build(deps): update dependency @nestjs/core to v9 [security] by renovate[bot] · Pull Request #1331 · Discoin/api-v3

renovate · 2024-08-06T10:07:02Z

This PR contains the following updates:

Package	Change	Age	Confidence
@nestjs/core (source)	`8.4.7` → `9.0.5`

GitHub Vulnerability Alerts

CVE-2023-26108

Versions of the package @nestjs/core before 9.0.5 are vulnerable to Information Exposure via the StreamableFile pipe. Exploiting this vulnerability is possible when the client cancels a request while it is streaming a StreamableFile, the stream wrapped by the StreamableFile will be kept open.

Release Notes

nestjs/nest (@nestjs/core)

`v9.0.5`

Compare Source

v9.0.5 (2022-07-20)

Bug fixes

common, platform-express
- #9819 fix: use pipeline over stream.pipe (@jmcdo29)

Enhancements

microservices
- #9798 feat(microservices): add noAssert option for RMQ connection (@frankmangone)
- #9954 feat(microservices): add Kafka heartbeat callback to KafkaContext (@kosh-b)
platform-express, platform-fastify
- #9926 fix(express,fastify): raw body for urlencoded requests (@tolgap)

Dependencies

Other
- #9959 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/30-event-emitter (@dependabot[bot])
- #9960 chore(deps): bump terser from 5.14.1 to 5.14.2 in /sample/32-graphql-federation-schema-first/users-application (@dependabot[bot])
- #9961 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/31-graphql-federation-code-first/gateway (@dependabot[bot])
- #9962 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/31-graphql-federation-code-first/users-application (@dependabot[bot])
- #9963 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/32-graphql-federation-schema-first/posts-application (@dependabot[bot])
- #9964 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/32-graphql-federation-schema-first/gateway (@dependabot[bot])
- #9965 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/29-file-upload (@dependabot[bot])
- #9966 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/28-sse (@dependabot[bot])
- #9967 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/31-graphql-federation-code-first/posts-application (@dependabot[bot])
- #9951 chore(deps-dev): bump mongoose from 6.4.4 to 6.4.5 (@dependabot[bot])
- #9952 chore(deps-dev): bump concurrently from 7.2.2 to 7.3.0 (@dependabot[bot])
platform-fastify
- #9950 chore(deps): bump light-my-request from 5.1.0 to 5.2.0 (@dependabot[bot])

Committers: 4

Franco Mangone (@frankmangone)
Jay McDoniel (@jmcdo29)
Tolga Paksoy (@tolgap)
@kosh-b

v9.0.2

Bug fixes

common
- #9904 fix(common): Fix CacheModule registerAsync (@tugascript)

Enhancements

core
- #9902 refactor(core): replace our own 1-level flatten by the native one (@micalevisk)

Dependencies

#9906 chore(deps-dev): bump mongoose from 6.4.3 to 6.4.4 (@dependabot[bot])
#9908 chore(deps-dev): bump cache-manager from 4.0.1 to 4.1.0 (@dependabot[bot])
#9910 chore(deps-dev): bump @nestjs/graphql from 10.0.16 to 10.0.18 (@dependabot[bot])
#9911 chore(deps-dev): bump core-js from 3.23.3 to 3.23.4 (@dependabot[bot])

Committers: 3

Afonso Barracha (@tugascript)
Antonio T. alias Tony (@Tony133)
Micael Levi L. Cavalcante (@micalevisk)

`v9.0.1`

Compare Source

`v9.0.0`

Compare Source

v9.0.0 (2022-07-08)

Article: https://trilon.io/blog/nestjs-9-is-now-available

Migration guide: https://docs.nestjs.com/migration-guide

Features

common
- #9718 Feature/4752 file validators pipe (@thiagomini)
- #9534 feat(core): add configurable module builder, module utils (@kamilmysliwiec)
common, core
- #9684 feat(core): read–eval–print loop feature (@kamilmysliwiec)
- #9697 feat(core): add durable providers feature (@kamilmysliwiec)

Bug fixes

microservices
- #9674 fix(microservices): Fixed typings for MessageHandler (@dkonasov)
- #9587 fix(microservices): revert grpc client interceptors (grpc-specific) (@kamilmysliwiec)

Enhancements

common, core, platform-express, platform-fastify
- #8802 fix: only send exception responses if header is not already sent (@wSedlacek)
- #9591 feat(common,core): make HttpServer#applyVersionFilter mandatory (@micalevisk)
common
- #9705 feat(common): Add error chaining support to http exception (@vinnymac)
- #9383 feat(common): disallow usage of inject on class and value providers at type level (@micalevisk)
- #9023 fix: fix factory provider definition (@ZanMinKian)
- #8459 fix(common): ParseUUIDPipe - throw exceptions with exceptionFactory only (@titivuk)
microservices
- #9681 fix(microservices): allow postfixId on KafkaOptions to be an empty string (@micalevisk)
- #8798 feat(microservices): migrate redis transporter to internally use ioredis package (@kamilmysliwiec)
- #9586 feat(microservices): add kafka retriable exception, auto-unwrap payloads (@kamilmysliwiec)
core
- #9720 fix(core): prevent renaming global providers and modules in the repl (@micalevisk)
- #9596 feat(core): throw an exception instead of logging due to module import misusage (@micalevisk)
common, core, microservices
- #9604 refactor(common,core,microservices): drop all deprecated methods (@micalevisk)
core, websockets
- #9491 feat(core,websockets): use rxjs to check if values are observables (@micalevisk)

Dependencies

Other
- #9885 chore(deps-dev): bump @fastify/static from 5.0.0 to 6.4.0 (@dependabot[bot])
- #9883 chore(deps-dev): bump ioredis from 5.0.4 to 5.1.0 (@dependabot[bot])
- #9884 chore(deps-dev): bump nodemon from 2.0.18 to 2.0.19 (@dependabot[bot])
- #9886 chore(deps-dev): bump supertest from 6.2.3 to 6.2.4 (@dependabot[bot])
- #9888 chore(deps-dev): bump @types/cache-manager from 4.0.0 to 4.0.1 (@dependabot[bot])
- #9889 chore(deps): bump cli-color from 2.0.2 to 2.0.3 (@dependabot[bot])
- #9890 chore(deps-dev): bump @types/node from 18.0.0 to 18.0.3 (@dependabot[bot])
- #9882 chore(deps-dev): bump @fastify/multipart from 6.0.0 to 7.1.0 (@dependabot[bot])
- #9869 chore(deps): bump fast-json-stringify from 5.0.1 to 5.0.6 (@dependabot[bot])
- #9851 chore(deps-dev): bump kafkajs from 2.0.2 to 2.1.0 (@dependabot[bot])
- #9848 chore(deps-dev): bump graphql-tools from 8.2.13 to 8.3.0 (@dependabot[bot])
- #9837 chore(deps-dev): bump @commitlint/config-angular from 17.0.0 to 17.0.3 (@dependabot[bot])
- #9871 chore(deps-dev): bump redis from 3.1.2 to 4.2.0 (@dependabot[bot])
- #9870 chore(deps-dev): bump mongoose from 6.4.0 to 6.4.3 (@dependabot[bot])
- #9852 chore(deps-dev): bump @types/sinon from 10.0.11 to 10.0.12 (@dependabot[bot])
- #9766 chore(deps): bump middie from 6.1.0 to 7.1.0 (@dependabot[bot])
- #9876 chore(deps): bump moment from 2.29.2 to 2.29.4 in /sample/07-sequelize (@dependabot[bot])
- #9875 chore(deps): bump moment from 2.29.2 to 2.29.4 in /sample/26-queues (@dependabot[bot])
- #9877 chore(deps): bump moment from 2.29.2 to 2.29.4 in /sample/27-scheduling (@dependabot[bot])
- #9878 chore(deps): bump moment from 2.29.2 to 2.29.4 (@dependabot[bot])
- #9838 chore(deps-dev): bump core-js from 3.23.2 to 3.23.3 (@dependabot[bot])
- #9839 chore(deps-dev): bump @commitlint/cli from 17.0.2 to 17.0.3 (@dependabot[bot])
- #9841 chore(deps-dev): bump lint-staged from 13.0.2 to 13.0.3 (@dependabot[bot])
- #9830 chore(deps-dev): bump nodemon from 2.0.16 to 2.0.18 (@dependabot[bot])
- #9828 chore(deps): bump fast-json-stringify from 4.2.0 to 5.0.1 (@dependabot[bot])
- #9827 chore(deps-dev): bump graphql-tools from 8.2.12 to 8.2.13 (@dependabot[bot])
- #9815 chore(deps-dev): bump core-js from 3.23.1 to 3.23.2 (@dependabot[bot])
- #9796 chore(deps-dev): bump prettier from 2.7.0 to 2.7.1 (@dependabot[bot])
- #9807 chore(deps-dev): bump mongoose from 6.3.8 to 6.4.0 (@dependabot[bot])
- #9808 chore(deps-dev): bump typescript from 4.7.3 to 4.7.4 (@dependabot[bot])
- #9791 chore(deps-dev): bump apollo-server-core from 3.8.2 to 3.9.0 (@dependabot[bot])
- #9790 chore(deps-dev): bump @nestjs/apollo from 10.0.14 to 10.0.16 (@dependabot[bot])
- #9787 chore(deps-dev): bump apollo-server-express from 3.8.2 to 3.9.0 (@dependabot[bot])
- #9788 chore(deps-dev): bump @types/node from 17.0.43 to 18.0.0 (@dependabot[bot])
- #9792 chore(deps-dev): bump @nestjs/graphql from 10.0.15 to 10.0.16 (@dependabot[bot])
- #9794 chore(deps-dev): bump lint-staged from 13.0.1 to 13.0.2 (@dependabot[bot])
- #9779 chore(deps-dev): bump concurrently from 7.2.1 to 7.2.2 (@dependabot[bot])
- #9780 chore(deps-dev): bump @types/node from 17.0.42 to 17.0.43 (@dependabot[bot])
- #9781 chore(deps-dev): bump core-js from 3.23.0 to 3.23.1 (@dependabot[bot])
- #9782 chore(deps-dev): bump @nestjs/mongoose from 9.1.0 to 9.1.1 (@dependabot[bot])
- #9772 chore(deps-dev): bump prettier from 2.6.2 to 2.7.0 (@dependabot[bot])
- #9734 chore(deps-dev): bump ts-node from 10.8.0 to 10.8.1 (@dependabot[bot])
- #9761 chore(deps): bump fast-json-stringify from 4.1.0 to 4.2.0 (@dependabot[bot])
- #9771 chore(deps-dev): bump core-js from 3.22.8 to 3.23.0 (@dependabot[bot])
- #9773 chore(deps-dev): bump @types/cache-manager from 3.4.3 to 4.0.0 (@dependabot[bot])
- #9522 chore(deps-dev): bump mocha from 9.2.2 to 10.0.0 (@dependabot[bot])
platform-fastify
- #9853 chore(deps): bump fastify from 3.29.0 to 4.2.0 (@dependabot[bot])
microservices, testing
- #9825 chore(deps): update dependency got to 11.8.5 [security] (@renovate[bot])
platform-ws
- #9770 chore(deps): bump ws from 8.7.0 to 8.8.0 (@dependabot[bot])

Committers: 13

Dylan Lundy (@diesal11)
Kamil Mysliwiec (@kamilmysliwiec)
Kanstantsin Tatarchuk (@titivuk)
Marcin Wojciechowski (@Wojciechowski-Marcin)
Micael Levi L. Cavalcante (@micalevisk)
Thiago Valentim (@thiagomini)
Vincent Taverna (@vinnymac)
William Sedlacek (@wSedlacek)
@chunghha
@dkonasov
@yevgeniypak
曾明健 (@ZanMinKian)
정우병 (@woobottle)

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate bot added the dependencies Pull requests that update a dependency file label Aug 6, 2024

renovate bot force-pushed the renovate/npm-nestjs-core-vulnerability branch 2 times, most recently from 1e383cf to 5fc0947 Compare August 10, 2025 14:09

renovate bot force-pushed the renovate/npm-nestjs-core-vulnerability branch from 5fc0947 to 1249f0a Compare August 24, 2025 19:56

renovate bot force-pushed the renovate/npm-nestjs-core-vulnerability branch from 1249f0a to 7ad51e5 Compare September 1, 2025 05:45

renovate bot force-pushed the renovate/npm-nestjs-core-vulnerability branch from 7ad51e5 to fe8f3d0 Compare September 25, 2025 14:31

renovate bot force-pushed the renovate/npm-nestjs-core-vulnerability branch from fe8f3d0 to 3c021cd Compare October 23, 2025 06:33

renovate bot force-pushed the renovate/npm-nestjs-core-vulnerability branch from 3c021cd to 9ef5cb8 Compare November 10, 2025 20:51

renovate bot force-pushed the renovate/npm-nestjs-core-vulnerability branch from 9ef5cb8 to 88d3ddb Compare December 3, 2025 16:57

renovate bot force-pushed the renovate/npm-nestjs-core-vulnerability branch from 88d3ddb to 7724e8a Compare December 31, 2025 12:14

renovate bot force-pushed the renovate/npm-nestjs-core-vulnerability branch from 7724e8a to 9e165f0 Compare January 19, 2026 15:30

build(deps): update dependency @nestjs/core to v9 [security]

fb7d228

renovate bot force-pushed the renovate/npm-nestjs-core-vulnerability branch from 9e165f0 to fb7d228 Compare February 2, 2026 14:50

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): update dependency @nestjs/core to v9 [security]#1331

build(deps): update dependency @nestjs/core to v9 [security]#1331
renovate[bot] wants to merge 1 commit intomasterfrom
renovate/npm-nestjs-core-vulnerability

renovate bot commented Aug 6, 2024 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

renovate bot commented Aug 6, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

GitHub Vulnerability Alerts

CVE-2023-26108

Release Notes

v9.0.5

v9.0.5 (2022-07-20)

Bug fixes

Enhancements

Dependencies

Committers: 4

v9.0.4

v9.0.3

v9.0.2

v9.0.2

Bug fixes

Enhancements

Dependencies

Committers: 3

v9.0.1

v9.0.0

v9.0.0 (2022-07-08)

Article: https://trilon.io/blog/nestjs-9-is-now-available

Migration guide: https://docs.nestjs.com/migration-guide

Features

Bug fixes

Enhancements

Dependencies

Committers: 13

Configuration

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

renovate bot commented Aug 6, 2024 •

edited

Loading

`v9.0.5`

`v9.0.4`

`v9.0.3`

`v9.0.2`

`v9.0.1`

`v9.0.0`