chore(deps): update dependency @nestjs/core to v9.0.5 [security] - autoclosed

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@nestjs/core (source)	9.0.1 -> 9.0.5

GitHub Vulnerability Alerts

CVE-2023-26108

Versions of the package @​nestjs/core before 9.0.5 are vulnerable to Information Exposure via the StreamableFile pipe. Exploiting this vulnerability is possible when the client cancels a request while it is streaming a StreamableFile, the stream wrapped by the StreamableFile will be kept open.

---

Release Notes

nestjs/nest (@​nestjs/core)

v9.0.5

Compare Source

v9.0.5 (2022-07-20)

Bug fixes

• common, platform-express
  • #​9819 fix: use pipeline over stream.pipe (@​jmcdo29)

Enhancements

• microservices
  • #​9798 feat(microservices): add noAssert option for RMQ connection (@​frankmangone)
  • #​9954 feat(microservices): add Kafka heartbeat callback to KafkaContext (@​kosh-b)
• platform-express, platform-fastify
  • #​9926 fix(express,fastify): raw body for urlencoded requests (@​tolgap)

Dependencies

• Other
  • #​9959 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/30-event-emitter (@​dependabot[bot])
  • #​9960 chore(deps): bump terser from 5.14.1 to 5.14.2 in /sample/32-graphql-federation-schema-first/users-application (@​dependabot[bot])
  • #​9961 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/31-graphql-federation-code-first/gateway (@​dependabot[bot])
  • #​9962 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/31-graphql-federation-code-first/users-application (@​dependabot[bot])
  • #​9963 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/32-graphql-federation-schema-first/posts-application (@​dependabot[bot])
  • #​9964 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/32-graphql-federation-schema-first/gateway (@​dependabot[bot])
  • #​9965 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/29-file-upload (@​dependabot[bot])
  • #​9966 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/28-sse (@​dependabot[bot])
  • #​9967 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/31-graphql-federation-code-first/posts-application (@​dependabot[bot])
  • #​9951 chore(deps-dev): bump mongoose from 6.4.4 to 6.4.5 (@​dependabot[bot])
  • #​9952 chore(deps-dev): bump concurrently from 7.2.2 to 7.3.0 (@​dependabot[bot])
• platform-fastify
  • #​9950 chore(deps): bump light-my-request from 5.1.0 to 5.2.0 (@​dependabot[bot])

Committers: 4

• Franco Mangone (@​frankmangone)
• Jay McDoniel (@​jmcdo29)
• Tolga Paksoy (@​tolgap)
• @​kosh-b

v9.0.4

Compare Source

v9.0.3

Compare Source

v9.0.2

Compare Source

v9.0.2

Bug fixes

• common
  • #​9904 fix(common): Fix CacheModule registerAsync (@​tugascript)

Enhancements

• core
  • #​9902 refactor(core): replace our own 1-level flatten by the native one (@​micalevisk)

Dependencies

• #​9906 chore(deps-dev): bump mongoose from 6.4.3 to 6.4.4 (@​dependabot[bot])
• #​9908 chore(deps-dev): bump cache-manager from 4.0.1 to 4.1.0 (@​dependabot[bot])
• #​9910 chore(deps-dev): bump @​nestjs/graphql from 10.0.16 to 10.0.18 (@​dependabot[bot])
• #​9911 chore(deps-dev): bump core-js from 3.23.3 to 3.23.4 (@​dependabot[bot])

Committers: 3

• Afonso Barracha (@​tugascript)
• Antonio T. alias Tony (@​Tony133)
• Micael Levi L. Cavalcante (@​micalevisk)

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[renovate]

Branch automerge failure

This PR was configured for branch automerge. However, this is not possible, so it has been raised as a PR instead.

---

• Branch has one or more failed status checks