@nestjs/common versions 10.4.11 and 10.4.10 are recent releases of the core module for the NestJS framework, a popular Node.js framework for building efficient and scalable server-side applications. Both versions share the same core dependencies, including uid for unique ID generation, tslib for TypeScript helpers, and iterare for advanced iteration utilities. They also maintain identical peer dependencies, requiring rxjs for reactive programming, class-validator for data validation, reflect-metadata for metadata reflection, and class-transformer for object transformation.
The key differences lie in the internal implementation details and build artifacts. Version 10.4.11 features a slightly smaller footprint with a fileCount of 393 and an unpackedSize of 430126, compared to version 10.4.10's fileCount of 397 and an unpackedSize of 433951. While seemingly small, this reduction in size could indicate minor optimizations, bug fixes, or code refactoring that contribute to slightly improved performance or reduced bundle sizes for applications using the module. The versions have been released on the same day, with the 10.4.11 being released a couple of hours after, suggestiong the newer version might solve a critical bug or vulnerability quickly. Developers should consult the official NestJS changelog and release notes for a comprehensive list of changes and to determine if the update addresses any specific issues or introduces new features relevant to their projects. Although the core functionalities and dependencies remain consistent, using the latest version is generally recommended to benefit from the latest improvements and security patches.
All the vulnerabilities related to the version 10.4.11 of the package
nest allows a remote attacker to execute arbitrary code via the Content-Type header
File Upload vulnerability in nestjs nest prior to v.11.0.16 allows a remote attacker to execute arbitrary code via the Content-Type header.
