NestJS developers will find the update from @nestjs/common version 10.3.1 to 10.3.2 a subtle but potentially important upgrade. Both versions share the same core dependencies including uid, tslib, and iterare, ensuring compatibility and consistent functionality. The declared peer dependencies also remain largely the same, requiring rxjs versions 7.1.0 and above, class-validator, and class-transformer. Also the reflect-metadata peer dependency requirement changed slightly from "^0.1.12" to "^0.1.12 || ^0.2.0", potentially widening the supported range of reflect-metadata versions. This suggests a consideration for broader compatibility with different setup configurations, potentially addressing issues encountered by users with various project setups.
Looking closely at the metadata, the unpackedSize of the package has seen a minor increase from 427346 to 427498. While a small difference, this could indicate the introduction of new features, bug fixes, or internal improvements that contribute to the package's overall footprint. Finally, the release dates highlight that version 10.3.2 was published on February 7, 2024, subsequent to version 10.3.1 which was released on January 23, 2024 meaning a shorter release cycle. In summary, the bump to version 10.3.2 is likely a patch release focused on compatibility tweaks and incremental improvements rather than groundbreaking new APIs. Developers always aim to keep their packages updated and should find this update a worthwhile upgrade, especially if they are relying on reflect-metadata.
All the vulnerabilities related to the version 10.3.2 of the package
nest allows a remote attacker to execute arbitrary code via the Content-Type header
File Upload vulnerability in nestjs nest prior to v.11.0.16 allows a remote attacker to execute arbitrary code via the Content-Type header.
