nestjs-relay icon indicating copy to clipboard operation
nestjs-relay copied to clipboard

Published 20 hours ago verified publisher icon rogerballard

[Snyk] Security upgrade @nestjs/graphql from 7.4.1 to 7.5.2

Open snyk-bot opened this issue 4 years ago • 0 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
high severity Prototype Pollution
SNYK-JS-LODASH-608086		 No Proof of Concept
Commit messages
Package name: @nestjs/graphql The new version differs by 106 commits.
  • 9083765 chore(): release v7.5.2
  • 58def40 chore(): update apollo to the latest packages
  • 552f602 Merge branch 'leerw4-feature/gql-schema-from-nodemodules'
  • d78bff5 refactor(): extract include node modules to a sep function
  • 480963a Merge branch 'feature/gql-schema-from-nodemodules' of https://github.com/leerw4/graphql into leerw4-feature/gql-schema-from-nodemodules
  • 080670e Merge pull request #1026 from nestjs/renovate/lodash-monorepo
  • 5374dc7 Merge pull request #996 from mattleff/transform-autoSchemaFile
  • bb9fb6f fix(deps): update dependency lodash to v4.17.19
  • 9fc60d2 chore(deps): update nest monorepo to v7.3.2
  • b9f3fd8 Merge pull request #1024 from nestjs/renovate/lodash-monorepo
  • 52747b0 fix(deps): update dependency lodash to v4.17.17
  • 2b5a9e9 chore(deps): update dependency @types/jest to v26.0.4
  • 9691229 chore(deps): update typescript-eslint monorepo to v3.6.0
  • 211a088 chore(deps): update dependency graphql to v15.3.0
  • dceb871 chore(deps): update dependency eslint to v7.4.0
  • 73bca3e feat(): Apply transformSchema to autoSchemaFile
  • cf83e1f Merge pull request #1017 from nestjs/renovate/graphql-tools-monorepo
  • 61b01a5 chore(): release v7.5.1
  • fc50a23 Merge pull request #1006 from dotellie/fix/duplicate-types
  • 0e361ee fix(federation): remove duplicate types in schema (#1001)
  • f60e51f fix(deps): update graphql-tools monorepo to v6.0.12
  • fd52b0c chore(): release v7.5.0
  • b4cf611 fix(test): fix sorted schema snapshot
  • ad38ca0 Merge pull request #997 from mattleff/sort-schema

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

snyk-bot avatar Aug 27 '20 21:08 snyk-bot