Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

body-parser npm audit high vulnerability #13959

Closed
3 of 15 tasks
bu-michael opened this issue Sep 11, 2024 · 2 comments · Fixed by #13971
Closed
3 of 15 tasks

body-parser npm audit high vulnerability #13959

bu-michael opened this issue Sep 11, 2024 · 2 comments · Fixed by #13971
Labels
needs triage This issue has not been looked into

Comments

@bu-michael
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Current behavior

In @nestjs/platform-express, there is the package "body-parser" in version 1.20.2 (https://github.com/nestjs/nest/blob/master/packages/platform-express/package.json#L21) what causes a npm high security vulnerability. There is a patch in body-parser version 1.20.3. Express has already updated this library: https://github.com/expressjs/express/blob/master/package.json#L33

This should be updated.

Minimum reproduction code

GHSA-qwcr-r2fm-qrc7

Steps to reproduce

  1. npm install
  2. npm audit

Expected behavior

No high security vulnerability

Package

  • I don't know. Or some 3rd-party package
  • @nestjs/common
  • @nestjs/core
  • @nestjs/microservices
  • @nestjs/platform-express
  • @nestjs/platform-fastify
  • @nestjs/platform-socket.io
  • @nestjs/platform-ws
  • @nestjs/testing
  • @nestjs/websockets
  • Other (see below)

Other package

No response

NestJS version

10.4.1

Packages versions

[System Information]
OS Version : Linux 5.15.153.1-microsoft-standard-WSL2
NodeJS Version : v20.17.0
NPM Version : 10.8.3

[Nest CLI]
Nest CLI Version : 10.4.5

[Nest Platform Information]
platform-express version : 10.4.1
cache-manager version : 2.2.2
schematics version : 10.1.4
throttler version : 6.2.1
mongoose version : 10.0.10
terminus version : 10.2.3
swagger version : 7.4.0
testing version : 10.4.1
common version : 10.4.1
config version : 3.2.3
axios version : 3.0.3
core version : 10.4.1
jwt version : 10.2.0
cli version : 10.4.5

Node.js version

20.17.0

In which operating systems have you tested?

  • macOS
  • Windows
  • Linux

Other

No response

@bu-michael bu-michael added the needs triage This issue has not been looked into label Sep 11, 2024
@vishwac09
Copy link

@bu-michael when should we expect a patch for this ?

@bu-michael
Copy link
Author

@bu-michael when should we expect a patch for this ?

Can't tell. I'm not the maintainer. I did a pull request though.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
needs triage This issue has not been looked into
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants