ohcnetwork / stay_be

CoronaSafe Stay BE NestJS
MIT License
4 stars 8 forks source link

[Snyk] Security upgrade @nestjs/swagger from 3.1.0 to 4.6.0 #88

Open snyk-bot opened 4 years ago

snyk-bot commented 4 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 636/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.3
Prototype Pollution
SNYK-JS-LODASH-567746
Yes Proof of Concept
high severity 561/1000
Why? Recently disclosed, CVSS 9.8
Prototype Pollution
SNYK-JS-LODASH-590103
Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @nestjs/swagger The new version differs by 250 commits.
  • 4226293 chore(): release v4.6.0
  • d9bae0d Merge branch 'qbcbyb-descriptionFromCommentInPlugin'
  • b2daad6 feat(): add comments introspection
  • 7b96d7f fix(): resolve conflicts
  • 5de276c Merge branch 'master' of https://github.com/nestjs/swagger
  • 1f5be6b Merge branch 'artemsmirnov-fix-watched-dto-updates'
  • ba75282 fix(): resolve conflicts
  • e224875 Merge pull request #869 from dsebastien/master
  • 1f961d7 Merge pull request #910 from m-shaka/add-ref-to-apiResponse
  • 266dc31 Merge branch 'tmtron-912_cli_nullable'
  • 9f2028b fix(): align with the rest of codebase
  • 766956e Merge branch '912_cli_nullable' of https://github.com/tmtron/swagger into tmtron-912_cli_nullable
  • 912c215 Merge branch 'master' of https://github.com/nestjs/swagger
  • e96f2a0 fix(): fix windows webpack relative paths issue
  • 38ff33a Merge pull request #918 from nestjs/renovate/nestjs-mapped-types-0.x
  • fb731c7 fix(deps): update dependency @nestjs/mapped-types to v0.1.0
  • 8585d94 Merge pull request #917 from nestjs/renovate/jest-monorepo
  • ff57b4a Merge pull request #916 from tmtron/914_default_jest_config_file_name
  • 072e36b chore(deps): update dependency jest to v26.4.1
  • 6914b12 feat(@nestjs/swagger): use default name for jest config
  • 0038627 feat(@nestjs/swagger): CLI plugin no supports nullable
  • 037e9c9 Merge pull request #901 from nestjs/renovate/lodash-monorepo
  • c417059 chore(deps): update dependency release-it to v13.6.8
  • a0b5ec0 feat(api-response): support $ref
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

sonarcloud[bot] commented 4 years ago

Kudos, SonarCloud Quality Gate passed!

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities (and Security Hotspot 0 Security Hotspots to review)
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information