fix(dependency maintenance): update dependency @nestjs/core to v9 [security] #820

renovate · 2023-03-16T23:56:00Z

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@nestjs/core (source)	`8.2.6` -> `9.0.5`

GitHub Vulnerability Alerts

CVE-2023-26108

Versions of the package @nestjs/core before 9.0.5 are vulnerable to Information Exposure via the StreamableFile pipe. Exploiting this vulnerability is possible when the client cancels a request while it is streaming a StreamableFile, the stream wrapped by the StreamableFile will be kept open.

Release Notes

nestjs/nest (@nestjs/core)

`v9.0.5`

Compare Source

v9.0.5 (2022-07-20)

Bug fixes

common, platform-express
- #9819 fix: use pipeline over stream.pipe (@jmcdo29)

Enhancements

microservices
- #9798 feat(microservices): add noAssert option for RMQ connection (@frankmangone)
- #9954 feat(microservices): add Kafka heartbeat callback to KafkaContext (@kosh-b)
platform-express, platform-fastify
- #9926 fix(express,fastify): raw body for urlencoded requests (@tolgap)

Dependencies

Other
- #9959 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/30-event-emitter (@dependabot[bot])
- #9960 chore(deps): bump terser from 5.14.1 to 5.14.2 in /sample/32-graphql-federation-schema-first/users-application (@dependabot[bot])
- #9961 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/31-graphql-federation-code-first/gateway (@dependabot[bot])
- #9962 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/31-graphql-federation-code-first/users-application (@dependabot[bot])
- #9963 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/32-graphql-federation-schema-first/posts-application (@dependabot[bot])
- #9964 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/32-graphql-federation-schema-first/gateway (@dependabot[bot])
- #9965 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/29-file-upload (@dependabot[bot])
- #9966 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/28-sse (@dependabot[bot])
- #9967 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/31-graphql-federation-code-first/posts-application (@dependabot[bot])
- #9951 chore(deps-dev): bump mongoose from 6.4.4 to 6.4.5 (@dependabot[bot])
- #9952 chore(deps-dev): bump concurrently from 7.2.2 to 7.3.0 (@dependabot[bot])
platform-fastify
- #9950 chore(deps): bump light-my-request from 5.1.0 to 5.2.0 (@dependabot[bot])

Committers: 4

Franco Mangone (@frankmangone)
Jay McDoniel (@jmcdo29)
Tolga Paksoy (@tolgap)
@kosh-b

v9.0.2

Bug fixes

common
- #9904 fix(common): Fix CacheModule registerAsync (@tugascript)

Enhancements

core
- #9902 refactor(core): replace our own 1-level flatten by the native one (@micalevisk)

Dependencies

#9906 chore(deps-dev): bump mongoose from 6.4.3 to 6.4.4 (@dependabot[bot])
#9908 chore(deps-dev): bump cache-manager from 4.0.1 to 4.1.0 (@dependabot[bot])
#9910 chore(deps-dev): bump @nestjs/graphql from 10.0.16 to 10.0.18 (@dependabot[bot])
#9911 chore(deps-dev): bump core-js from 3.23.3 to 3.23.4 (@dependabot[bot])

Committers: 3

Afonso Barracha (@tugascript)
Antonio T. alias Tony (@Tony133)
Micael Levi L. Cavalcante (@micalevisk)

`v9.0.1`

Compare Source

`v9.0.0`

Compare Source

v9.0.0 (2022-07-08)

Article: https://trilon.io/blog/nestjs-9-is-now-available

Migration guide: https://docs.nestjs.com/migration-guide

Features

common
- #9718 Feature/4752 file validators pipe (@thiagomini)
- #9534 feat(core): add configurable module builder, module utils (@kamilmysliwiec)
common, core
- #9684 feat(core): read–eval–print loop feature (@kamilmysliwiec)
- #9697 feat(core): add durable providers feature (@kamilmysliwiec)

Bug fixes

microservices
- #9674 fix(microservices): Fixed typings for MessageHandler (@dkonasov)
- #9587 fix(microservices): revert grpc client interceptors (grpc-specific) (@kamilmysliwiec)

Enhancements

common, core, platform-express, platform-fastify
- #8802 fix: only send exception responses if header is not already sent (@wSedlacek)
- #9591 feat(common,core): make HttpServer#applyVersionFilter mandatory (@micalevisk)
common
- #9705 feat(common): Add error chaining support to http exception (@vinnymac)
- #9383 feat(common): disallow usage of inject on class and value providers at type level (@micalevisk)
- #9023 fix: fix factory provider definition (@ZanMinKian)
- #8459 fix(common): ParseUUIDPipe - throw exceptions with exceptionFactory only (@titivuk)
microservices
- #9681 fix(microservices): allow postfixId on KafkaOptions to be an empty string (@micalevisk)
- #8798 feat(microservices): migrate redis transporter to internally use ioredis package (@kamilmysliwiec)
- #9586 feat(microservices): add kafka retriable exception, auto-unwrap payloads (@kamilmysliwiec)
core
- #9720 fix(core): prevent renaming global providers and modules in the repl (@micalevisk)
- #9596 feat(core): throw an exception instead of logging due to module import misusage (@micalevisk)
common, core, microservices
- #9604 refactor(common,core,microservices): drop all deprecated methods (@micalevisk)
core, websockets
- #9491 feat(core,websockets): use rxjs to check if values are observables (@micalevisk)

Dependencies

Other
- #9885 chore(deps-dev): bump @fastify/static from 5.0.0 to 6.4.0 (@dependabot[bot])
- #9883 chore(deps-dev): bump ioredis from 5.0.4 to 5.1.0 (@dependabot[bot])
- #9884 chore(deps-dev): bump nodemon from 2.0.18 to 2.0.19 (@dependabot[bot])
- #9886 chore(deps-dev): bump supertest from 6.2.3 to 6.2.4 (@dependabot[bot])
- #9888 chore(deps-dev): bump @types/cache-manager from 4.0.0 to 4.0.1 (@dependabot[bot])
- #9889 chore(deps): bump cli-color from 2.0.2 to 2.0.3 (@dependabot[bot])
- #9890 chore(deps-dev): bump @types/node from 18.0.0 to 18.0.3 (@dependabot[bot])
- #9882 chore(deps-dev): bump @fastify/multipart from 6.0.0 to 7.1.0 (@dependabot[bot])
- #9869 chore(deps): bump fast-json-stringify from 5.0.1 to 5.0.6 (@dependabot[bot])
- #9851 chore(deps-dev): bump kafkajs from 2.0.2 to 2.1.0 (@dependabot[bot])
- #9848 chore(deps-dev): bump graphql-tools from 8.2.13 to 8.3.0 (@dependabot[bot])
- #9837 chore(deps-dev): bump @commitlint/config-angular from 17.0.0 to 17.0.3 (@dependabot[bot])
- #9871 chore(deps-dev): bump redis from 3.1.2 to 4.2.0 (@dependabot[bot])
- #9870 chore(deps-dev): bump mongoose from 6.4.0 to 6.4.3 (@dependabot[bot])
- #9852 chore(deps-dev): bump @types/sinon from 10.0.11 to 10.0.12 (@dependabot[bot])
- #9766 chore(deps): bump middie from 6.1.0 to 7.1.0 (@dependabot[bot])
- #9876 chore(deps): bump moment from 2.29.2 to 2.29.4 in /sample/07-sequelize (@dependabot[bot])
- #9875 chore(deps): bump moment from 2.29.2 to 2.29.4 in /sample/26-queues (@dependabot[bot])
- #9877 chore(deps): bump moment from 2.29.2 to 2.29.4 in /sample/27-scheduling (@dependabot[bot])
- #9878 chore(deps): bump moment from 2.29.2 to 2.29.4 (@dependabot[bot])
- #9838 chore(deps-dev): bump core-js from 3.23.2 to 3.23.3 (@dependabot[bot])
- #9839 chore(deps-dev): bump @commitlint/cli from 17.0.2 to 17.0.3 (@dependabot[bot])
- #9841 chore(deps-dev): bump lint-staged from 13.0.2 to 13.0.3 (@dependabot[bot])
- #9830 chore(deps-dev): bump nodemon from 2.0.16 to 2.0.18 (@dependabot[bot])
- #9828 chore(deps): bump fast-json-stringify from 4.2.0 to 5.0.1 (@dependabot[bot])
- #9827 chore(deps-dev): bump graphql-tools from 8.2.12 to 8.2.13 (@dependabot[bot])
- #9815 chore(deps-dev): bump core-js from 3.23.1 to 3.23.2 (@dependabot[bot])
- #9796 chore(deps-dev): bump prettier from 2.7.0 to 2.7.1 (@dependabot[bot])
- #9807 chore(deps-dev): bump mongoose from 6.3.8 to 6.4.0 (@dependabot[bot])
- #9808 chore(deps-dev): bump typescript from 4.7.3 to 4.7.4 (@dependabot[bot])
- #9791 chore(deps-dev): bump apollo-server-core from 3.8.2 to 3.9.0 (@dependabot[bot])
- #9790 chore(deps-dev): bump @nestjs/apollo from 10.0.14 to 10.0.16 (@dependabot[bot])
- #9787 chore(deps-dev): bump apollo-server-express from 3.8.2 to 3.9.0 (@dependabot[bot])
- #9788 chore(deps-dev): bump @types/node from 17.0.43 to 18.0.0 (@dependabot[bot])
- #9792 chore(deps-dev): bump @nestjs/graphql from 10.0.15 to 10.0.16 (@dependabot[bot])
- #9794 chore(deps-dev): bump lint-staged from 13.0.1 to 13.0.2 (@dependabot[bot])
- #9779 chore(deps-dev): bump concurrently from 7.2.1 to 7.2.2 (@dependabot[bot])
- #9780 chore(deps-dev): bump @types/node from 17.0.42 to 17.0.43 (@dependabot[bot])
- #9781 chore(deps-dev): bump core-js from 3.23.0 to 3.23.1 (@dependabot[bot])
- #9782 chore(deps-dev): bump @nestjs/mongoose from 9.1.0 to 9.1.1 (@dependabot[bot])
- #9772 chore(deps-dev): bump prettier from 2.6.2 to 2.7.0 (@dependabot[bot])
- #9734 chore(deps-dev): bump ts-node from 10.8.0 to 10.8.1 (@dependabot[bot])
- #9761 chore(deps): bump fast-json-stringify from 4.1.0 to 4.2.0 (@dependabot[bot])
- #9771 chore(deps-dev): bump core-js from 3.22.8 to 3.23.0 (@dependabot[bot])
- #9773 chore(deps-dev): bump @types/cache-manager from 3.4.3 to 4.0.0 (@dependabot[bot])
- #9522 chore(deps-dev): bump mocha from 9.2.2 to 10.0.0 (@dependabot[bot])
platform-fastify
- #9853 chore(deps): bump fastify from 3.29.0 to 4.2.0 (@dependabot[bot])
microservices, testing
- #9825 chore(deps): update dependency got to 11.8.5 [security] (@renovate[bot])
platform-ws
- #9770 chore(deps): bump ws from 8.7.0 to 8.8.0 (@dependabot[bot])

Committers: 13

Dylan Lundy (@diesal11)
Kamil Mysliwiec (@kamilmysliwiec)
Kanstantsin Tatarchuk (@titivuk)
Marcin Wojciechowski (@Wojciechowski-Marcin)
Micael Levi L. Cavalcante (@micalevisk)
Thiago Valentim (@thiagomini)
Vincent Taverna (@vinnymac)
William Sedlacek (@wSedlacek)
@chunghha
@dkonasov
@yevgeniypak
曾明健 (@ZanMinKian)
정우병 (@woobottle)

`v8.4.7`

Compare Source

v8.4.7 (2022-06-14)

Enhancements

microservices
- #9719 feat(microservices): exposes base context on the main package (@delucca)
- #9751 fix(microservices): adds feedback message when RabbitMQ server connection hangs (@delucca)
common
- #9742 Improve stripProtoKeys performance, especially for TypedArray (@mjgp2)

Dependencies

#9731 chore(deps-dev): bump apollo-server-core from 3.8.1 to 3.8.2 (@dependabot[bot])
#9762 chore(deps-dev): bump lint-staged from 13.0.0 to 13.0.1 (@dependabot[bot])
#9764 chore(deps-dev): bump graphql-tools from 8.2.11 to 8.2.12 (@dependabot[bot])
#9765 chore(deps-dev): bump point-of-view from 6.2.1 to 6.3.0 (@dependabot[bot])
#9769 chore(deps-dev): bump mongoose from 6.3.5 to 6.3.8 (@dependabot[bot])
#9729 chore(deps-dev): bump cache-manager from 4.0.0 to 4.0.1 (@dependabot[bot])
#9730 chore(deps-dev): bump typescript from 4.7.2 to 4.7.3 (@dependabot[bot])
#9732 chore(deps-dev): bump apollo-server-express from 3.8.1 to 3.8.2 (@dependabot[bot])
#9735 chore(deps-dev): bump ts-morph from 15.0.0 to 15.1.0 (@dependabot[bot])
#9740 chore(deps-dev): bump @grpc/proto-loader from 0.6.12 to 0.6.13 (@dependabot[bot])
#9756 chore(deps-dev): bump @types/node from 17.0.38 to 17.0.42 (@dependabot[bot])
#9757 chore(deps): bump fast-json-stringify from 3.2.0 to 4.1.0 (@dependabot[bot])
#9711 chore(deps-dev): bump @nestjs/apollo from 10.0.13 to 10.0.14 (@dependabot[bot])
#9712 chore(deps-dev): bump lint-staged from 12.5.0 to 13.0.0 (@dependabot[bot])
#9710 chore(deps-dev): bump cache-manager from 3.6.3 to 4.0.0 (@dependabot[bot])
#9709 chore(deps-dev): bump @commitlint/cli from 17.0.1 to 17.0.2 (@dependabot[bot])
#9713 chore(deps-dev): bump core-js from 3.22.7 to 3.22.8 (@dependabot[bot])
#9723 chore(deps-dev): bump @nestjs/graphql from 10.0.13 to 10.0.15 (@dependabot[bot])
#9722 chore(deps): bump protobufjs from 6.11.2 to 6.11.3 (@dependabot[bot])
#9721 chore(deps): bump protobufjs from 6.11.2 to 6.11.3 in /sample/04-grpc (@dependabot[bot])
#9724 chore(deps-dev): bump amqplib from 0.9.1 to 0.10.0 (@dependabot[bot])
#9700 chore(deps-dev): bump kafkajs from 2.0.1 to 2.0.2 (@dependabot[bot])
#9701 chore(deps-dev): bump @types/node from 17.0.36 to 17.0.38 (@dependabot[bot])
#9702 chore(deps-dev): bump point-of-view from 5.3.0 to 6.2.1 (@dependabot[bot])
#9703 chore(deps-dev): bump lint-staged from 12.4.3 to 12.5.0 (@dependabot[bot])

Committers: 5

Antonio T. alias Tony (@Tony133)
Daniel De Lucca (@delucca)
Matthew Painter (@mjgp2)
Sushant Zope (@sushant9096)
Volodymyr Tytarenko (@bovatitar)

`v8.4.6`

Compare Source

`v8.4.5`

Compare Source

v8.4.5 (2022-05-13)

Bug fixes

core
- #9456 fix(core): scoped injection with symbol field name (@MyAeroCode)

Enhancements

common
- #9496 feat(common): improve extensibility on few built-in pipes (@micalevisk)
core
- #9506 feat(core): enhance circular dependency error message (@ntibi)

Dependencies

Other
- #9566 chore(deps-dev): bump kafkajs from 1.16.0 to 2.0.0 (@dependabot[bot])
- #9565 chore(deps-dev): bump @types/node from 17.0.23 to 17.0.33 (@dependabot[bot])
- #9562 chore(deps): bump fast-json-stringify from 3.0.3 to 3.2.0 (@dependabot[bot])
- #9559 chore(deps-dev): bump @commitlint/cli from 16.2.3 to 16.2.4 (@dependabot[bot])
- #9560 chore(deps-dev): bump supertest from 6.2.2 to 6.2.3 (@dependabot[bot])
- #9561 chore(deps-dev): bump @grpc/proto-loader from 0.6.9 to 0.6.12 (@dependabot[bot])
- #9563 chore(deps-dev): bump apollo-server-express from 3.6.7 to 3.7.0 (@dependabot[bot])
- #9551 chore(deps-dev): bump mongoose from 6.3.2 to 6.3.3 (@dependabot[bot])
- #9538 chore(deps-dev): bump engine.io-client from 6.1.1 to 6.2.2 (@dependabot[bot])
- #9533 chore(deps-dev): bump fastify-static from 4.6.1 to 4.7.0 (@dependabot[bot])
- #9535 chore(deps-dev): bump amqp-connection-manager from 4.1.2 to 4.1.3 (@dependabot[bot])
- #9537 chore(deps-dev): bump typescript from 4.6.3 to 4.6.4 (@dependabot[bot])
- #9532 chore(deps-dev): bump lint-staged from 12.3.7 to 12.4.1 (@dependabot[bot])
- #9524 chore(deps-dev): bump fastify-multipart from 5.3.1 to 5.4.0 (@dependabot[bot])
- #9530 chore(deps-dev): bump @commitlint/config-angular from 16.2.3 to 16.2.4 (@dependabot[bot])
- #9531 chore(deps-dev): bump nodemon from 2.0.15 to 2.0.16 (@dependabot[bot])
- #9523 chore(deps-dev): bump @types/mocha from 9.1.0 to 9.1.1 (@dependabot[bot])
- #9525 chore(deps-dev): bump socket.io-client from 4.4.1 to 4.5.0 (@dependabot[bot])
- #9528 chore(deps-dev): bump core-js from 3.21.1 to 3.22.4 (@dependabot[bot])
- #9512 chore(deps-dev): bump mongoose from 6.2.10 to 6.3.2 (@dependabot[bot])
- #9513 chore(deps-dev): bump clang-format from 1.6.0 to 1.8.0 (@dependabot[bot])
- #9460 chore(deps-dev): bump @types/chai from 4.3.0 to 4.3.1 (@dependabot[bot])
- #9461 chore(deps-dev): bump amqp-connection-manager from 4.1.1 to 4.1.2 (@dependabot[bot])
- #9466 chore(deps-dev): bump sinon from 13.0.1 to 13.0.2 (@dependabot[bot])
- #9478 chore(deps-dev): bump graphql-tools from 8.2.5 to 8.2.8 (@dependabot[bot])
- #9482 chore(deps-dev): bump @grpc/grpc-js from 1.6.2 to 1.6.7 (@dependabot[bot])
- #9493 chore(deps): update dependency lodash to 4.17.21 [security] (@renovate[bot])
- #9494 chore(deps): update dependency mem to 4.0.0 [security] (@renovate[bot])
- #9499 chore(deps): bump github/codeql-action from 1 to 2 (@dependabot[bot])
- #9505 chore(deps): update dependency cross-fetch to 3.1.5 [security] (@renovate[bot])
- #9453 chore(deps): bump moment from 2.29.1 to 2.29.2 in /sample/27-scheduling (@dependabot[bot])
- #9454 chore(deps): bump moment from 2.29.1 to 2.29.2 in /sample/26-queues (@dependabot[bot])
- #9447 chore(deps-dev): bump graphql-tools from 8.2.4 to 8.2.5 (@dependabot[bot])
- #9448 chore(deps-dev): bump cache-manager from 3.6.0 to 3.6.1 (@dependabot[bot])
- #9451 chore(deps): bump moment from 2.29.1 to 2.29.2 in /sample/07-sequelize (@dependabot[bot])
- #9452 chore(deps): bump moment from 2.24.0 to 2.29.2 (@dependabot[bot])
platform-fastify
- #9567 chore(deps): bump middie from 6.0.0 to 6.1.0 (@dependabot[bot])
- #9540 chore(deps): bump fastify-cors from 6.0.3 to 6.1.0 (@dependabot[bot])
- #9526 chore(deps): bump fastify from 3.28.0 to 3.29.0 (@dependabot[bot])
- #9527 chore(deps): bump light-my-request from 4.9.0 to 4.10.1 (@dependabot[bot])
platform-socket.io
- #9536 chore(deps): bump socket.io from 4.4.1 to 4.5.0 (@dependabot[bot])
platform-express
- #9549 chore(deps): bump express from 4.17.3 to 4.18.1 (@dependabot[bot])
common
- #9548 chore(deps): bump axios from 0.26.1 to 0.27.2 (@dependabot[bot])
common, core, microservices, platform-express, platform-fastify, platform-socket.io, platform-ws, testing, websockets
- #9529 chore(deps): bump tslib from 2.3.1 to 2.4.0 (@dependabot[bot])

Committers: 6

Antonio T. alias Tony (@Tony133)
Francesco Soncina (@phra)
Lutz (@MyAeroCode)
Micael Levi L. Cavalcante (@micalevisk)
Oleg "OSA413" Sokolov (@OSA413)
TIBI Nicolas (@ntibi)

`v8.4.4`

Compare Source

v8.4.4 (2022-04-07)

Bug fixes

microservices
- #9425 fix(microservices): multiple rmq client urls issue #9364 (@kamilmysliwiec)

Enhancements

common
- #9444 feat(common): change private modifer on built-in pipes to protected (@micalevisk)
- #9435 feat(common): set default StreamableFile length automatically when possible (@jonahsnider)

Dependencies

Other
- #9441 chore(deps-dev): bump eslint-plugin-import from 2.25.4 to 2.26.0 (@dependabot[bot])
- #9439 chore(deps): update dependency path-parse to 1.0.7 [security] (@renovate[bot])
- #9438 chore(deps-dev): bump mongoose from 6.2.9 to 6.2.10 (@dependabot[bot])
- #9437 chore(deps-dev): bump @grpc/grpc-js from 1.6.1 to 1.6.2 (@dependabot[bot])
- #9343 chore(deps-dev): bump @commitlint/cli from 16.2.1 to 16.2.3 (@dependabot[bot])
- #9418 chore(deps-dev): bump apollo-server-core from 3.6.6 to 3.6.7 (@dependabot[bot])
- #9423 chore(deps-dev): bump graphql-tools from 8.2.3 to 8.2.4 (@dependabot[bot])
- #9432 chore(deps-dev): bump concurrently from 7.0.0 to 7.1.0 (@dependabot[bot])
- #9433 chore(deps-dev): bump prettier from 2.6.1 to 2.6.2 (@dependabot[bot])
- #9434 chore(deps-dev): bump @grpc/grpc-js from 1.5.10 to 1.6.1 (@dependabot[bot])
- #9409 chore(deps-dev): bump point-of-view from 5.1.0 to 5.2.0 (@dependabot[bot])
- #9410 chore(deps-dev): bump mongoose from 6.2.8 to 6.2.9 (@dependabot[bot])
- #9411 chore(deps-dev): bump typescript from 4.6.2 to 4.6.3 (@dependabot[bot])
- #9419 chore(deps): bump cli-color from 2.0.1 to 2.0.2 (@dependabot[bot])
- #9408 chore(deps-dev): bump @types/node from 17.0.21 to 17.0.23 (@dependabot[bot])
- #9404 chore(deps): bump ansi-regex from 5.0.0 to 5.0.1 in /sample/31-graphql-federation-code-first/gateway (@dependabot[bot])
- #9398 chore(deps): bump ansi-regex from 5.0.0 to 5.0.1 in /sample/25-dynamic-modules (@dependabot[bot])
- #9407 chore(deps-dev): bump @grpc/grpc-js from 1.5.9 to 1.5.10 (@dependabot[bot])
- #9412 chore(deps): update dependency ansi-regex [security] (@renovate[bot])
- #9415 chore(deps-dev): bump apollo-server-express from 3.6.6 to 3.6.7 (@dependabot[bot])
- #9360 chore(deps-dev): bump graphql from 15.7.2 to 15.8.0 (@dependabot[bot])
- #9378 chore(deps-dev): bump lint-staged from 12.3.5 to 12.3.7 (@dependabot[bot])
- #9379 chore(deps-dev): bump apollo-server-core from 3.6.4 to 3.6.6 (@dependabot[bot])
- #9380 chore(deps-dev): bump prettier from 2.6.0 to 2.6.1 (@dependabot[bot])
- #9382 chore(deps-dev): bump @types/supertest from 2.0.11 to 2.0.12 (@dependabot[bot])
platform-fastify
- #9442 chore(deps): bump fastify from 3.27.4 to 3.28.0 (@dependabot[bot])
- #9381 chore(deps): bump light-my-request from 4.8.0 to 4.9.0 (@dependabot[bot])
platform-express
- #9431 chore(deps): bump body-parser from 1.19.2 to 1.20.0 (@dependabot[bot])

Committers: 5

Jonah Snider (@jonahsnider)
Kamil Mysliwiec (@kamilmysliwiec)
Marcin (@cichy380)
Micael Levi L. Cavalcante (@micalevisk)
Wias Liaw (@wiasliaw)

`v8.4.3`

Compare Source

`v8.4.2`

Compare Source

`v8.4.1`

Compare Source

v8.4.1 (2022-03-14)

Bug fixes

core
- #9332 fix(core): apply global middleware to routes excluded from prefix (@kamilmysliwiec)
- #9322 fix(core): use context module for nested transient providers (@kamilmysliwiec)
microservices
- #9290 fix(microservices): fix event pattern behavior (@radekmikeska)
- #9303 fix(microservices): tcp client parallel connections issue (@kamilmysliwiec)

Enhancements

common
- #9278 feat(common): do not use colors in CLI if not supported (@jonahsnider)
- #9316 feat: allow custom log msg formatters (@stanimirovv)

Dependencies

Other
- #9331 chore(deps): update dependency ts-loader to v9.2.8 (@renovate[bot])
- #9326 chore(deps-dev): bump mongoose from 6.2.5 to 6.2.6 (@dependabot[bot])
- #9327 chore(deps-dev): bump @types/ws from 8.5.2 to 8.5.3 (@dependabot[bot])
- #9320 chore(deps-dev): bump apollo-server-core from 3.6.3 to 3.6.4 (@dependabot[bot])
- #9323 chore(deps): update dependency @types/node to v16.11.26 (@renovate[bot])
- #9324 chore(deps): update dependency mocha to v9.2.2 (@renovate[bot])
- #9325 chore(deps): update dependency mysql to v8.0.28 (@renovate[bot])
- #9328 chore(deps-dev): bump mocha from 9.2.1 to 9.2.2 (@dependabot[bot])
- #9321 chore(deps-dev): bump apollo-server-express from 3.6.3 to 3.6.4 (@dependabot[bot])
- #9318 chore(deps-dev): bump mongoose from 6.2.4 to 6.2.5 (@dependabot[bot])
- #9307 chore(deps): bump rxjs from 7.5.4 to 7.5.5 (@dependabot[bot])
- #9304 chore(deps): update dependency @nestjs/schematics to v8.0.8 (@renovate[bot])
- #9300 chore(deps-dev): bump ts-node from 10.6.0 to 10.7.0 (@dependabot[bot])
- #9292 chore(deps-dev): bump ts-morph from 13.0.3 to 14.0.0 (@dependabot[bot])
- #9301 chore(deps-dev): bump typeorm from 0.2.44 to 0.2.45 (@dependabot[bot])
- #9302 chore(deps-dev): bump lint-staged from 12.3.4 to 12.3.5 (@dependabot[bot])
- #9273 chore(deps-dev): bump typescript from 4.3.5 to 4.6.2 (@dependabot[bot])
- #9285 chore(deps-dev): bump @nestjs/apollo from 10.0.5 to 10.0.6 (@dependabot[bot])
- #9287 chore(deps-dev): bump eventsource from 1.1.0 to 2.0.0 (@dependabot[bot])
- #9284 chore(deps-dev): bump eslint-config-prettier from 8.4.0 to 8.5.0 (@dependabot[bot])
- #9286 chore(deps-dev): bump @nestjs/graphql from 10.0.5 to 10.0.6 (@dependabot[bot])
- #9280 chore(deps-dev): bump ts-node from 10.5.0 to 10.6.0 (@dependabot[bot])
- #9279 chore(deps-dev): bump @types/ws from 8.5.1 to 8.5.2 (@dependabot[bot])
common
- #9317 chore(deps): bump axios from 0.26.0 to 0.26.1 (@dependabot[bot])
platform-fastify
- #9319 chore(deps): bump fastify from 3.27.3 to 3.27.4 (@dependabot[bot])
- #9305 chore(deps): bump fastify from 3.27.2 to 3.27.3 (@dependabot[bot])

Committers: 6

Jonah Snider (@jonahsnider)
Kamil Mysliwiec (@kamilmysliwiec)
Mario Rodrigo (@capitantrueno)
Radek Mikeska (@radekmikeska)
Zlatin Stanimirov (@stanimirovv)
曾明健 (@ZanMinKian)

`v8.4.0`

Compare Source

v8.4.0 (2022-03-01)

Features

common, core
- #9227 feat(core): support optional dependencies in factory providers (@kamilmysliwiec)

Bug fixes

microservices
- #9277 fix(microservices): remove options object from packets (rmq and mqtt) (@kamilmysliwiec)
core
- #9271 fix(core): use class refs as keys (container) (@micalevisk)

Enhancements

microservices
- #9059 feat(microservices): add tcp raw data processing capabilities (@jeanbmar)
- #9270 feat(microservices): add commit-offsets function to clientkafka (@davidschuette)
- #9200 feat(microservices): Add options param to serializer (@guiruiz)
common
- #9209 feat(common): add abstract type to catch decorator (@jeean)
- #9247 fix(common): Providing typing for optional error handling in middleware (@brian-pinwheel)
common, platform-express, platform-fastify
- #9240 feat(common): extend streamable-file header support (@davidschuette)

Dependencies

Other
- #9274 chore(deps-dev): bump mongoose from 6.2.3 to 6.2.4 (@dependabot[bot])
- #9275 chore(deps-dev): bump @types/cache-manager from 3.4.2 to 3.4.3 (@dependabot[bot])
- #9250 chore(deps-dev): bump @nestjs/apollo from 10.0.4 to 10.0.5 (@dependabot[bot])
- #9251 chore(deps-dev): bump @types/node from 17.0.18 to 17.0.21 (@dependabot[bot])
- #9253 chore(deps-dev): bump @nestjs/graphql from 10.0.4 to 10.0.5 (@dependabot[bot])
- #9254 chore(deps-dev): bump typeorm from 0.2.43 to 0.2.44 (@dependabot[bot])
- #9259 chore(deps-dev): bump @types/ws from 8.2.3 to 8.5.1 (@dependabot[bot])
- #9260 chore(deps-dev): bump @grpc/grpc-js from 1.5.5 to 1.5.7 (@dependabot[bot])
- #9267 chore(deps): bump url-parse from 1.5.6 to 1.5.10 (@dependabot[bot])
- #9249 chore(deps): update dependency @nestjs/schematics to v8.0.7 (@renovate[bot])
- #9244 chore(deps-dev): bump mongoose from 6.2.2 to 6.2.3 (@dependabot[bot])
- #9242 chore(deps): update dependency @babel/cli to v7.17.6 (@renovate[bot])
- #9237 chore(deps-dev): bump @nestjs/graphql from 10.0.3 to 10.0.4 (@dependabot[bot])
- #9238 chore(deps-dev): bump mocha from 9.2.0 to 9.2.1 (@dependabot[bot])
- #9236 chore(deps-dev): bump @nestjs/apollo from 10.0.3 to 10.0.4 (@dependabot[bot])
- #9234 chore(deps-dev): bump eslint-config-prettier from 8.3.0 to 8.4.0 (@dependabot[bot])
- [#9232](https://togithub.com/nestjs/nest/pu

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

renovate · 2023-03-16T23:56:01Z

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

any of the package files in this branch needs updating, or
the branch becomes conflicted, or
you click the rebase/retry checkbox if found above, or
you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json

npm ERR! code ERESOLVE
npm ERR! ERESOLVE unable to resolve dependency tree
npm ERR! 
npm ERR! While resolving: @sanofi-iadc/whispr@4.17.0
npm ERR! Found: @nestjs/common@8.2.6
npm ERR! node_modules/@nestjs/common
npm ERR!   @nestjs/common@"8.2.6" from the root project
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! peer @nestjs/common@"^9.0.0" from @nestjs/core@9.0.5
npm ERR! node_modules/@nestjs/core
npm ERR!   @nestjs/core@"9.0.5" from the root project
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR! 
npm ERR! See /tmp/renovate/cache/others/npm/eresolve-report.txt for a full report.

npm ERR! A complete log of this run can be found in:
npm ERR!     /tmp/renovate/cache/others/npm/_logs/2024-04-10T11_09_34_171Z-debug-0.log

renovate · 2024-05-21T06:26:59Z

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

any of the package files in this branch needs updating, or
the branch becomes conflicted, or
you click the rebase/retry checkbox if found above, or
you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json

npm ERR! code ERESOLVE
npm ERR! ERESOLVE unable to resolve dependency tree
npm ERR! 
npm ERR! While resolving: @sanofi-iadc/whispr@4.17.5
npm ERR! Found: @nestjs/common@8.2.6
npm ERR! node_modules/@nestjs/common
npm ERR!   @nestjs/common@"8.2.6" from the root project
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! peer @nestjs/common@"^9.0.0" from @nestjs/core@9.0.5
npm ERR! node_modules/@nestjs/core
npm ERR!   @nestjs/core@"9.0.5" from the root project
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR! 
npm ERR! See /tmp/renovate/cache/others/npm/eresolve-report.txt for a full report.

npm ERR! A complete log of this run can be found in:
npm ERR!     /tmp/renovate/cache/others/npm/_logs/2024-06-04T11_59_13_084Z-debug-0.log

…curity]

renovate bot changed the title ~~chore(dependency maintenance): update dependency @nestjs/core to 9.0.5 [security]~~ fix(dependency maintenance): update dependency @nestjs/core to v9 [security] Mar 23, 2023

renovate bot force-pushed the renovate/npm-@nestjs/core-vulnerability branch 3 times, most recently from 2bdbf7c to 9b205a6 Compare February 26, 2024 10:55

renovate bot force-pushed the renovate/npm-@nestjs/core-vulnerability branch 2 times, most recently from 126edba to b1ea3fe Compare March 28, 2024 06:28

renovate bot force-pushed the renovate/npm-@nestjs/core-vulnerability branch 12 times, most recently from 0cdc508 to 296fcf9 Compare April 10, 2024 11:09

renovate bot force-pushed the renovate/npm-@nestjs/core-vulnerability branch from 296fcf9 to 9561f21 Compare May 21, 2024 06:26

renovate bot force-pushed the renovate/npm-@nestjs/core-vulnerability branch from 9561f21 to 1df6340 Compare May 21, 2024 06:34

renovate bot force-pushed the renovate/npm-@nestjs/core-vulnerability branch 7 times, most recently from 6c751c1 to dccba09 Compare June 4, 2024 11:51

fix(dependency maintenance): update dependency @nestjs/core to v9 [se…

ae0b5ea

…curity]

renovate bot force-pushed the renovate/npm-@nestjs/core-vulnerability branch from dccba09 to ae0b5ea Compare June 4, 2024 11:59

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(dependency maintenance): update dependency @nestjs/core to v9 [security] #820

fix(dependency maintenance): update dependency @nestjs/core to v9 [security] #820

renovate bot commented Mar 16, 2023 •

edited

renovate bot commented Mar 16, 2023 •

edited

renovate bot commented May 21, 2024 •

edited

fix(dependency maintenance): update dependency @nestjs/core to v9 [security] #820

Are you sure you want to change the base?

fix(dependency maintenance): update dependency @nestjs/core to v9 [security] #820

Conversation

renovate bot commented Mar 16, 2023 • edited

GitHub Vulnerability Alerts

Release Notes

v9.0.5 (2022-07-20)

Bug fixes

Enhancements

Dependencies

Committers: 4

v9.0.2

Bug fixes

Enhancements

Dependencies

Committers: 3

v9.0.0 (2022-07-08)

Article: https://trilon.io/blog/nestjs-9-is-now-available

Migration guide: https://docs.nestjs.com/migration-guide

Features

Bug fixes

Enhancements

Dependencies

Committers: 13

v8.4.7 (2022-06-14)

Enhancements

Dependencies

Committers: 5

v8.4.5 (2022-05-13)

Bug fixes

Enhancements

Dependencies

Committers: 6

v8.4.4 (2022-04-07)

Bug fixes

Enhancements

Dependencies

Committers: 5

v8.4.1 (2022-03-14)

Bug fixes

Enhancements

Dependencies

Committers: 6

v8.4.0 (2022-03-01)

Features

Bug fixes

Enhancements

Dependencies

Configuration

renovate bot commented Mar 16, 2023 • edited

⚠ Artifact update problem

File name: package-lock.json

renovate bot commented May 21, 2024 • edited

⚠️ Artifact update problem

File name: package-lock.json

renovate bot commented Mar 16, 2023 •

edited

renovate bot commented Mar 16, 2023 •

edited

renovate bot commented May 21, 2024 •

edited