[Snyk] Security upgrade @nestjs/swagger from 11.2.0 to 11.2.6#90
[Snyk] Security upgrade @nestjs/swagger from 11.2.0 to 11.2.6#90
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-LODASH-15053838
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
Important Review skippedIgnore keyword(s) in the title. Please check the settings in the CodeRabbit UI or the You can disable this status message by setting the
✨ Finishing touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
| "@nestjs/passport": "^11.0.5", | ||
| "@nestjs/platform-express": "^11.0.1", | ||
| "@nestjs/swagger": "^11.2.0", | ||
| "@nestjs/swagger": "^11.2.6", |
There was a problem hiding this comment.
pnpm-lock.yaml is not updated to reflect this dependency bump. In the current lockfile, @nestjs/swagger is still pinned to 11.2.0 (and the specifier is ^11.2.0), so this change won’t actually be applied under frozen-lockfile installs and may fail CI or leave the vuln unfixed. Regenerate and commit the updated root pnpm-lock.yaml (e.g., run pnpm install from the repo root).
2 participants
Snyk has created this PR to fix 1 vulnerabilities in the pnpm dependencies of this project.
Snyk changed the following file(s):
apps/api/package.jsonVulnerabilities that will be fixed with an upgrade:
SNYK-JS-LODASH-15053838
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Prototype Pollution