You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It appears that many dependencies used have fixed version numbers in package.json and have not been updated in some time.
Describe the bug
@nestjs/core has a vulnerability raised by dependabot: "@nestjs/core vulnerable to Information Exposure via StreamableFile pipe"
The @nestjs/core version 8.4.4 was released nearly a year ago: https://github.com/nestjs/nest/releases/tag/v8.4.4
I'd recommend updating this dependency as soon as possible, and investigating others that may also be outdated.
The text was updated successfully, but these errors were encountered:
It would be nice to upgrade to 9.0.5 or greater to avoid the security vulnerability. Or you could unpin the dependency doing something like "^9.0.5" to allow consumers to sidestep future vulnerabilities without a change to this library.
馃悰 Bug Report:
It appears that many dependencies used have fixed version numbers in package.json and have not been updated in some time.
Describe the bug
@nestjs/core has a vulnerability raised by dependabot: "@nestjs/core vulnerable to Information Exposure via StreamableFile pipe"
The @nestjs/core version 8.4.4 was released nearly a year ago: https://github.com/nestjs/nest/releases/tag/v8.4.4
I'd recommend updating this dependency as soon as possible, and investigating others that may also be outdated.
The text was updated successfully, but these errors were encountered: