nestjs-graphql-best-practice
nestjs-graphql-best-practice copied to clipboard
Published
20 hours ago •
chnirt
chnirt
[Snyk] Fix for 6 vulnerabilities
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908 |
Yes | Proof of Concept |
|
589/1000 Why? Has a fix available, CVSS 7.5 |
Denial of Service (DoS) SNYK-JS-APOLLOSERVERCORE-2928764 |
Yes | No Known Exploit |
|
761/1000 Why? Mature exploit, Has a fix available, CVSS 7.5 |
Denial of Service (DoS) SNYK-JS-DICER-2311764 |
Yes | Mature |
 |
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5 |
Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831 |
Yes | Proof of Concept |
|
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5 |
Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873 |
Yes | Proof of Concept |
|
589/1000 Why? Has a fix available, CVSS 7.5 |
Prototype Pollution SNYK-JS-UNSETVALUE-2400660 |
Yes | No Known Exploit |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: @nestjs/graphql
The new version differs by 59 commits.- 83b4919 Merge pull request #1439 from nestjs/8.0.0
- 1eec21f chore(): resolve conflicts
- 6e1013b Merge pull request #1553 from nestjs/renovate/major-jest-monorepo
- f07a22c Merge pull request #1556 from nestjs/renovate/typescript-4.x
- 5320b6f Merge pull request #1614 from nestjs/renovate/nestjs-mapped-types-1.x
- 0f62a6a chore(): upgrade deps
- 57b9abb chore(): resolve conflicts
- ba1df95 chore(deps): update jest monorepo
- 2ffeb0c chore(deps): update dependency typescript to v4.3.5
- 5a36644 fix(deps): update dependency @ nestjs/mapped-types to v1
- eaaf54d Merge pull request #1502 from nestjs/renovate/apollo-graphql-packages
- fe2d15f Merge pull request #1600 from nestjs/renovate/fast-glob-3.x
- 23ac7ae chore(deps): update apollo graphql packages
- 0f81aaf chore(deps): update dependency @ types/node-fetch to v2.5.11
- 8b87f53 chore(deps): update dependency @ types/jest to v26.0.24
- 07c8c68 chore(deps): update dependency husky to v7.0.1
- 1fa5f09 chore(deps): update typescript-eslint monorepo to v4.28.2
- 3a7468e chore(deps): update dependency eslint to v7.30.0
- d1af144 chore(deps): update dependency husky to v7
- 392a9ae Merge pull request #1605 from shian15810/apollo
- e751df4 fix(gateway): import d.ts from @ apollo/gateway instead of ts
- bf8202a fix(federation): import d.ts from @ apollo/federation instead of ts
- 0355db6 chore(deps): update typescript-eslint monorepo to v4.28.1
- f9780b5 fix(deps): update dependency fast-glob to v3.2.6
Package name: apollo-server
The new version differs by 250 commits.- bcfd36c Release
- a97684f docs: get ready for 3.0.0 to be released to `next` (#5442)
- 81ae16f Update header comment to say @ 3.x instead of @ rc
- 76344b6 docs/READMEs: add `@ 3.x` to all `npm install` invocations
- 537cf1c docs: remove migration to 2.x doc (old, already unlinked)
- 348aa97 chore(deps): update dependency @ types/node-fetch to v2.5.11 (#5441)
- 74b1d97 chore(deps): update dependency @ types/lru-cache to v5.1.1 (#5440)
- c8062f7 chore(deps): update dependency @ types/lodash to v4.14.171 (#5439)
- 84b7587 chore(deps): update dependency @ types/koa-router to v7.4.3 (#5438)
- 4a8726c chore(deps): update dependency @ types/jest to v26.0.24 (#5437)
- 87d4dcf chore(deps): update dependency @ types/ioredis to v4.26.5 (#5436)
- 6ce5ecc chore(deps): update dependency @ types/hapi__hapi to v20.0.9 (#5435)
- d60fd62 chore(deps): update dependency @ types/express-serve-static-core to v4.17.23 (#5434)
- d948605 chore(deps): update dependency @ types/express to v4.17.13 (#5433)
- 8aca7a4 chore(deps): update dependency @ types/cors to v2.8.11 (#5432)
- 3f0450b chore(deps): update dependency @ types/connect to v3.4.35 (#5431)
- 02e71dd chore(deps): update dependency @ types/bunyan to v1.8.7 (#5430)
- 055b67d chore(deps): update dependency @ types/body-parser to v1.19.1 (#5429)
- e7c0329 chore(deps): update dependency @ types/aws-lambda to v8.10.78 (#5428)
- e5fbaf6 chore(deps): update dependency @ types/async-retry to v1.4.3 (#5427)
- f30bc26 chore(deps): update dependency @ apollo/client to v3.3.21 (#5426)
- b61f082 chore(deps): update dependency nock to v13.1.1 (#5423)
- fab9351 chore(deps): update dependency @ types/uuid to v8.3.1 (#5421)
- ad2cdb5 Release
Package name: apollo-server-express
The new version differs by 250 commits.- bcfd36c Release
- a97684f docs: get ready for 3.0.0 to be released to `next` (#5442)
- 81ae16f Update header comment to say @ 3.x instead of @ rc
- 76344b6 docs/READMEs: add `@ 3.x` to all `npm install` invocations
- 537cf1c docs: remove migration to 2.x doc (old, already unlinked)
- 348aa97 chore(deps): update dependency @ types/node-fetch to v2.5.11 (#5441)
- 74b1d97 chore(deps): update dependency @ types/lru-cache to v5.1.1 (#5440)
- c8062f7 chore(deps): update dependency @ types/lodash to v4.14.171 (#5439)
- 84b7587 chore(deps): update dependency @ types/koa-router to v7.4.3 (#5438)
- 4a8726c chore(deps): update dependency @ types/jest to v26.0.24 (#5437)
- 87d4dcf chore(deps): update dependency @ types/ioredis to v4.26.5 (#5436)
- 6ce5ecc chore(deps): update dependency @ types/hapi__hapi to v20.0.9 (#5435)
- d60fd62 chore(deps): update dependency @ types/express-serve-static-core to v4.17.23 (#5434)
- d948605 chore(deps): update dependency @ types/express to v4.17.13 (#5433)
- 8aca7a4 chore(deps): update dependency @ types/cors to v2.8.11 (#5432)
- 3f0450b chore(deps): update dependency @ types/connect to v3.4.35 (#5431)
- 02e71dd chore(deps): update dependency @ types/bunyan to v1.8.7 (#5430)
- 055b67d chore(deps): update dependency @ types/body-parser to v1.19.1 (#5429)
- e7c0329 chore(deps): update dependency @ types/aws-lambda to v8.10.78 (#5428)
- e5fbaf6 chore(deps): update dependency @ types/async-retry to v1.4.3 (#5427)
- f30bc26 chore(deps): update dependency @ apollo/client to v3.3.21 (#5426)
- b61f082 chore(deps): update dependency nock to v13.1.1 (#5423)
- fab9351 chore(deps): update dependency @ types/uuid to v8.3.1 (#5421)
- ad2cdb5 Release
Package name: bcrypt
The new version differs by 91 commits.- 2f124bd Fix artifact upload path
- 10eacf5 Prepare v5.0.1
- 6eacfe1 Merge pull request #856 from kelektiv/update-deps
- feb477c Update node-pre-gyp to 1.0.0
- 42c8b0c Merge pull request #852 from kelektiv/update-deps
- bafefc3 Update packages
- 7c5d8df Merge pull request #851 from recrsn/node-15-ci
- 1ba55f9 Add Node 15 to CI
- 19c06c1 Update Node version compatibility info
- 09cb4fc Merge pull request #825 from dogon11/patch-1
- 2821c03 Merge pull request #811 from techhead/use_buffers
- 63c8403 Merge pull request #838 from alete89/docs/improve-hash-info
- 984ef18 remove reference to $2y$ algo identifier
- 630c897 fixes: #828
- 0f93284 README.md typo fix
- 4125ebc Update README.md
- f503e57 Create SECURITY.md
- f158e6e Allow optional use of Node Buffers.
- 8866277 Deploy on any travis tag
- 61139e6 v5.0.0
- 1bde62c Update node-pre-gyp to 0.15.0
- 40770d6 Add NodeJS 14 to appveyor CI
- 5916a46 Merge pull request #807 from techhead/known_length
- f28e916 Reword comment
Package name: jest-config
The new version differs by 250 commits.- be16e47 v27.0.0
- 63102ec chore: update changelog for release
- 564694a docs(blog): Jest 27 blog post (#11131)
- b68d91b feat(pretty-print): add option `printBasicPrototype` (#11441)
- 2226742 chore: minor simplify format results error (#11432)
- 78eb25d chore: remove needless assign (#11433)
- 696c455 chore: update lockfile after publish
- e2eb9ae v27.0.0-next.11
- 3b253f8 Wait for closed resources to actually close before detecting open handles (#11429)
- 27bee72 fix: run GC before collecting open handles (#11278)
- 50451df feat: use fallback if prettier not found (#11400)
- 150dbd8 chore: update lockfile after publish
- 6f44529 v27.0.0-next.10
- cbcec7d Upgrade fsevents in jest-haste-map (#11428)
- 9633a26 feat: support reporters written in ESM (#11427)
- 59f42d8 fix: do not cache modules that throw during evaluation (#11263)
- 57e32e9 Detect open handles with done callbacks (#11382)
- a397607 Document and test dontThrow for custom inline snapshot matchers (#10995)
- 4fa3a0b feat: custom haste (#11107)
- 2047a36 chore: bump deps (#11419)
- a4358d6 chore: run prettier on changelog
- bdd6282 Move all default values into `jest-config` (#9924)
- db643a1 Link to Jest config (#11106)
- b16082c Fix locale issue #10014 (#11412)
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Regular Expression Denial of Service (ReDoS) 🦉 Server-side Request Forgery (SSRF) 🦉 Prototype Pollution
