Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade @nestjs/graphql from 6.6.2 to 7.3.8 #57

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade @nestjs/graphql from 6.6.2 to 7.3.8 #57

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link
Contributor

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @nestjs/graphql The new version differs by 250 commits.
  • c5b6057 chore(): release v7.3.8
  • 590c2ad Merge branch 'kylecannon-defaultValueRegression'
  • fc2a157 fix(): use default value in object types
  • 6b4af75 Merge branch 'defaultValueRegression' of https://github.com/kylecannon/graphql into kylecannon-defaultValueRegression
  • fb84863 Merge pull request #873 from nestjs/renovate/nestjs-mapped-types-0.x
  • 5b1b126 fix(deps): update dependency @ nestjs/mapped-types to v0.0.4
  • 3aa23e8 chore(deps): update dependency @ types/jest to v25.2.2
  • 19bf326 show regression of defaultValue not providing defaultValue along with it being considered nullable when it shouldnt be
  • 3b62e8d chore(deps): update typescript-eslint monorepo to v2.33.0
  • 80e9fb8 chore(deps): update nest monorepo to v7.0.11
  • 01ee594 chore(deps): update apollo graphql packages to v2.13.1
  • 8099c53 chore(deps): update typescript-eslint monorepo to v2.32.0
  • ba1cbb1 chore(deps): update dependency ts-jest to v25.5.1
  • ec85319 chore(deps): update dependency eslint to v7
  • 900ab1b Merge pull request #844 from nestjs/renovate/apollo-federation-0.x
  • 2229686 chore(deps): update dependency @ apollo/federation to v0.15.0
  • 0530e92 Merge pull request #845 from nestjs/renovate/apollo-gateway-0.x
  • e1caaa8 Merge pull request #850 from danielsantiago/master
  • a8a5371 Merge pull request #851 from nestjs/renovate/tslib-1.x
  • 420be79 fix(): override req property only if not an object
  • 26def3c Merge branch 'master' of https://github.com/nestjs/graphql
  • 9919343 fix(): fix typo in field options interface
  • f41b76c chore(deps): update dependency ts-jest to v25.5.0
  • 120de2e fix(deps): update dependency tslib to v1.11.2

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
馃 View latest project report

馃洜 Adjust project settings

馃摎 Read more about Snyk's upgrade and patch logic

@snyk-bot
fix: package.json to reduce vulnerabilities
d44fb12 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@snyk-bot