nestjs-graphql-best-practice icon indicating copy to clipboard operation
nestjs-graphql-best-practice copied to clipboard

Published 20 hours ago verified publisher icon chnirt

[Snyk] Security upgrade @nestjs/graphql from 7.11.0 to 8.0.0

Open chnirt opened this issue 1 year ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 823/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.6		 Server-side Request Forgery (SSRF)
SNYK-JS-IP-6240864		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @nestjs/graphql The new version differs by 59 commits.
  • 83b4919 Merge pull request #1439 from nestjs/8.0.0
  • 1eec21f chore(): resolve conflicts
  • 6e1013b Merge pull request #1553 from nestjs/renovate/major-jest-monorepo
  • f07a22c Merge pull request #1556 from nestjs/renovate/typescript-4.x
  • 5320b6f Merge pull request #1614 from nestjs/renovate/nestjs-mapped-types-1.x
  • 0f62a6a chore(): upgrade deps
  • 57b9abb chore(): resolve conflicts
  • ba1df95 chore(deps): update jest monorepo
  • 2ffeb0c chore(deps): update dependency typescript to v4.3.5
  • 5a36644 fix(deps): update dependency @ nestjs/mapped-types to v1
  • eaaf54d Merge pull request #1502 from nestjs/renovate/apollo-graphql-packages
  • fe2d15f Merge pull request #1600 from nestjs/renovate/fast-glob-3.x
  • 23ac7ae chore(deps): update apollo graphql packages
  • 0f81aaf chore(deps): update dependency @ types/node-fetch to v2.5.11
  • 8b87f53 chore(deps): update dependency @ types/jest to v26.0.24
  • 07c8c68 chore(deps): update dependency husky to v7.0.1
  • 1fa5f09 chore(deps): update typescript-eslint monorepo to v4.28.2
  • 3a7468e chore(deps): update dependency eslint to v7.30.0
  • d1af144 chore(deps): update dependency husky to v7
  • 392a9ae Merge pull request #1605 from shian15810/apollo
  • e751df4 fix(gateway): import d.ts from @ apollo/gateway instead of ts
  • bf8202a fix(federation): import d.ts from @ apollo/federation instead of ts
  • 0355db6 chore(deps): update typescript-eslint monorepo to v4.28.1
  • f9780b5 fix(deps): update dependency fast-glob to v3.2.6

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Server-side Request Forgery (SSRF)

chnirt avatar Feb 11 '24 17:02 chnirt