NestJS, a popular Node.js framework for building efficient and scalable server-side applications, saw the release of version 9.4.0 on April 5th, 2023, following version 9.3.12 released on March 22nd, 2023. Examining the differences between these versions, developers will primarily find alterations in the underlying dependencies and package details. While both versions maintain identical peer dependencies, including rxjs, cache-manager, class-validator, reflect-metadata, and class-transformer, ensuring compatibility with existing projects, there have been updates to internal dependencies. Specifically, the uid dependency has been updated from version 2.0.1 to 2.0.2. Developers should evaluate the changes within the uid library to understand any potential impact on their applications, for dependency management and generated indentifiers.
Both versions share the same core dependencies like tslib and iterare, the MIT license, and project metadata points to the NestJS GitHub repository and Kamil Mysliwiec as the author. The difference in dist info shows a minimal jump from 423568 of unpacked size to 425960. Furthermore, developers considering an upgrade should be aware of the potential for breaking changes or performance improvements introduced in version 9.4.0, though these are not explicitly detailed in the provided metadata. The slight variation in unpacked size might indicate minor code refactoring or optimization.
All the vulnerabilities related to the version 9.4.0 of the package
nest allows a remote attacker to execute arbitrary code via the Content-Type header
File Upload vulnerability in nestjs nest prior to v.11.0.16 allows a remote attacker to execute arbitrary code via the Content-Type header.
