #​9379 chore(deps-dev): bump apollo-server-core from 3.6.4 to 3.6.6 (@​dependabot[bot])
  • #​9380 chore(deps-dev): bump prettier from 2.6.0 to 2.6.1 (@​dependabot[bot])
  • #​9382 chore(deps-dev): bump @​types/supertest from 2.0.11 to 2.0.12 (@​dependabot[bot])
• platform-fastify
  • #​9442 chore(deps): bump fastify from 3.27.4 to 3.28.0 (@​dependabot[bot])
  • #​9381 chore(deps): bump light-my-request from 4.8.0 to 4.9.0 (@​dependabot[bot])
• platform-express
  • #​9431 chore(deps): bump body-parser from 1.19.2 to 1.20.0 (@​dependabot[bot])

Committers: 5

• Jonah Snider (@​jonahsnider)
• Kamil Mysliwiec (@​kamilmysliwiec)
• Marcin (@​cichy380)
• Micael Levi L. Cavalcante (@​micalevisk)
• Wias Liaw (@​wiasliaw)

v8.4.3

Compare Source

v8.4.2

Compare Source

v8.4.1

Compare Source

v8.4.1 (2022-03-14)

Bug fixes

• core
  • #​9332 fix(core): apply global middleware to routes excluded from prefix (@​kamilmysliwiec)
  • #​9322 fix(core): use context module for nested transient providers (@​kamilmysliwiec)
• microservices
  • #​9290 fix(microservices): fix event pattern behavior (@​radekmikeska)
  • #​9303 fix(microservices): tcp client parallel connections issue (@​kamilmysliwiec)

Enhancements

• common
  • #​9278 feat(common): do not use colors in CLI if not supported (@​jonahsnider)
  • #​9316 feat: allow custom log msg formatters (@​stanimirovv)

Dependencies

• Other
  • #​9331 chore(deps): update dependency ts-loader to v9.2.8 (@​renovate[bot])
  • #​9326 chore(deps-dev): bump mongoose from 6.2.5 to 6.2.6 (@​dependabot[bot])
  • #​9327 chore(deps-dev): bump @​types/ws from 8.5.2 to 8.5.3 (@​dependabot[bot])
  • #​9320 chore(deps-dev): bump apollo-server-core from 3.6.3 to 3.6.4 (@​dependabot[bot])
  • #​9323 chore(deps): update dependency @​types/node to v16.11.26 (@​renovate[bot])
  • #​9324 chore(deps): update dependency mocha to v9.2.2 (@​renovate[bot])
  • #​9325 chore(deps): update dependency mysql to v8.0.28 (@​renovate[bot])
  • #​9328 chore(deps-dev): bump mocha from 9.2.1 to 9.2.2 (@​dependabot[bot])
  • #​9321 chore(deps-dev): bump apollo-server-express from 3.6.3 to 3.6.4 (@​dependabot[bot])
  • #​9318 chore(deps-dev): bump mongoose from 6.2.4 to 6.2.5 (@​dependabot[bot])
  • #​9307 chore(deps): bump rxjs from 7.5.4 to 7.5.5 (@​dependabot[bot])
  • #​9304 chore(deps): update dependency @​nestjs/schematics to v8.0.8 (@​renovate[bot])
  • #​9300 chore(deps-dev): bump ts-node from 10.6.0 to 10.7.0 (@​dependabot[bot])
  • #​9292 chore(deps-dev): bump ts-morph from 13.0.3 to 14.0.0 (@​dependabot[bot])
  • #​9301 chore(deps-dev): bump typeorm from 0.2.44 to 0.2.45 (@​dependabot[bot])
  • #​9302 chore(deps-dev): bump lint-staged from 12.3.4 to 12.3.5 (@​dependabot[bot])
  • #​9273 chore(deps-dev): bump typescript from 4.3.5 to 4.6.2 (@​dependabot[bot])
  • #​9285 chore(deps-dev): bump @​nestjs/apollo from 10.0.5 to 10.0.6 (@​dependabot[bot])
  • #​9287 chore(deps-dev): bump eventsource from 1.1.0 to 2.0.0 (@​dependabot[bot])
  • #​9284 chore(deps-dev): bump eslint-config-prettier from 8.4.0 to 8.5.0 (@​dependabot[bot])
  • #​9286 chore(deps-dev): bump @​nestjs/graphql from 10.0.5 to 10.0.6 (@​dependabot[bot])
  • #​9280 chore(deps-dev): bump ts-node from 10.5.0 to 10.6.0 (@​dependabot[bot])
  • #​9279 chore(deps-dev): bump @​types/ws from 8.5.1 to 8.5.2 (@​dependabot[bot])
• common
  • #​9317 chore(deps): bump axios from 0.26.0 to 0.26.1 (@​dependabot[bot])
• platform-fastify
  • #​9319 chore(deps): bump fastify from 3.27.3 to 3.27.4 (@​dependabot[bot])
  • #​9305 chore(deps): bump fastify from 3.27.2 to 3.27.3 (@​dependabot[bot])

Committers: 6

• Jonah Snider (@​jonahsnider)
• Kamil Mysliwiec (@​kamilmysliwiec)

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (in timezone Asia/Tokyo)

• Branch creation
  • ""
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 19b16b5f-d4dd-4793-b75e-fa7b50ca4c9a

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

Walkthrough

The backend package has undergone a significant update with the upgrade of the @nestjs/core package from version 8.2.4 to 9.0.5. This change enhances the application by aligning it with the latest NestJS framework features and improvements, potentially improving performance and security. Developers should review the updated documentation to understand any breaking changes or new functionalities introduced by this version jump.

Changes

Files	Change Summary
packages/backend/package.json	Updated @nestjs/core version from 8.2.4 to 9.0.5

Poem

In the code where rabbits hop,
A version change, we’ll never stop!
From eight to nine, we leap and bound,
With new features all around.
Hurray for NestJS, let’s cheer and play,
Upgrading our way to a brighter day! 🐇✨

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch renovate/npm-nestjs-core-vulnerability

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between f5013ea and 471c1eb.

Files ignored due to path filters (1)

• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

Files selected for processing (1)

• packages/backend/package.json (1 hunks)

Additional comments not posted (1)

packages/backend/package.json (1)

28-28: Verify the impact of the @nestjs/core update.

The @nestjs/core package has been updated from 8.2.4 to 9.0.5 to address a security vulnerability (CVE-2023-26108). Ensure that this update does not introduce breaking changes in your application.