Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update chokidar to ^4.0.0 #2806

Closed
1 task done
wdower opened this issue Nov 21, 2024 · 1 comment
Closed
1 task done

Update chokidar to ^4.0.0 #2806

wdower opened this issue Nov 21, 2024 · 1 comment
Labels
feature

Comments

@wdower
Copy link

wdower commented Nov 21, 2024

Is there an existing issue that is already proposing this?

  • I have searched the existing issues

Is your feature request related to a problem? Please describe it

Nestjs CLI is dependent on chokidar@3.6.0. That package is dependent on a version of the braces package that has a security issue noted in GHSA-grv7-fg5c-xmjg.

Describe the solution you'd like

chokidar removed the vulnerable package in version 4.0.0. Nestjs should update chokidar to ^4.0.0.

Teachability, documentation, adoption, migration strategy

No response

What is the motivation / use case for changing the behavior?

Removing vulnerable packages
@wdower wdower added the feature label Nov 21, 2024
@micalevisk
Copy link
Member

micalevisk commented Nov 21, 2024
edited
Loading

#2734

we can do that in the next major release (unless the major bump on chokidar doesn't introduces a breaking change to nestjs v10, of course)

@nestjs nestjs locked and limited conversation to collaborators Nov 22, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@micalevisk @kamilmysliwiec @wdower