NestJS developers will find notable differences between @nestjs/common versions 10.0.0 and 9.4.3, impacting their projects. Both versions share the same core dependencies like uid, tslib, and iterare, indicating a continued reliance on these underlying utilities. Similarly, the peer dependencies rxjs, class-validator, reflect-metadata, and class-transformer remain, suggesting consistent core functionality.
However, a significant change lies in the removal of cache-manager as a peer dependency in version 10.0.0. In the 9.4.3 version, cache-manager had a version constraint of "<=5", potentially allowing developers to easily leverage caching mechanisms within their NestJS applications. This removal in version 10.0.0 implies either a shift in how caching is handled within the framework, or that developers must now explicitly install and manage cache-manager (or a similar caching library) independently.
Furthermore, the unpackedSize of the package has slightly decreased from 428624 bytes to 426377 bytes, potentially indicating optimizations or removal of unused code. While both packages contain 391 files, this difference in size may translate to a slightly smaller footprint in production environments. Finally, the release date of version 10.0.0 is June 15, 2023, which is more recent than the release date of version 9.4.3.(June 12, 2023)
All the vulnerabilities related to the version 10.0.0 of the package
nest allows a remote attacker to execute arbitrary code via the Content-Type header
File Upload vulnerability in nestjs nest prior to v.11.0.16 allows a remote attacker to execute arbitrary code via the Content-Type header.
