Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

body-parser npm audit high vulnerability #13959

Closed
3 of 15 tasks
bu-michael opened this issue Sep 11, 2024 · 2 comments · Fixed by #13971
Closed
3 of 15 tasks

body-parser npm audit high vulnerability #13959

bu-michael opened this issue Sep 11, 2024 · 2 comments · Fixed by #13971
Labels
needs triage This issue has not been looked into

Comments

@bu-michael
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Current behavior

In @nestjs/platform-express, there is the package "body-parser" in version 1.20.2 (https://github.com/nestjs/nest/blob/master/packages/platform-express/package.json#L21) what causes a npm high security vulnerability. There is a patch in body-parser version 1.20.3. Express has already updated this library: https://github.com/expressjs/express/blob/master/package.json#L33

This should be updated.

Minimum reproduction code

GHSA-qwcr-r2fm-qrc7

Steps to reproduce

  1. npm install
  2. npm audit

Expected behavior

No high security vulnerability

Package

  • I don't know. Or some 3rd-party package
  • @nestjs/common
  • @nestjs/core
  • @nestjs/microservices
  • @nestjs/platform-express
  • @nestjs/platform-fastify
  • @nestjs/platform-socket.io
  • @nestjs/platform-ws
  • @nestjs/testing
  • @nestjs/websockets
  • Other (see below)

Other package

No response

NestJS version

10.4.1

Packages versions

[System Information]
OS Version : Linux 5.15.153.1-microsoft-standard-WSL2
NodeJS Version : v20.17.0
NPM Version : 10.8.3

[Nest CLI]
Nest CLI Version : 10.4.5

[Nest Platform Information]
platform-express version : 10.4.1
cache-manager version : 2.2.2
schematics version : 10.1.4
throttler version : 6.2.1
mongoose version : 10.0.10
terminus version : 10.2.3
swagger version : 7.4.0
testing version : 10.4.1
common version : 10.4.1
config version : 3.2.3
axios version : 3.0.3
core version : 10.4.1
jwt version : 10.2.0
cli version : 10.4.5

Node.js version

20.17.0

In which operating systems have you tested?

  • macOS
  • Windows
  • Linux

Other

No response
@bu-michael bu-michael added the needs triage This issue has not been looked into label Sep 11, 2024
@bu-michael bu-michael mentioned this issue Sep 11, 2024
Closed
12 tasks
@vishwac09
Copy link

@bu-michael when should we expect a patch for this ?

@bu-michael
Copy link
Author

@bu-michael when should we expect a patch for this ?

Can't tell. I'm not the maintainer. I did a pull request though.

@mdevecka mdevecka mentioned this issue Sep 13, 2024
Closed
@micalevisk micalevisk mentioned this issue Sep 13, 2024
Merged
@mdevecka mdevecka mentioned this issue Sep 14, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
needs triage This issue has not been looked into
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

chore(core,express,fastify): fix hard dependencies with security issues micalevisk/nest
2 participants
@vishwac09 @bu-michael