NestJS @nestjs/common has been updated with version 10.2.1, released on August 22, 2023, following closely on the heels of version 10.2.0 released just a day earlier on August 21, 2023. Both versions share near-identical characteristics, targeting the development community building robust Node.js web applications with NestJS. They both declare the same core dependencies: uid (version 2.0.2), tslib (version 2.6.1), and iterare (version 1.2.1). The peer dependencies also remain consistent, requiring rxjs version 7.1.0 or higher, while also relying on class-validator, reflect-metadata version 0.1.12 or greater, and class-transformer. Essentially, for developers, the update from 10.2.0 to 10.2.1 appears to be a minor patch rather than a significant feature release. The fileCount of 391 and unpackedSize of 424737 bytes within the dist object remained unchanged indicating the same assets and structure.
While the changes are subtle between these two versions, developers should always consider staying updated with the latest releases from reputable packages like @nestjs/common. Even point releases (like the jump from 10.2.0 to 10.2.1) often include important bug fixes, performance improvements, or security patches that enhance application stability and reliability, making it worthwhile to upgrade. Check the official NestJS changelog or repository commits for granular details on what improvements 10.2.1 delivers over the previous version.
All the vulnerabilities related to the version 10.2.1 of the package
nest allows a remote attacker to execute arbitrary code via the Content-Type header
File Upload vulnerability in nestjs nest prior to v.11.0.16 allows a remote attacker to execute arbitrary code via the Content-Type header.
