This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
#### Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
#### Vulnerabilities that will be fixed
##### With an upgrade:
Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity
:-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------
 | **696/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS) [SNYK-JS-ANSIREGEX-1583908](https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908) | Yes | Proof of Concept
 | **589/1000** **Why?** Has a fix available, CVSS 7.5 | Denial of Service (DoS) [SNYK-JS-APOLLOSERVERCORE-2928764](https://snyk.io/vuln/SNYK-JS-APOLLOSERVERCORE-2928764) | Yes | No Known Exploit
 | **761/1000** **Why?** Mature exploit, Has a fix available, CVSS 7.5 | Denial of Service (DoS) [SNYK-JS-DICER-2311764](https://snyk.io/vuln/SNYK-JS-DICER-2311764) | Yes | Mature
 | **646/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 6.5 | Server-side Request Forgery (SSRF) [SNYK-JS-REQUEST-3361831](https://snyk.io/vuln/SNYK-JS-REQUEST-3361831) | Yes | Proof of Concept
 | **646/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 6.5 | Prototype Pollution [SNYK-JS-TOUGHCOOKIE-5672873](https://snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873) | Yes | Proof of Concept
 | **589/1000** **Why?** Has a fix available, CVSS 7.5 | Prototype Pollution [SNYK-JS-UNSETVALUE-2400660](https://snyk.io/vuln/SNYK-JS-UNSETVALUE-2400660) | Yes | No Known Exploit
(*) Note that the real score may have changed since the PR was raised.
Commit messagesPackage name: @nestjs/graphql
The new version differs by 59 commits.
83b4919 Merge pull request #1439 from nestjs/8.0.0
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project.
------------
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.*
For more information:
🧐 [View latest project report](https://app.snyk.io/org/chnirt/project/c35eacd1-94ab-4090-be0c-c6d8c7671e02?utm_source=github&utm_medium=referral&page=fix-pr)
🛠 [Adjust project settings](https://app.snyk.io/org/chnirt/project/c35eacd1-94ab-4090-be0c-c6d8c7671e02?utm_source=github&utm_medium=referral&page=fix-pr/settings)
📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities)
[//]: # (snyk:metadata:{"prId":"b7fef7d5-795f-4905-9b22-d669a7ac40bf","prPublicId":"b7fef7d5-795f-4905-9b22-d669a7ac40bf","dependencies":[{"name":"@apollo/gateway","from":"0.10.9","to":"0.29.0"},{"name":"@nestjs/graphql","from":"7.11.0","to":"8.0.0"},{"name":"apollo-server","from":"2.26.2","to":"3.0.0"},{"name":"apollo-server-express","from":"2.26.2","to":"3.0.0"},{"name":"bcrypt","from":"3.0.8","to":"5.0.1"},{"name":"jest-config","from":"24.9.0","to":"27.0.0"}],"packageManager":"npm","projectPublicId":"c35eacd1-94ab-4090-be0c-c6d8c7671e02","projectUrl":"https://app.snyk.io/org/chnirt/project/c35eacd1-94ab-4090-be0c-c6d8c7671e02?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-ANSIREGEX-1583908","SNYK-JS-APOLLOSERVERCORE-2928764","SNYK-JS-DICER-2311764","SNYK-JS-REQUEST-3361831","SNYK-JS-TOUGHCOOKIE-5672873","SNYK-JS-UNSETVALUE-2400660"],"upgrade":["SNYK-JS-ANSIREGEX-1583908","SNYK-JS-APOLLOSERVERCORE-2928764","SNYK-JS-DICER-2311764","SNYK-JS-REQUEST-3361831","SNYK-JS-TOUGHCOOKIE-5672873","SNYK-JS-UNSETVALUE-2400660"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["priorityScore"],"priorityScoreList":[696,589,761,646,646,589],"remediationStrategy":"vuln"})
---
**Learn how to fix vulnerabilities with free interactive lessons:**
🦉 [Regular Expression Denial of Service (ReDoS)](https://learn.snyk.io/lesson/redos/?loc=fix-pr)
🦉 [Server-side Request Forgery (SSRF)](https://learn.snyk.io/lesson/ssrf-server-side-request-forgery/?loc=fix-pr)
🦉 [Prototype Pollution](https://learn.snyk.io/lesson/prototype-pollution/?loc=fix-pr)
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------  | **696/1000****Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-ANSIREGEX-1583908](https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908) | Yes | Proof of Concept  | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Denial of Service (DoS)
[SNYK-JS-APOLLOSERVERCORE-2928764](https://snyk.io/vuln/SNYK-JS-APOLLOSERVERCORE-2928764) | Yes | No Known Exploit  | **761/1000**
**Why?** Mature exploit, Has a fix available, CVSS 7.5 | Denial of Service (DoS)
[SNYK-JS-DICER-2311764](https://snyk.io/vuln/SNYK-JS-DICER-2311764) | Yes | Mature  | **646/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 6.5 | Server-side Request Forgery (SSRF)
[SNYK-JS-REQUEST-3361831](https://snyk.io/vuln/SNYK-JS-REQUEST-3361831) | Yes | Proof of Concept  | **646/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 6.5 | Prototype Pollution
[SNYK-JS-TOUGHCOOKIE-5672873](https://snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873) | Yes | Proof of Concept  | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Prototype Pollution
[SNYK-JS-UNSETVALUE-2400660](https://snyk.io/vuln/SNYK-JS-UNSETVALUE-2400660) | Yes | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: @nestjs/graphql
The new version differs by 59 commits.- 83b4919 Merge pull request #1439 from nestjs/8.0.0
- 1eec21f chore(): resolve conflicts
- 6e1013b Merge pull request #1553 from nestjs/renovate/major-jest-monorepo
- f07a22c Merge pull request #1556 from nestjs/renovate/typescript-4.x
- 5320b6f Merge pull request #1614 from nestjs/renovate/nestjs-mapped-types-1.x
- 0f62a6a chore(): upgrade deps
- 57b9abb chore(): resolve conflicts
- ba1df95 chore(deps): update jest monorepo
- 2ffeb0c chore(deps): update dependency typescript to v4.3.5
- 5a36644 fix(deps): update dependency @ nestjs/mapped-types to v1
- eaaf54d Merge pull request #1502 from nestjs/renovate/apollo-graphql-packages
- fe2d15f Merge pull request #1600 from nestjs/renovate/fast-glob-3.x
- 23ac7ae chore(deps): update apollo graphql packages
- 0f81aaf chore(deps): update dependency @ types/node-fetch to v2.5.11
- 8b87f53 chore(deps): update dependency @ types/jest to v26.0.24
- 07c8c68 chore(deps): update dependency husky to v7.0.1
- 1fa5f09 chore(deps): update typescript-eslint monorepo to v4.28.2
- 3a7468e chore(deps): update dependency eslint to v7.30.0
- d1af144 chore(deps): update dependency husky to v7
- 392a9ae Merge pull request #1605 from shian15810/apollo
- e751df4 fix(gateway): import d.ts from @ apollo/gateway instead of ts
- bf8202a fix(federation): import d.ts from @ apollo/federation instead of ts
- 0355db6 chore(deps): update typescript-eslint monorepo to v4.28.1
- f9780b5 fix(deps): update dependency fast-glob to v3.2.6
See the full diffPackage name: apollo-server
The new version differs by 250 commits.- bcfd36c Release
- a97684f docs: get ready for 3.0.0 to be released to `next` (#5442)
- 81ae16f Update header comment to say @ 3.x instead of @ rc
- 76344b6 docs/READMEs: add `@ 3.x` to all `npm install` invocations
- 537cf1c docs: remove migration to 2.x doc (old, already unlinked)
- 348aa97 chore(deps): update dependency @ types/node-fetch to v2.5.11 (#5441)
- 74b1d97 chore(deps): update dependency @ types/lru-cache to v5.1.1 (#5440)
- c8062f7 chore(deps): update dependency @ types/lodash to v4.14.171 (#5439)
- 84b7587 chore(deps): update dependency @ types/koa-router to v7.4.3 (#5438)
- 4a8726c chore(deps): update dependency @ types/jest to v26.0.24 (#5437)
- 87d4dcf chore(deps): update dependency @ types/ioredis to v4.26.5 (#5436)
- 6ce5ecc chore(deps): update dependency @ types/hapi__hapi to v20.0.9 (#5435)
- d60fd62 chore(deps): update dependency @ types/express-serve-static-core to v4.17.23 (#5434)
- d948605 chore(deps): update dependency @ types/express to v4.17.13 (#5433)
- 8aca7a4 chore(deps): update dependency @ types/cors to v2.8.11 (#5432)
- 3f0450b chore(deps): update dependency @ types/connect to v3.4.35 (#5431)
- 02e71dd chore(deps): update dependency @ types/bunyan to v1.8.7 (#5430)
- 055b67d chore(deps): update dependency @ types/body-parser to v1.19.1 (#5429)
- e7c0329 chore(deps): update dependency @ types/aws-lambda to v8.10.78 (#5428)
- e5fbaf6 chore(deps): update dependency @ types/async-retry to v1.4.3 (#5427)
- f30bc26 chore(deps): update dependency @ apollo/client to v3.3.21 (#5426)
- b61f082 chore(deps): update dependency nock to v13.1.1 (#5423)
- fab9351 chore(deps): update dependency @ types/uuid to v8.3.1 (#5421)
- ad2cdb5 Release
See the full diffPackage name: apollo-server-express
The new version differs by 250 commits.- bcfd36c Release
- a97684f docs: get ready for 3.0.0 to be released to `next` (#5442)
- 81ae16f Update header comment to say @ 3.x instead of @ rc
- 76344b6 docs/READMEs: add `@ 3.x` to all `npm install` invocations
- 537cf1c docs: remove migration to 2.x doc (old, already unlinked)
- 348aa97 chore(deps): update dependency @ types/node-fetch to v2.5.11 (#5441)
- 74b1d97 chore(deps): update dependency @ types/lru-cache to v5.1.1 (#5440)
- c8062f7 chore(deps): update dependency @ types/lodash to v4.14.171 (#5439)
- 84b7587 chore(deps): update dependency @ types/koa-router to v7.4.3 (#5438)
- 4a8726c chore(deps): update dependency @ types/jest to v26.0.24 (#5437)
- 87d4dcf chore(deps): update dependency @ types/ioredis to v4.26.5 (#5436)
- 6ce5ecc chore(deps): update dependency @ types/hapi__hapi to v20.0.9 (#5435)
- d60fd62 chore(deps): update dependency @ types/express-serve-static-core to v4.17.23 (#5434)
- d948605 chore(deps): update dependency @ types/express to v4.17.13 (#5433)
- 8aca7a4 chore(deps): update dependency @ types/cors to v2.8.11 (#5432)
- 3f0450b chore(deps): update dependency @ types/connect to v3.4.35 (#5431)
- 02e71dd chore(deps): update dependency @ types/bunyan to v1.8.7 (#5430)
- 055b67d chore(deps): update dependency @ types/body-parser to v1.19.1 (#5429)
- e7c0329 chore(deps): update dependency @ types/aws-lambda to v8.10.78 (#5428)
- e5fbaf6 chore(deps): update dependency @ types/async-retry to v1.4.3 (#5427)
- f30bc26 chore(deps): update dependency @ apollo/client to v3.3.21 (#5426)
- b61f082 chore(deps): update dependency nock to v13.1.1 (#5423)
- fab9351 chore(deps): update dependency @ types/uuid to v8.3.1 (#5421)
- ad2cdb5 Release
See the full diffPackage name: bcrypt
The new version differs by 91 commits.- 2f124bd Fix artifact upload path
- 10eacf5 Prepare v5.0.1
- 6eacfe1 Merge pull request #856 from kelektiv/update-deps
- feb477c Update node-pre-gyp to 1.0.0
- 42c8b0c Merge pull request #852 from kelektiv/update-deps
- bafefc3 Update packages
- 7c5d8df Merge pull request #851 from recrsn/node-15-ci
- 1ba55f9 Add Node 15 to CI
- 19c06c1 Update Node version compatibility info
- 09cb4fc Merge pull request #825 from dogon11/patch-1
- 2821c03 Merge pull request #811 from techhead/use_buffers
- 63c8403 Merge pull request #838 from alete89/docs/improve-hash-info
- 984ef18 remove reference to $2y$ algo identifier
- 630c897 fixes: #828
- 0f93284 README.md typo fix
- 4125ebc Update README.md
- f503e57 Create SECURITY.md
- f158e6e Allow optional use of Node Buffers.
- 8866277 Deploy on any travis tag
- 61139e6 v5.0.0
- 1bde62c Update node-pre-gyp to 0.15.0
- 40770d6 Add NodeJS 14 to appveyor CI
- 5916a46 Merge pull request #807 from techhead/known_length
- f28e916 Reword comment
See the full diffPackage name: jest-config
The new version differs by 250 commits.- be16e47 v27.0.0
- 63102ec chore: update changelog for release
- 564694a docs(blog): Jest 27 blog post (#11131)
- b68d91b feat(pretty-print): add option `printBasicPrototype` (#11441)
- 2226742 chore: minor simplify format results error (#11432)
- 78eb25d chore: remove needless assign (#11433)
- 696c455 chore: update lockfile after publish
- e2eb9ae v27.0.0-next.11
- 3b253f8 Wait for closed resources to actually close before detecting open handles (#11429)
- 27bee72 fix: run GC before collecting open handles (#11278)
- 50451df feat: use fallback if prettier not found (#11400)
- 150dbd8 chore: update lockfile after publish
- 6f44529 v27.0.0-next.10
- cbcec7d Upgrade fsevents in jest-haste-map (#11428)
- 9633a26 feat: support reporters written in ESM (#11427)
- 59f42d8 fix: do not cache modules that throw during evaluation (#11263)
- 57e32e9 Detect open handles with done callbacks (#11382)
- a397607 Document and test dontThrow for custom inline snapshot matchers (#10995)
- 4fa3a0b feat: custom haste (#11107)
- 2047a36 chore: bump deps (#11419)
- a4358d6 chore: run prettier on changelog
- bdd6282 Move all default values into `jest-config` (#9924)
- db643a1 Link to Jest config (#11106)
- b16082c Fix locale issue #10014 (#11412)
See the full diff