Update dependency @nestjs/common [SECURITY] by renovate[bot] · Pull Request #521 · neo4j-devtools/relate

renovate · 2025-04-11T22:38:46Z

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
@nestjs/common (source)	`9.4.3` → `10.4.16`
@nestjs/common (source)	`^9.0.0` → `^9.0.0 \|\| ^11.0.0`

nest allows a remote attacker to execute arbitrary code via the Content-Type header

CVE-2024-29409 / GHSA-cj7v-w2c7-cp7c

More information

Details

File Upload vulnerability in nestjs nest prior to v.11.0.16 allows a remote attacker to execute arbitrary code via the Content-Type header.

Severity

CVSS Score: 5.5 / 10 (Medium)
Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

Release Notes

nestjs/nest (@nestjs/common)

`v10.4.16`

Compare Source

What's Changed

fix(common): introduce magic file type validator to nestjs common by @Chathula in #14948

Full Changelog: nestjs/nest@v10.4.15...v10.4.16

`v10.4.15`

Compare Source

v10.4.15 (2024-12-09)

Dependencies

platform-express
- #14282 fix(deps): update dependency express to v4.21.2 (@renovate[bot])

`v10.4.14`

Compare Source

`v10.4.13`

Compare Source

v10.4.13 (2024-12-03)

Bug fixes

common
- #14256 chore(common): Add type declaration for RawBody decorator with pipes (@sapenlei)

Dependencies

#14257 fix(deps): update dependency @fastify/static to v7.0.4 (@renovate[bot])
#14258 fix(deps): update dependency @nestjs/sequelize to v10.0.1 (@renovate[bot])
#14249 chore(deps): bump @apollo/gateway from 2.4.8 to 2.8.5 in /sample/32-graphql-federation-schema-first/users-application (@dependabot[bot])
#14250 chore(deps): update jest monorepo (@renovate[bot])
#14245 chore(deps): update dependency mqtt to v5.10.3 (@renovate[bot])
#14247 fix(deps): update nest monorepo to v10.4.12 (@renovate[bot])
#14251 chore(deps-dev): bump graphql-tools from 9.0.3 to 9.0.5 (@dependabot[bot])
#14246 chore(deps): update nest monorepo (@renovate[bot])

Committers: 3

Kamil Mysliwiec (@kamilmysliwiec)
Micael Levi L. Cavalcante (@micalevisk)
sapenlei (@sapenlei)

`v10.4.12`

Compare Source

v10.4.12 (2024-11-29)

Bug fixes

common
- #14241 fix(common): enforce string type in validationpipe (@LhonRafaat)

Dependencies

Other
- #14243 chore(deps): update dependency @types/node to v20.17.9 (@renovate[bot])
- #14240 chore(deps): update dependency @types/multer to v1.4.12 (@renovate[bot])
- #14239 chore(deps): update dependency @types/chai to v4.3.20 (@renovate[bot])
- #14237 chore(deps): update confluentinc/cp-zookeeper docker tag to v7.7.2 (@renovate[bot])
- #14236 chore(deps): update confluentinc/cp-kafka docker tag to v7.7.2 (@renovate[bot])
- #12253 fix(deps): update apollo graphql packages (@renovate[bot])
- #14235 chore(deps-dev): bump @commitlint/config-angular from 19.5.0 to 19.6.0 (@dependabot[bot])
- #14233 chore(deps): update nest monorepo (@renovate[bot])
- #14232 fix(deps): update dependency path-to-regexp to v3.3.0 [security] (@renovate[bot])
- #14229 chore(deps): update mongo docker tag to v8 (@renovate[bot])
- #14228 chore(deps): update dependency @types/node to v22.10.0 (@renovate[bot])
- #14227 fix(deps): update nest-graphql monorepo to v12.2.1 (@renovate[bot])
- #14224 fix(deps): update dependency sequelize to v6.37.5 (@renovate[bot])
- #14230 chore(deps): update mysql docker tag to v9 (@renovate[bot])
- #14231 fix(deps): update dependency @nestjs/swagger to v8 (@renovate[bot])
common, core, microservices, platform-express, platform-fastify, platform-socket.io, platform-ws, testing, websockets
- #14226 fix(deps): update dependency tslib to v2.8.1 (@renovate[bot])
platform-socket.io
- #14225 fix(deps): update dependency socket.io to v4.8.1 (@renovate[bot])

v10.4.10 (2024-11-27)

Bug fixes

platform-socket.io, websockets
- #14204 fix(websockets): ensure non-shared servers call close method (@sapenlei)

Dependencies

#14221 chore(deps): update mysql docker tag to v8.4.3 (@renovate[bot])
#14220 chore(deps): update dependency webpack to v5.96.1 (@renovate[bot])
#14219 chore(deps): update dependency nodemon to v3.1.7 (@renovate[bot])
#14218 chore(deps): update confluentinc/cp-zookeeper docker tag to v7.7.1 (@renovate[bot])
#14217 chore(deps): update confluentinc/cp-kafka docker tag to v7.7.1 (@renovate[bot])
#14216 fix(deps): update dependency rimraf to v5.0.10 (@renovate[bot])
#14215 fix(deps): update dependency dotenv to v16.4.5 (@renovate[bot])
#14214 fix(deps): update dependency @grpc/reflection to v1.0.4 (@renovate[bot])
#12940 fix(deps): update dependency mongoose to v8.8.3 (@renovate[bot])
#14207 chore(deps): update dependency @types/dotenv to v8.2.3 (@renovate[bot])
#14208 chore(deps): update dependency @types/node to v20.17.8 (@renovate[bot])
#14209 chore(deps): update dependency amqplib to v0.10.5 (@renovate[bot])
#14212 chore(deps): update dependency webpack to v5.94.0 [security] (@renovate[bot])
#14210 chore(deps): update dependency husky to v9.1.7 (@renovate[bot])
#14211 chore(deps): update nest monorepo (@renovate[bot])
#14206 chore(deps-dev): bump mongoose from 8.8.1 to 8.8.3 (@dependabot[bot])

Committers: 1

sapenlei (@sapenlei)

`v10.4.9`

Compare Source

v10.4.9 (2024-11-25)

Bug fixes

core, microservices
- #13923 fix(core): merge req context with tenant payload in the request instance (@DylanVeldra)
websockets
- #14185 fix(websockets): Prevent HTTP server early close in Socket.IO shutdown (@sapenlei)
common
- #14181 fix(common): fallback to empty string for enums when validating (swc builder) (@kamilmysliwiec)
core
- #13804 fix(core): dependencies not resolving for transient lazy providers (@patrickacioli)
microservices
- #14163 fix(microservices): grpc client streaming bugs (@kamilmysliwiec)

Enhancements

common, core
- #14175 fix(common,core): align the logic of optional provider (@micalevisk)
microservices
- #12954 feat: emit batch (@gunb0s)

Dependencies

Other
- #14192 chore(deps): update dependency webpack to v5.94.0 [security] (@renovate[bot])
- #14188 chore(deps): bump cross-spawn from 7.0.3 to 7.0.6 in /sample/30-event-emitter (@dependabot[bot])
- #14187 chore(deps): bump cookie and @nestjs/platform-express in /sample/34-using-esm-packages (@dependabot[bot])
- #14189 chore(deps): bump cross-spawn from 7.0.3 to 7.0.6 in /sample/19-auth-jwt (@dependabot[bot])
- #14186 chore(deps): bump cross-spawn from 7.0.3 to 7.0.6 in /sample/31-graphql-federation-code-first/posts-application (@dependabot[bot])
- #14183 chore(deps): bump cross-spawn from 7.0.3 to 7.0.6 in /sample/32-graphql-federation-schema-first/posts-application (@dependabot[bot])
- #14176 chore(deps): bump cross-spawn from 7.0.3 to 7.0.6 in /sample/32-graphql-federation-schema-first/users-application (@dependabot[bot])
- #14179 chore(deps-dev): bump @types/mocha from 10.0.9 to 10.0.10 (@dependabot[bot])
- #14174 chore(deps): bump cross-spawn from 7.0.3 to 7.0.6 in /sample/22-graphql-prisma (@dependabot[bot])
- #14173 chore(deps): bump cross-spawn from 7.0.3 to 7.0.6 in /sample/28-sse (@dependabot[bot])
- #14165 chore(deps-dev): bump @typescript-eslint/parser from 8.14.0 to 8.15.0 (@dependabot[bot])
- #14171 chore(deps): bump cross-spawn from 7.0.3 to 7.0.6 in /sample/11-swagger (@dependabot[bot])
- #14172 chore(deps): bump cookie and @nestjs/platform-express in /sample/35-use-esm-package-after-node22 (@dependabot[bot])
- #14170 chore(deps): bump cross-spawn from 7.0.3 to 7.0.6 in /sample/24-serve-static (@dependabot[bot])
- #14169 chore(deps): bump cross-spawn from 7.0.3 to 7.0.6 in /sample/15-mvc (@dependabot[bot])
- #14164 chore(deps): bump cross-spawn from 7.0.3 to 7.0.6 in /sample/01-cats-app (@dependabot[bot])
- #14167 chore(deps-dev): bump @typescript-eslint/eslint-plugin from 8.14.0 to 8.15.0 (@dependabot[bot])
- #14161 chore(deps): bump cross-spawn from 7.0.3 to 7.0.5 in /sample/25-dynamic-modules (@dependabot[bot])
- #14159 chore(deps): bump cross-spawn from 7.0.3 to 7.0.5 in /sample/33-graphql-mercurius (@dependabot[bot])
- #13632 fix(deps): update dependency mysql2 to v3.9.8 [security] (@renovate[bot])
- #14151 chore(deps): bump cross-spawn from 7.0.3 to 7.0.5 in /sample/27-scheduling (@dependabot[bot])
- #14155 build(sample): replace cli-color with smaller and faster ansis (@webdiscus)
- #14146 chore(deps): bump cookie and @nestjs/platform-express in /sample/28-sse (@dependabot[bot])
- #14149 chore(deps): bump cross-spawn from 7.0.3 to 7.0.5 in /sample/32-graphql-federation-schema-first/gateway (@dependabot[bot])
- #12995 chore(deps): update dependency supertest to v6.3.4 (@renovate[bot])
- #12815 chore(deps): update dependency @types/node to v20.17.6 (@renovate[bot])
- #14147 chore: upgrade deps (@kamilmysliwiec)
- #14144 chore(deps): bump cookie, light-my-request and @nestjs/platform-fastify in /sample/33-graphql-mercurius (@dependabot[bot])
platform-fastify
- #14191 chore(deps): bump light-my-request from 6.1.0 to 6.3.0 (@dependabot[bot])

Committers: 7

Kamil Mysliwiec (@kamilmysliwiec)
Micael Levi L. Cavalcante (@micalevisk)
Patrick Acioli (@patrickacioli)
@DylanVeldra
@webdiscus
cain (@gunb0s)
sapenlei (@sapenlei)

`v10.4.8`

Compare Source

v10.4.8 (2024-11-15)

Bug fixes

microservices
- #14059 fix(microservices): include discarded rmq client options (@v-sum)
- #14132 fix(microservices): no messages emitted with mqtt when qos set (@kamilmysliwiec)
core
- #14133 fix(core): flaky durable provider, remove instance on error (@kamilmysliwiec)

Enhancements

core
- #14143 feat(core): expose listening stream from http adapter host (@kamilmysliwiec)
- #14139 chore(core): defer application shutdown until init finishes (@mksony)

Committers: 3

Kamil Mysliwiec (@kamilmysliwiec)
Max (@mksony)
Vasile Sumanschi (@v-sum)

`v10.4.7`

Compare Source

`v10.4.6`

Compare Source

`v10.4.5`

Compare Source

v10.4.5 (2024-10-16)

Dependencies

platform-express
- #14060 build(express): upgrade to express 4.2.1 (@ezintz)
Other
- #13903 chore(deps): bump ws and @nestjs/graphql in /sample/31-graphql-federation-code-first/posts-application (@dependabot[bot])
- #13917 chore(deps): bump micromatch from 4.0.4 to 4.0.8 in /sample/32-graphql-federation-schema-first/posts-application (@dependabot[bot])
- #14015 chore(deps): bump find-my-way from 8.1.0 to 8.2.2 in /sample/10-fastify (@dependabot[bot])
- #14039 chore(deps): bump serve-static, express and @nestjs/platform-express in /sample/23-graphql-code-first (@dependabot[bot])
- #14040 chore(deps): bump send, @nestjs/platform-express and express in /sample/24-serve-static (@dependabot[bot])
- #14034 chore(deps): bump serve-static and @nestjs/platform-express in /sample/28-sse (@dependabot[bot])
- #14035 chore(deps): bump send and @nestjs/platform-express in /sample/28-sse (@dependabot[bot])
- #14030 chore(deps): bump send and @nestjs/platform-express in /sample/25-dynamic-modules (@dependabot[bot])
- #14031 chore(deps): bump serve-static and @nestjs/platform-express in /sample/25-dynamic-modules (@dependabot[bot])
- #14026 chore(deps): bump serve-static and @nestjs/platform-express in /sample/26-queues (@dependabot[bot])
- #14025 chore(deps): bump send and @nestjs/platform-express in /sample/26-queues (@dependabot[bot])
platform-fastify
- #14064 build(fastify): upgrade light-my-request to 6.1.0 (@PattyTrish)

Committers: 5

Eduard Zintz (@ezintz)
Fernando Vargas (@frndvrgs)
Micael Levi L. Cavalcante (@micalevisk)
Patricia Ahern (@PattyTrish)
Rick Dutour Geerling (@tuxmachine)

`v10.4.4`

Compare Source

`v10.4.3`

Compare Source

`v10.4.2`

Compare Source

v10.4.2 (2024-09-16)

Dependencies

common, core, microservices, platform-express, platform-fastify, platform-socket.io, platform-ws, testing, websockets
- #13911 chore(deps): bump tslib from 2.6.3 to 2.7.0 (@dependabot[bot])
platform-fastify
- #13938 chore(deps): bump light-my-request from 5.13.0 to 6.0.0 (@dependabot[bot])
Other
- #13936 chore(deps-dev): bump lint-staged from 15.2.9 to 15.2.10 (@dependabot[bot])
- #13946 chore(deps): bump webpack and @nestjs/cli in /sample/02-gateways (@dependabot[bot])
- #13947 chore(deps-dev): bump webpack from 5.91.0 to 5.94.0 (@dependabot[bot])
- #13966 chore(deps): bump dset from 3.1.2 to 3.1.4 in /sample/32-graphql-federation-schema-first/gateway (@dependabot[bot])
- #13967 chore(deps): bump dset from 3.1.3 to 3.1.4 (@dependabot[bot])
- #13968 chore(deps-dev): bump @commitlint/cli from 19.4.0 to 19.5.0 (@dependabot[bot])
- #13969 chore(deps-dev): bump mongoose from 8.6.0 to 8.6.2 (@dependabot[bot])
- #13973 chore(deps-dev): bump @types/node from 22.5.1 to 22.5.5 (@dependabot[bot])
- #13922 chore(deps): bump @apollo/gateway from 2.2.3 to 2.9.0 in /sample/31-graphql-federation-code-first/users-application (@dependabot[bot])
- #13921 chore(deps): bump @apollo/query-planner from 2.4.8 to 2.9.0 in /sample/31-graphql-federation-code-first/posts-application (@dependabot[bot])
- #13926 chore(deps-dev): bump mongoose from 8.5.3 to 8.6.0 (@dependabot[bot])
- #13928 chore(deps-dev): bump @types/node from 22.5.0 to 22.5.1 (@dependabot[bot])
- #13929 chore(deps-dev): bump @commitlint/config-angular from 19.3.0 to 19.4.1 (@dependabot[bot])
- #13893 chore(deps-dev): bump @typescript-eslint/eslint-plugin from 7.18.0 to 8.2.0 (@dependabot[bot])
- #13896 chore(deps-dev): bump husky from 9.1.4 to 9.1.5 (@dependabot[bot])
- #13897 chore(deps-dev): bump core-js from 3.38.0 to 3.38.1 (@dependabot[bot])
- #13901 chore(deps-dev): bump @types/node from 22.3.0 to 22.5.0 (@dependabot[bot])
- #13902 chore(deps-dev): bump artillery from 2.0.19 to 2.0.20 (@dependabot[bot])
- #13884 chore(deps-dev): bump mongoose from 8.5.2 to 8.5.3 (@dependabot[bot])
- #13885 chore(deps-dev): bump lint-staged from 15.2.8 to 15.2.9 (@dependabot[bot])
- #13890 chore(deps-dev): bump @types/node from 22.2.0 to 22.3.0 (@dependabot[bot])

Committers: 3

Kamil Mysliwiec (@kamilmysliwiec)
Micael Levi L. Cavalcante (@micalevisk)
@haouvw

`v10.4.1`

Compare Source

`v10.4.0`

Compare Source

`v10.3.10`

Compare Source

v10.3.10 (2024-07-01)

Bug fixes

core
- #13712 fix(core): when using forward references on exports array (@micalevisk)

Enhancements

platform-fastify
- #13734 feat(fastify-adapter): support for skipping middie registration (@ancyrweb)

Dependencies

Other
- #13706 chore(deps-dev): bump nodemon from 3.1.3 to 3.1.4 (@dependabot[bot])
- #13716 chore(deps-dev): bump ts-morph from 22.0.0 to 23.0.0 (@dependabot[bot])
- #13697 chore(deps): bump ws from 8.13.0 to 8.17.1 in /sample/16-gateways-ws (@dependabot[bot])
- #13708 chore(deps-dev): bump nats from 2.26.0 to 2.27.0 (@dependabot[bot])
- #13709 chore(deps-dev): bump typescript from 5.4.5 to 5.5.2 (@dependabot[bot])
- #13715 chore(deps-dev): bump graphql from 16.8.2 to 16.9.0 (@dependabot[bot])
- #13718 chore(deps-dev): bump engine.io-client from 6.5.4 to 6.6.0 (@dependabot[bot])
- #13724 chore(deps-dev): bump @types/node from 20.14.6 to 20.14.9 (@dependabot[bot])
- #13672 chore(deps-dev): bump braces from 3.0.2 to 3.0.3 in /sample/26-queues (@dependabot[bot])
- #13693 chore(deps-dev): bump @typescript-eslint/eslint-plugin from 7.13.0 to 7.13.1 (@dependabot[bot])
- #13699 chore(deps-dev): bump engine.io-client from 6.5.3 to 6.5.4 (@dependabot[bot])
- #13702 chore(deps-dev): bump @types/node from 20.14.4 to 20.14.6 (@dependabot[bot])
- #13703 chore(deps): bump fast-json-stringify from 5.16.0 to 5.16.1 (@dependabot[bot])
- #13694 chore(deps-dev): bump mongoose from 8.4.1 to 8.4.3 (@dependabot[bot])
- #13695 chore(deps-dev): bump @typescript-eslint/parser from 7.13.0 to 7.13.1 (@dependabot[bot])
- #13696 chore(deps-dev): bump @types/node from 20.14.2 to 20.14.4 (@dependabot[bot])
- #13678 chore(deps-dev): bump graphql from 16.8.1 to 16.8.2 (@dependabot[bot])
- #13682 chore(deps-dev): bump mysql2 from 3.10.0 to 3.10.1 (@dependabot[bot])
- #13674 chore(deps-dev): bump prettier from 3.3.1 to 3.3.2 (@dependabot[bot])
- #13677 chore(deps-dev): bump lint-staged from 15.2.5 to 15.2.7 (@dependabot[bot])
- #13671 chore(deps-dev): bump braces from 3.0.2 to 3.0.3 in /sample/27-scheduling (@dependabot[bot])
- #13670 chore(deps-dev): bump braces from 3.0.2 to 3.0.3 in /sample/30-event-emitter (@dependabot[bot])
- #13667 chore(deps-dev): bump @typescript-eslint/eslint-plugin from 7.12.0 to 7.13.0 (@dependabot[bot])
- #13665 chore(deps-dev): bump artillery from 2.0.14 to 2.0.15 (@dependabot[bot])
- #13660 chore(deps): bump @grpc/grpc-js from 1.10.0 to 1.10.9 in /sample/04-grpc (@dependabot[bot])
- #13662 chore(deps-dev): bump @grpc/grpc-js from 1.10.8 to 1.10.9 (@dependabot[bot])
- #13663 chore(deps-dev): bump @fastify/multipart from 8.2.0 to 8.3.0 (@dependabot[bot])
- #13666 chore(deps-dev): bump @typescript-eslint/parser from 7.11.0 to 7.13.0 (@dependabot[bot])
- #13669 chore(deps): bump uuid from 9.0.1 to 10.0.0 (@dependabot[bot])
- #13640 chore(deps-dev): bump nodemon from 3.1.2 to 3.1.3 (@dependabot[bot])
- #13641 chore(deps-dev): bump @typescript-eslint/eslint-plugin from 7.11.0 to 7.12.0 (@dependabot[bot])
- #13642 chore(deps-dev): bump mongoose from 8.4.0 to 8.4.1 (@dependabot[bot])
- #13651 chore(deps-dev): bump prettier from 3.2.5 to 3.3.1 (@dependabot[bot])
- #13652 chore(deps-dev): bump @types/node from 20.12.12 to 20.14.2 (@dependabot[bot])
- #13653 chore(deps-dev): bump cache-manager from 5.5.3 to 5.6.1 (@dependabot[bot])
platform-ws
- #13690 chore(deps): bump ws from 8.17.0 to 8.17.1 (@dependabot[bot])
platform-fastify
- #13691 chore(deps): bump fastify from 4.27.0 to 4.28.0 (@dependabot[bot])
common, core, microservices, platform-express, platform-fastify, platform-socket.io, platform-ws, testing, websockets
- #13649 chore(deps): bump tslib from 2.6.2 to 2.6.3 (@dependabot[bot])

Committers: 4

() => { } (@ragavendra)
Anthony Cyrille (@ancyrweb)
Lincoln (@L-Qun)
Micael Levi L. Cavalcante (@micalevisk)

`v10.3.9`

Compare Source

v10.3.9 (2024-06-03)

Bug fixes

core
- #13453 fix(core): possible memory leak when using server side events (@zhengjitf)
- #13405 fix(core): auto flush logs on synchronous internal errors (@micalevisk)
platform-fastify
- #13536 feat(fastify): Do not crash if enableVersioning is not used (@Fcmam5)

Enhancements

platform-ws
- #13531 fix(ws): close existing connections (@bettercalljason)
common, core
- #13428 feat(common): support empty @Inject() on constructor-based injection (@micalevisk)
core
- #13614 fix(core): prevent exclude method from overwriting previous calls (@dragontaek-lee)

Docs

common
- #13471 doc: fix typos & clarify comments (@le-harivansh)

Dependencies

Other
- #13619 chore(deps-dev): bump @typescript-eslint/parser from 7.9.0 to 7.11.0 (@dependabot[bot])
- #13631 chore(deps): bump mysql2 from 3.9.7 to 3.9.8 in /sample/05-sql-typeorm (@dependabot[bot])
- #13624 chore(deps-dev): bump mqtt from 5.6.0 to 5.7.0 (@dependabot[bot])
- #13617 chore(deps-dev): bump lint-staged from 15.2.2 to 15.2.5 (@dependabot[bot])
- #13611 chore(deps-dev): bump cache-manager from 5.5.2 to 5.5.3 (@dependabot[bot])
- #13610 chore(deps): bump fast-json-stringify from 5.15.1 to 5.16.0 (@dependabot[bot])
- #13620 chore(deps-dev): bump @typescript-eslint/eslint-plugin from 7.10.0 to 7.11.0 (@dependabot[bot])
- #13625 chore(deps-dev): bump artillery from 2.0.12 to 2.0.14 (@dependabot[bot])
- #13629 chore(deps-dev): bump nodemon from 3.1.0 to 3.1.2 (@dependabot[bot])
- #13633 chore(deps-dev): bump mysql2 from 3.9.7 to 3.10.0 (@dependabot[bot])
- #13588 chore(deps): bump express and @nestjs/platform-express in /sample/04-grpc (@dependabot[bot])
- #13591 chore(deps): bump express and @nestjs/platform-express in /sample/02-gateways (@dependabot[bot])
- #13592 chore(deps): bump express and @nestjs/platform-express in /sample/01-cats-app (@dependabot[bot])
- #13594 chore(deps-dev): bump core-js from 3.37.0 to 3.37.1 (@dependabot[bot])
- #13595 chore(deps-dev): bump redis from 4.6.13 to 4.6.14 (@dependabot[bot])
- #13596 chore(deps-dev): bump sinon from 17.0.1 to 18.0.0 (@dependabot[bot])
- #13597 chore(deps-dev): bump @grpc/grpc-js from 1.10.7 to 1.10.8 (@dependabot[bot])
- #13602 chore(deps-dev): bump mongoose from 8.3.4 to 8.4.0 (@dependabot[bot])
- #13605 chore(deps-dev): bump nats from 2.25.0 to 2.26.0 (@dependabot[bot])
- #13606 chore(deps-dev): bump @typescript-eslint/eslint-plugin from 7.9.0 to 7.10.0 (@dependabot[bot])
- #13590 chore(deps): bump express and @nestjs/platform-express in /sample/05-sql-typeorm (@dependabot[bot])
- #13589 chore(deps): bump express and @nestjs/platform-express in /sample/03-microservices (@dependabot[bot])
- #13587 chore(deps): bump express and @nestjs/platform-express in /sample/08-webpack (@dependabot[bot])
- #13586 chore(deps): bump express and @nestjs/platform-express in /sample/06-mongoose (@dependabot[bot])
- #13585 chore(deps): bump express and @nestjs/platform-express in /sample/09-babel-example (@dependabot[bot])
- #13584 chore(deps): bump express and @nestjs/platform-express in /sample/07-sequelize (@dependabot[bot])
- #13583 chore(deps): bump express and @nestjs/platform-express in /sample/11-swagger (@dependabot[bot])
- #13576 chore(deps-dev): bump @typescript-eslint/eslint-plugin from 7.8.0 to 7.9.0 (@dependabot[bot])
- #13567 chore(deps): bump express and @nestjs/platform-express in /sample/15-mvc (@dependabot[bot])
- #13570 chore(deps): bump express and @nestjs/platform-express in /sample/19-auth-jwt (@dependabot[bot])
- #13563 chore(deps): bump express and @nestjs/platform-express in /sample/20-cache (@dependabot[bot])
- #13564 chore(deps): bump express and @nestjs/platform-express in /sample/21-serializer (@dependabot[bot])
- #13565 chore(deps): bump express and @nestjs/platform-express in /sample/22-graphql-prisma (@dependabot[bot])
- #13568 chore(deps): bump express and @nestjs/platform-express in /sample/13-mongo-typeorm ([@d

✂ Note

PR body was truncated to here.

Configuration

📅 Schedule: (UTC)

Branch creation
- At any time (no schedule defined)
Automerge
- At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

- @relate/electron@1.0.2-alpha.16 - @relate/web@1.0.2-alpha.16

* now using public NPM registry * added extension verification with code-signer * additional output to ext:list * refactored extension discovery to use cascading defaults from package.json if not in manifest * Allow installing tarballs from URL - bugfix broken code signature for static packages - remove cache entry when installing from file or URL * fix broken TestExtensions * changes from review * address case where version as path is passed but no name * fix flaky windows tests

* Sync package locks on publish * Fix package locks * Fix npm audit issues

* Updated relate client parameters and added support for remote STATIC apps * fix broken test * disable concurrent tests again * changes from review

* Fix setup script hanging on errors * Add xvfb script for Docker tests

* fix(cli): db:exec allow nameOrId, append missing semicolon, reduce extra output * fix(cli): removed extra, conflicting @oclif/errors dependency * fix(common): input stream to cypher-shell may be a string or a raw buffer * fix(cli): create test project, populate with test cypher for db:exec testing * fix(common): all dbs.local operations accept nameOrId

* created relate client RFC * added link to PR * update RFC

* Web: add online check and server status to infoDbmss * CLI: make flag casing consistent across commands And add onlineCheck flag to dbms:info * CLI: remove duplicate calls to dbmss.info * CLI: fix docs links

* now saving access tokens in separate files * changes from review * added dump logs for better debugging * banned TS type assertions and updated linter

* create separate env dirs when creating new envs * fix failing tests * fix rebase conflict * fix access token storage path, improved teardown cleanup * removed yargs from common * remove yargs and revert to backward compatible dataPath * refactored modules to be dynamic, removing the need for environment variables to accurately load extensions * Return of the global config, much better * systemProvider createEnv and getEnv tests * pass config to load property in system provider test Co-authored-by: Hugo Bove <hugo.bove@neotechnology.com>

* Update table fields on environment:list * Add manifest entity * Add manifest entity to DBMSs * Add manifest entity to projects * Rename model files, make manifest readonly * Add manifest tests * Add util to get manifest name * Fix broken import

* Types: add Dict.assign * Add metadata to entity manifest * CLI: update output to include metadata * Allow passing multiple keys to Dict.omit * Update signature of metadata methods

* Update docs * Bump code signer

* Create test util to create environments * Start running tests in separate environments * Disallow new expression with TestEnvironment

* Add method to unlink projects * Make nameOrId argument consistent across project operations * Fix broken links showing as existing projects * Refactor dbmss.link and projects.link * Add more link tests * Update CLI commands * Update docs * Fix broken tests * Always set encoding when reading or writing JSON

* Copy import folder on DBMS upgrades * Allow getting, setting, and removing metadata from WebModule * Add tests

- @relate/cli@1.0.2-alpha.16 - @relate/client@1.0.2-alpha.11 - @relate/common@1.0.2-alpha.16 - @relate/electron@1.0.2-alpha.17 - @relate/types@1.0.2-alpha.11 - @relate/web@1.0.2-alpha.17

- @relate/cli@1.0.2-alpha.17 - @relate/common@1.0.2-alpha.17 - @relate/electron@1.0.2-alpha.18 - @relate/web@1.0.2-alpha.18

Neo Technology Build Agent and others added 30 commits October 22, 2020 09:38

Merge branch 'release'

a9fd803

Publish

a27d760

- @relate/electron@1.0.2-alpha.16 - @relate/web@1.0.2-alpha.16

Merge branch 'release'

2d5fd6b

Fix package locks on publish (#222)

8e816a1

* Sync package locks on publish * Fix package locks * Fix npm audit issues

Feature remote STATIC extensions (#223)

a5b6ae7

* Updated relate client parameters and added support for remote STATIC apps * fix broken test * disable concurrent tests again * changes from review

Add xvfb script for Docker tests (#224)

6931218

* Fix setup script hanging on errors * Add xvfb script for Docker tests

Rfc relate client (#225)

fdb0c7f

* created relate client RFC * added link to PR * update RFC

Add server status to infoDbmss, make all CLI flags camel case (#227)

2228921

* Web: add online check and server status to infoDbmss * CLI: make flag casing consistent across commands And add onlineCheck flag to dbms:info * CLI: remove duplicate calls to dbmss.info * CLI: fix docs links

common/extensions install and web/extensions.e2e tests (#219)

f32d9df

Chore separate access token files (#226)

f5d6442

* now saving access tokens in separate files * changes from review * added dump logs for better debugging * banned TS type assertions and updated linter

add force flag for overwriting project files (#228)

33b4fda

Update @relate/types readme links

32c513d

Cleaned up backup.local implementation (#230)

88979d3

Update relate-client.rfc.md

bc21173

Update relate-extensions.rfc.md

5c61537

Add metadata field to entity manifests (#232)

529df71

* Types: add Dict.assign * Add metadata to entity manifest * CLI: update output to include metadata * Allow passing multiple keys to Dict.omit * Update signature of metadata methods

Update docs and bump code-signer (#233)

a2bb033

* Update docs * Bump code signer

add is-symlink check and update project and dbms link logic (#234)

5b9f477

ensure global Relate data path exists before write file (#235)

f9146b3

Start running tests in separate environments (#237)

870763a

* Create test util to create environments * Start running tests in separate environments * Disallow new expression with TestEnvironment

Add resolvers for getting/setting/removing metadata and tags (#238)

a87e180

* Copy import folder on DBMS upgrades * Allow getting, setting, and removing metadata from WebModule * Add tests

Publish

621ccac

- @relate/cli@1.0.2-alpha.16 - @relate/client@1.0.2-alpha.11 - @relate/common@1.0.2-alpha.16 - @relate/electron@1.0.2-alpha.17 - @relate/types@1.0.2-alpha.11 - @relate/web@1.0.2-alpha.17

Add flag for merging fields on manifest update (#241)

c593414

Publish

a50238c

- @relate/cli@1.0.2-alpha.17 - @relate/common@1.0.2-alpha.17 - @relate/electron@1.0.2-alpha.18 - @relate/web@1.0.2-alpha.18

Install sample projects (#245)

33f4595

renovate Bot changed the title ~~fix(deps): update dependency @nestjs/common [security]~~ fix(deps): update dependency @nestjs/common to v10 [security] Jul 28, 2025

renovate Bot force-pushed the renovate/npm-nestjs-common-vulnerability branch from d69c8c7 to ba15370 Compare August 10, 2025 13:49

renovate Bot changed the title ~~fix(deps): update dependency @nestjs/common to v10 [security]~~ fix(deps): update dependency @nestjs/common [security] Aug 10, 2025

renovate Bot force-pushed the renovate/npm-nestjs-common-vulnerability branch from ba15370 to 7337d3a Compare August 10, 2025 16:39

renovate Bot changed the title ~~fix(deps): update dependency @nestjs/common [security]~~ fix(deps): update dependency @nestjs/common to v10 [security] Aug 10, 2025

renovate Bot force-pushed the renovate/npm-nestjs-common-vulnerability branch from 7337d3a to 028b7bb Compare August 13, 2025 17:30

renovate Bot changed the title ~~fix(deps): update dependency @nestjs/common to v10 [security]~~ fix(deps): update dependency @nestjs/common [security] Aug 13, 2025

renovate Bot force-pushed the renovate/npm-nestjs-common-vulnerability branch from 028b7bb to 3474232 Compare August 13, 2025 22:30

renovate Bot changed the title ~~fix(deps): update dependency @nestjs/common [security]~~ fix(deps): update dependency @nestjs/common to v10 [security] Aug 13, 2025

renovate Bot force-pushed the renovate/npm-nestjs-common-vulnerability branch from 3474232 to 22485ec Compare August 19, 2025 13:03

renovate Bot changed the title ~~fix(deps): update dependency @nestjs/common to v10 [security]~~ fix(deps): update dependency @nestjs/common [security] Aug 19, 2025

renovate Bot force-pushed the renovate/npm-nestjs-common-vulnerability branch from 22485ec to d5df4a2 Compare August 19, 2025 21:35

renovate Bot changed the title ~~fix(deps): update dependency @nestjs/common [security]~~ fix(deps): update dependency @nestjs/common to v10 [security] Aug 19, 2025

renovate Bot force-pushed the renovate/npm-nestjs-common-vulnerability branch from d5df4a2 to 209b04b Compare August 31, 2025 10:25

renovate Bot changed the title ~~fix(deps): update dependency @nestjs/common to v10 [security]~~ fix(deps): update dependency @nestjs/common [security] Aug 31, 2025

renovate Bot force-pushed the renovate/npm-nestjs-common-vulnerability branch from 209b04b to 34a1601 Compare August 31, 2025 14:43

renovate Bot changed the title ~~fix(deps): update dependency @nestjs/common [security]~~ fix(deps): update dependency @nestjs/common to v10 [security] Aug 31, 2025

renovate Bot force-pushed the renovate/npm-nestjs-common-vulnerability branch from 34a1601 to 650df97 Compare September 25, 2025 16:31

renovate Bot changed the title ~~fix(deps): update dependency @nestjs/common to v10 [security]~~ fix(deps): update dependency @nestjs/common [security] Sep 25, 2025

renovate Bot force-pushed the renovate/npm-nestjs-common-vulnerability branch from 650df97 to a88624b Compare September 25, 2025 22:57

renovate Bot changed the title ~~fix(deps): update dependency @nestjs/common [security]~~ fix(deps): update dependency @nestjs/common to v10 [security] Sep 25, 2025

renovate Bot force-pushed the renovate/npm-nestjs-common-vulnerability branch from a88624b to 20eb45f Compare October 9, 2025 10:55

renovate Bot changed the title ~~fix(deps): update dependency @nestjs/common to v10 [security]~~ fix(deps): update dependency @nestjs/common [security] Oct 9, 2025

renovate Bot changed the title ~~fix(deps): update dependency @nestjs/common [security]~~ fix(deps): update dependency @nestjs/common to v10 [security] Oct 9, 2025

renovate Bot force-pushed the renovate/npm-nestjs-common-vulnerability branch from 20eb45f to 9b16fa1 Compare October 9, 2025 15:30

renovate Bot force-pushed the renovate/npm-nestjs-common-vulnerability branch from 9b16fa1 to 2ebdc35 Compare October 21, 2025 15:44

renovate Bot changed the title ~~fix(deps): update dependency @nestjs/common to v10 [security]~~ fix(deps): update dependency @nestjs/common [security] Oct 21, 2025

renovate Bot force-pushed the renovate/npm-nestjs-common-vulnerability branch from 2ebdc35 to bdcd59d Compare October 22, 2025 02:40

renovate Bot changed the title ~~fix(deps): update dependency @nestjs/common [security]~~ fix(deps): update dependency @nestjs/common to v10 [security] Oct 22, 2025

Update dependency @nestjs/common to v10 [SECURITY]

8b940e5

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update dependency @nestjs/common [SECURITY]#521

Update dependency @nestjs/common [SECURITY]#521
renovate[bot] wants to merge 634 commits into
masterfrom
renovate/npm-nestjs-common-vulnerability

renovate Bot commented Apr 11, 2025 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants

Conversation

renovate Bot commented Apr 11, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

nest allows a remote attacker to execute arbitrary code via the Content-Type header

Details

Severity

References

Release Notes

What's Changed

v10.4.15 (2024-12-09)

Dependencies

v10.4.13 (2024-12-03)

Bug fixes

Dependencies

Committers: 3

v10.4.12 (2024-11-29)

Bug fixes

Dependencies

Committers: 1

v10.4.10 (2024-11-27)

Bug fixes

Dependencies

Committers: 1

v10.4.9 (2024-11-25)

Bug fixes

Enhancements

Dependencies

Committers: 7

v10.4.8 (2024-11-15)

Bug fixes

Enhancements

Committers: 3

v10.4.5 (2024-10-16)

Dependencies

Committers: 5

v10.4.2 (2024-09-16)

Dependencies

Committers: 3

v10.3.10 (2024-07-01)

Bug fixes

Enhancements

Dependencies

Committers: 4

v10.3.9 (2024-06-03)

Bug fixes

Enhancements

Docs

Dependencies

Configuration

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants

renovate Bot commented Apr 11, 2025 •

edited

Loading