[Snyk] Security upgrade @nestjs/graphql from 7.9.11 to 8.0.0 #43
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-IP-12704893 - https://snyk.io/vuln/SNYK-JS-IP-12761655
There was a problem hiding this comment.
Pull Request Overview
This PR upgrades the @nestjs/graphql dependency from version 7.9.11 to 8.0.0 to fix two high-severity Server-side Request Forgery (SSRF) vulnerabilities in the IP package dependency.
- Security upgrade to address SSRF vulnerabilities with severity scores of 788 each
- Major version bump for @nestjs/graphql package
- Automatic dependency update via Snyk security scanning
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| "@nestjs/config": "^0.6.3", | ||
| "@nestjs/core": "^7.5.1", | ||
| "@nestjs/graphql": "^7.9.11", | ||
| "@nestjs/graphql": "^8.0.0", |
There was a problem hiding this comment.
This is a major version upgrade from 7.x to 8.x which typically introduces breaking changes. The PR description indicates this is a breaking change but doesn't specify what compatibility issues might arise. Consider reviewing the @nestjs/graphql v8.0.0 migration guide and updating any affected GraphQL schema definitions, resolvers, or configuration that may be incompatible with the new version.
| "@nestjs/graphql": "^8.0.0", | |
| "@nestjs/graphql": "^7.10.5", |
Snyk has created this PR to fix 2 vulnerabilities in the npm dependencies of this project.
Snyk changed the following file(s):
package.jsonpackage-lock.jsonVulnerabilities that will be fixed with an upgrade:
SNYK-JS-IP-12704893
SNYK-JS-IP-12761655
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Server-side Request Forgery (SSRF)