search

gms1 / HomeOfThings

MIT License
5 stars 1 forks source link

[Snyk] Security upgrade @nestjs/platform-express from 10.3.3 to 10.3.6 #9

Closed gms1 closed 4 months ago

gms1 commented 5 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json
⚠️ Warning ``` Failed to update the package-lock.json, please update manually before merging. ```
#### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **591/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 6.1 | Open Redirect
[SNYK-JS-EXPRESS-6474509](https://snyk.io/vuln/SNYK-JS-EXPRESS-6474509) | No | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: @nestjs/platform-express The new version differs by 250 commits.
  • 1f2fae7 chore(@ nestjs) publish v10.3.6 release
  • 50385de Merge pull request #13362 from nestjs/dependabot/npm_and_yarn/grpc/proto-loader-0.7.11
  • 872ab40 Merge pull request #13367 from nestjs/revert-13328-fix/redundant-emit-code
  • f416f5a Revert "fix(microservices): fix redundant code to emit error"
  • f29f932 Merge pull request #13366 from breeeew/fix-request-scope-leak
  • 274011d chore(deps-dev): bump @ grpc/proto-loader from 0.7.10 to 0.7.11
  • ccbbe06 Merge pull request #13358 from nestjs/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-7.4.0
  • 1757840 Merge pull request #13361 from nestjs/dependabot/npm_and_yarn/mocha-10.4.0
  • e133595 Merge pull request #13363 from nestjs/dependabot/npm_and_yarn/grpc/grpc-js-1.10.4
  • 743c4b6 Merge pull request #13364 from nestjs/dependabot/npm_and_yarn/mysql2-3.9.3
  • 6a7f74f fix(core): break reference chain to instance object
  • 4510f6d chore(deps-dev): bump mysql2 from 3.9.2 to 3.9.3
  • b3f0b65 chore(deps-dev): bump @ grpc/grpc-js from 1.10.3 to 1.10.4
  • 0782837 chore(deps-dev): bump mocha from 10.3.0 to 10.4.0
  • 334b27b chore(deps-dev): bump @ typescript-eslint/eslint-plugin
  • ddc1265 Merge pull request #13355 from nestjs/dependabot/npm_and_yarn/apollo/server-4.10.2
  • 560e350 Merge pull request #13359 from nestjs/dependabot/npm_and_yarn/typescript-eslint/parser-7.4.0
  • b3a7510 Merge pull request #13357 from nestjs/dependabot/npm_and_yarn/express-4.19.2
  • 70dea80 chore(deps-dev): bump @ typescript-eslint/parser from 7.3.1 to 7.4.0
  • 8b1a1dd chore(deps): bump express from 4.19.1 to 4.19.2
  • 2957483 chore(deps-dev): bump @ apollo/server from 4.10.1 to 4.10.2
  • 1a605dd Merge branch 'master' of https://github.com/nestjs/nest
  • 8bf0015 chore: update readme
  • 09857ae Merge pull request #13343 from nestjs/dependabot/npm_and_yarn/core-js-3.36.1
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/gms1/project/f6ede07a-40d8-488e-9cbb-708d8d4b2864?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/gms1/project/f6ede07a-40d8-488e-9cbb-708d8d4b2864?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"6623e16a-9058-455b-b243-385df141dfb3","prPublicId":"6623e16a-9058-455b-b243-385df141dfb3","dependencies":[{"name":"@nestjs/platform-express","from":"10.3.3","to":"10.3.6"}],"packageManager":"npm","projectPublicId":"f6ede07a-40d8-488e-9cbb-708d8d4b2864","projectUrl":"https://app.snyk.io/org/gms1/project/f6ede07a-40d8-488e-9cbb-708d8d4b2864?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-EXPRESS-6474509"],"upgrade":["SNYK-JS-EXPRESS-6474509"],"isBreakingChange":false,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","pr-warning-shown","priorityScore"],"priorityScoreList":[591],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Open Redirect](https://learn.snyk.io/lesson/open-redirect/?loc=fix-pr)
gms1 commented 4 months ago

build failed because this project requires a valid package-lock.json this PR is obsolete now