NestJS developers will find a subtle but important update in @nestjs/common version 2.1.1, released on May 24, 2017, just a day after version 2.1.0. While both versions share the same core description as being part of the "modern, fast, powerful node.js web framework," the key difference lies in the release date itself. This suggests that version 2.1.1 is likely a patch release addressing a minor bug or issue discovered in the preceding 2.1.0 version, which was released on May 23, 2017.
Both versions explicitly declare cli-color version 1.1.0 as a dependency, indicating consistent handling of command-line interface coloring. Similarly, the reflect-metadata peer dependency locked at version 0.1.10 suggests a continued reliance on metadata reflection capabilities, crucial for NestJS's dependency injection and other advanced features. The MIT license and Kamil Mysliwiec as the author remain constant, underscoring the project's commitment to open-source principles and maintainership.
For developers, the quick succession of these releases suggests that the NestJS team is highly responsive to issues that arise; upgrading to version 2.1.1 is a prudent step to ensure stability. While the changes might be minimal, incorporating the latest patch release minimizes the chance of facing unforeseen issues, improving the overall development experience. The updated tarball URL allows immediate access to the updated library.
All the vulnerabilities related to the version 2.1.1 of the package
nest allows a remote attacker to execute arbitrary code via the Content-Type header
File Upload vulnerability in nestjs nest prior to v.11.0.16 allows a remote attacker to execute arbitrary code via the Content-Type header.
