[Snyk] Fix for 2 vulnerabilities

[seanmcilvenna]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	591/1000 Why? Recently disclosed, Has a fix available, CVSS 6.1	Open Redirect SNYK-JS-EXPRESS-6474509	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Observable Discrepancy SNYK-JS-JSRSASIGN-6070731	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @nestjs/platform-express

The new version differs by 250 commits.

• 1f2fae7 chore(@ nestjs) publish v10.3.6 release
• 50385de Merge pull request #13362 from nestjs/dependabot/npm_and_yarn/grpc/proto-loader-0.7.11
• 872ab40 Merge pull request #13367 from nestjs/revert-13328-fix/redundant-emit-code
• f416f5a Revert "fix(microservices): fix redundant code to emit error"
• f29f932 Merge pull request #13366 from breeeew/fix-request-scope-leak
• 274011d chore(deps-dev): bump @ grpc/proto-loader from 0.7.10 to 0.7.11
• ccbbe06 Merge pull request #13358 from nestjs/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-7.4.0
• 1757840 Merge pull request #13361 from nestjs/dependabot/npm_and_yarn/mocha-10.4.0
• e133595 Merge pull request #13363 from nestjs/dependabot/npm_and_yarn/grpc/grpc-js-1.10.4
• 743c4b6 Merge pull request #13364 from nestjs/dependabot/npm_and_yarn/mysql2-3.9.3
• 6a7f74f fix(core): break reference chain to instance object
• 4510f6d chore(deps-dev): bump mysql2 from 3.9.2 to 3.9.3
• b3f0b65 chore(deps-dev): bump @ grpc/grpc-js from 1.10.3 to 1.10.4
• 0782837 chore(deps-dev): bump mocha from 10.3.0 to 10.4.0
• 334b27b chore(deps-dev): bump @ typescript-eslint/eslint-plugin
• ddc1265 Merge pull request #13355 from nestjs/dependabot/npm_and_yarn/apollo/server-4.10.2
• 560e350 Merge pull request #13359 from nestjs/dependabot/npm_and_yarn/typescript-eslint/parser-7.4.0
• b3a7510 Merge pull request #13357 from nestjs/dependabot/npm_and_yarn/express-4.19.2
• 70dea80 chore(deps-dev): bump @ typescript-eslint/parser from 7.3.1 to 7.4.0
• 8b1a1dd chore(deps): bump express from 4.19.1 to 4.19.2
• 2957483 chore(deps-dev): bump @ apollo/server from 4.10.1 to 4.10.2
• 1a605dd Merge branch 'master' of https://github.com/nestjs/nest
• 8bf0015 chore: update readme
• 09857ae Merge pull request #13343 from nestjs/dependabot/npm_and_yarn/core-js-3.36.1

See the full diff

Package name: angular-oauth2-oidc-jwks

The new version differs by 9 commits.

• 0335790 Merge pull request #1393 from BSekula/update-jsrsasign
• 39be423 chore: Update jsrsasign due to CVE-2024-21484 Marvin attack of RSA and RSAOAEP decryption
• 0211482 chore: update to ng 17
• f1d3c38 prepare v16
• f5d940c chore(release): 16.1.0
• 9f49131 Merge pull request #1357 from generalmotors/feat/angular-16
• 0f19c0e Merge pull request Generic OAuth2 support and support for header propagation #1 from michaelfaith/feat/angular-16
• b999024 feat: update project to Angular 16
• 3ba7303 docs: mention that ng14 has no standalone APIs for HttpClient to avoid confusion

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Open Redirect