NestJS developers will find the latest @nestjs/common package update, moving from version 10.4.8 to 10.4.9, a subtle yet potentially impactful shift. Both versions share core attributes, including the same dependencies on uid, tslib, and iterare, ensuring continued compatibility and core functionality. The peer dependencies for rxjs, class-validator, reflect-metadata, and class-transformer also remain consistent, suggesting that existing projects will likely not require immediate adaptations.
The key differences lie within the distribution details and release date. Version 10.4.9, released on November 25, 2024, features a slightly larger unpacked size of 430125 bytes compared to version 10.4.8's 429480 bytes released on November 15, 2024. While both have the same number of files, this indicates that the newer version includes some additional features, bug fixes, or optimizations. Developers considering an upgrade should examine release notes for a detailed breakdown of these changes. Usually patch updates like this include bug fixes and small improvements without breaking changes. The 10-day gap between releases signals a responsive maintenance schedule. Whether you're starting a new NestJS project or maintaining an existing one, staying informed about these incremental updates is vital for optimal performance and stability.
All the vulnerabilities related to the version 10.4.9 of the package
nest allows a remote attacker to execute arbitrary code via the Content-Type header
File Upload vulnerability in nestjs nest prior to v.11.0.16 allows a remote attacker to execute arbitrary code via the Content-Type header.
