chore(deps): update dependency @nestjs/core to v9 [security] - autoclosed

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@nestjs/core (source)	8.4.7 -> 9.0.5

GitHub Vulnerability Alerts

CVE-2023-26108

Versions of the package @​nestjs/core before 9.0.5 are vulnerable to Information Exposure via the StreamableFile pipe. Exploiting this vulnerability is possible when the client cancels a request while it is streaming a StreamableFile, the stream wrapped by the StreamableFile will be kept open.

---

Release Notes

nestjs/nest (@​nestjs/core)

v9.0.5

Compare Source

v9.0.5 (2022-07-20)

Bug fixes

• common, platform-express
  • #​9819 fix: use pipeline over stream.pipe (@​jmcdo29)

Enhancements

• microservices
  • #​9798 feat(microservices): add noAssert option for RMQ connection (@​frankmangone)
  • #​9954 feat(microservices): add Kafka heartbeat callback to KafkaContext (@​kosh-b)
• platform-express, platform-fastify
  • #​9926 fix(express,fastify): raw body for urlencoded requests (@​tolgap)

Dependencies

• Other
  • #​9959 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/30-event-emitter (@​dependabot[bot])
  • #​9960 chore(deps): bump terser from 5.14.1 to 5.14.2 in /sample/32-graphql-federation-schema-first/users-application (@​dependabot[bot])
  • #​9961 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/31-graphql-federation-code-first/gateway (@​dependabot[bot])
  • #​9962 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/31-graphql-federation-code-first/users-application (@​dependabot[bot])
  • #​9963 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/32-graphql-federation-schema-first/posts-application (@​dependabot[bot])
  • #​9964 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/32-graphql-federation-schema-first/gateway (@​dependabot[bot])
  • #​9965 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/29-file-upload (@​dependabot[bot])
  • #​9966 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/28-sse (@​dependabot[bot])
  • #​9967 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/31-graphql-federation-code-first/posts-application (@​dependabot[bot])
  • #​9951 chore(deps-dev): bump mongoose from 6.4.4 to 6.4.5 (@​dependabot[bot])
  • #​9952 chore(deps-dev): bump concurrently from 7.2.2 to 7.3.0 (@​dependabot[bot])
• platform-fastify
  • #​9950 chore(deps): bump light-my-request from 5.1.0 to 5.2.0 (@​dependabot[bot])

Committers: 4

• Franco Mangone (@​frankmangone)
• Jay McDoniel (@​jmcdo29)
• Tolga Paksoy (@​tolgap)
• @​kosh-b

v9.0.4

Compare Source

v9.0.3

Compare Source

v9.0.2

Compare Source

v9.0.2

Bug fixes

• common
  • #​9904 fix(common): Fix CacheModule registerAsync (@​tugascript)

Enhancements

• core
  • #​9902 refactor(core): replace our own 1-level flatten by the native one (@​micalevisk)

Dependencies

• #​9906 chore(deps-dev): bump mongoose from 6.4.3 to 6.4.4 (@​dependabot[bot])
• #​9908 chore(deps-dev): bump cache-manager from 4.0.1 to 4.1.0 (@​dependabot[bot])
• #​9910 chore(deps-dev): bump @​nestjs/graphql from 10.0.16 to 10.0.18 (@​dependabot[bot])
• #​9911 chore(deps-dev): bump core-js from 3.23.3 to 3.23.4 (@​dependabot[bot])

Committers: 3

• Afonso Barracha (@​tugascript)
• Antonio T. alias Tony (@​Tony133)
• Micael Levi L. Cavalcante (@​micalevisk)

v9.0.1

Compare Source

v9.0.0

Compare Source

v9.0.0 (2022-07-08)

Article: https://trilon.io/blog/nestjs-9-is-now-available

Migration guide: https://docs.nestjs.com/migration-guide

Features

• common
  • #​9718 Feature/4752 file validators pipe (@​thiagomini)
  • #​9534 feat(core): add configurable module builder, module utils (@​kamilmysliwiec)
• common, core
  • #​9684 feat(core): read–eval–print loop feature (@​kamilmysliwiec)
  • #​9697 feat(core): add durable providers feature (@​kamilmysliwiec)

Bug fixes

• microservices
  • #​9674 fix(microservices): Fixed typings for MessageHandler (@​dkonasov)
  • #​9587 fix(microservices): revert grpc client interceptors (grpc-specific) (@​kamilmysliwiec)

Enhancements

• common, core, platform-express, platform-fastify
  • #​8802 fix: only send exception responses if header is not already sent (@​wSedlacek)
  • #​9591 feat(common,core): make HttpServer#applyVersionFilter mandatory (@​micalevisk)
• common
  • #​9705 feat(common): Add error chaining support to http exception (@​vinnymac)
  • #​9383 feat(common): disallow usage of inject on class and value providers at type level (@​micalevisk)
  • #​9023 fix: fix factory provider definition (@​ZanMinKian)
  • #​8459 fix(common): ParseUUIDPipe - throw exceptions with exceptionFactory only (@​titivuk)
• microservices
  • #​9681 fix(microservices): allow postfixId on KafkaOptions to be an empty string (@​micalevisk)
  • #​8798 feat(microservices): migrate redis transporter to internally use ioredis package (@​kamilmysliwiec)
  • #​9586 feat(microservices): add kafka retriable exception, auto-unwrap payloads (@​kamilmysliwiec)
• core
  • #​9720 fix(core): prevent renaming global providers and modules in the repl (@​micalevisk)
  • #​9596 feat(core): throw an exception instead of logging due to module import misusage (@​micalevisk)
• common, core, microservices
  • #​9604 refactor(common,core,microservices): drop all deprecated methods (@​micalevisk)
• core, websockets
  • #​9491 feat(core,websockets): use rxjs to check if values are observables (@​micalevisk)

Dependencies

• Other
  • #​9885 chore(deps-dev): bump @​fastify/static from 5.0.0 to 6.4.0 (@​dependabot[bot])
  • #​9883 chore(deps-dev): bump ioredis from 5.0.4 to 5.1.0 (@​dependabot[bot])
  • #​9884 chore(deps-dev): bump nodemon from 2.0.18 to 2.0.19 (@​dependabot[bot])
  • #​9886 chore(deps-dev): bump supertest from 6.2.3 to 6.2.4 (@​dependabot[bot])
  • #​9888 chore(deps-dev): bump @​types/cache-manager from 4.0.0 to 4.0.1 (@​dependabot[bot])
  • #​9889 chore(deps): bump cli-color from 2.0.2 to 2.0.3 (@​dependabot[bot])
  • #​9890 chore(deps-dev): bump @​types/node from 18.0.0 to 18.0.3 (@​dependabot[bot])
  • #​9882 chore(deps-dev): bump @​fastify/multipart from 6.0.0 to 7.1.0 (@​dependabot[bot])
  • #​9869 chore(deps): bump fast-json-stringify from 5.0.1 to 5.0.6 (@​dependabot[bot])
  • #​9851 chore(deps-dev): bump kafkajs from 2.0.2 to 2.1.0 (@​dependabot[bot])
  • #​9848 chore(deps-dev): bump graphql-tools from 8.2.13 to 8.3.0 (@​dependabot[bot])
  • #​9837 chore(deps-dev): bump @​commitlint/config-angular from 17.0.0 to 17.0.3 (@​dependabot[bot])
  • #​9871 chore(deps-dev): bump redis from 3.1.2 to 4.2.0 (@​dependabot[bot])
  • #​9870 chore(deps-dev): bump mongoose from 6.4.0 to 6.4.3 (@​dependabot[bot])
  • #​9852 chore(deps-dev): bump @​types/sinon from 10.0.11 to 10.0.12 (@​dependabot[bot])
  • #​9766 chore(deps): bump middie from 6.1.0 to 7.1.0 (@​dependabot[bot])
  • #​9876 chore(deps): bump moment from 2.29.2 to 2.29.4 in /sample/07-sequelize (@​dependabot[bot])
  • #​9875 chore(deps): bump moment from 2.29.2 to 2.29.4 in /sample/26-queues (@​dependabot[bot])
  • #​9877 chore(deps): bump moment from 2.29.2 to 2.29.4 in /sample/27-scheduling (@​dependabot[bot])
  • #​9878 chore(deps): bump moment from 2.29.2 to 2.29.4 (@​dependabot[bot])
  • #​9838 chore(deps-dev): bump core-js from 3.23.2 to 3.23.3 (@​dependabot[bot])
  • #​9839 chore(deps-dev): bump @​commitlint/cli from 17.0.2 to 17.0.3 (@​dependabot[bot])
  • #​9841 chore(deps-dev): bump lint-staged from 13.0.2 to 13.0.3 (@​dependabot[bot])
  • #​9830 chore(deps-dev): bump nodemon from 2.0.16 to 2.0.18 (@​dependabot[bot])
  • #​9828 chore(deps): bump fast-json-stringify from 4.2.0 to 5.0.1 (@​dependabot[bot])
  • #​9827 chore(deps-dev): bump graphql-tools from 8.2.12 to 8.2.13 (@​dependabot[bot])
  • #​9815 chore(deps-dev): bump core-js from 3.23.1 to 3.23.2 (@​dependabot[bot])
  • #​9796 chore(deps-dev): bump prettier from 2.7.0 to 2.7.1 (@​dependabot[bot])
  • #​9807 chore(deps-dev): bump mongoose from 6.3.8 to 6.4.0 (@​dependabot[bot])
  • #​9808 chore(deps-dev): bump typescript from 4.7.3 to 4.7.4 (@​dependabot[bot])
  • #​9791 chore(deps-dev): bump apollo-server-core from 3.8.2 to 3.9.0 (@​dependabot[bot])
  • #​9790 chore(deps-dev): bump @​nestjs/apollo from 10.0.14 to 10.0.16 (@​dependabot[bot])
  • #​9787 chore(deps-dev): bump apollo-server-express from 3.8.2 to 3.9.0 (@​dependabot[bot])
  • #​9788 chore(deps-dev): bump @​types/node from 17.0.43 to 18.0.0 (@​dependabot[bot])
  • #​9792 chore(deps-dev): bump @​nestjs/graphql from 10.0.15 to 10.0.16 (@​dependabot[bot])
  • #​9794 chore(deps-dev): bump lint-staged from 13.0.1 to 13.0.2 (@​dependabot[bot])
  • #​9779 chore(deps-dev): bump concurrently from 7.2.1 to 7.2.2 (@​dependabot[bot])
  • #​9780 chore(deps-dev): bump @​types/node from 17.0.42 to 17.0.43 (@​dependabot[bot])
  • #​9781 chore(deps-dev): bump core-js from 3.23.0 to 3.23.1 (@​dependabot[bot])
  • #​9782 chore(deps-dev): bump @​nestjs/mongoose from 9.1.0 to 9.1.1 (@​dependabot[bot])
  • #​9772 chore(deps-dev): bump prettier from 2.6.2 to 2.7.0 (@​dependabot[bot])
  • #​9734 chore(deps-dev): bump ts-node from 10.8.0 to 10.8.1 (@​dependabot[bot])
  • #​9761 chore(deps): bump fast-json-stringify from 4.1.0 to 4.2.0 (@​dependabot[bot])
  • #​9771 chore(deps-dev): bump core-js from 3.22.8 to 3.23.0 (@​dependabot[bot])
  • #​9773 chore(deps-dev): bump @​types/cache-manager from 3.4.3 to 4.0.0 (@​dependabot[bot])
  • #​9522 chore(deps-dev): bump mocha from 9.2.2 to 10.0.0 (@​dependabot[bot])
• platform-fastify
  • #​9853 chore(deps): bump fastify from 3.29.0 to 4.2.0 (@​dependabot[bot])
• microservices, testing
  • #​9825 chore(deps): update dependency got to 11.8.5 [security] (@​renovate[bot])
• platform-ws
  • #​9770 chore(deps): bump ws from 8.7.0 to 8.8.0 (@​dependabot[bot])

Committers: 13

• Dylan Lundy (@​diesal11)
• Kamil Mysliwiec (@​kamilmysliwiec)
• Kanstantsin Tatarchuk (@​titivuk)
• Marcin Wojciechowski (@​Wojciechowski-Marcin)
• Micael Levi L. Cavalcante (@​micalevisk)
• Thiago Valentim (@​thiagomini)
• Vincent Taverna (@​vinnymac)
• William Sedlacek (@​wSedlacek)
• @​chunghha
• @​dkonasov
• @​yevgeniypak
• 曾明健 (@​ZanMinKian)
• 정우병 (@​woobottle)

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud