Skip to content

[Snyk] Security upgrade @nestjs/swagger from 6.2.1 to 11.2.2 #240

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
TheRedHatter wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade @nestjs/swagger from 6.2.1 to 11.2.2 #240

TheRedHatter wants to merge 1 commit into from

Conversation

@TheRedHatter
Copy link
Owner

@TheRedHatter TheRedHatter commented Nov 17, 2025

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

  • package.json
  • package-lock.json

Vulnerabilities that will be fixed with an upgrade:

Issue Score
medium severity Prototype Pollution
SNYK-JS-JSYAML-13961110		   545  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

@AC-KunalParmar
Copy link

AC-KunalParmar commented Nov 17, 2025
edited
Loading

Snyk checks have passed. No issues have been found so far.

Status Scanner Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues
Licenses 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

prisma-cloud-devsecops[bot]
prisma-cloud-devsecops bot reviewed Nov 17, 2025
View reviewed changes
package.json
"@nestjs/mercurius": "^11.0.3",
"@nestjs/platform-fastify": "^9.3.9",
"@nestjs/swagger": "^6.2.1",
"@nestjs/swagger": "^11.2.2",
Copy link

@prisma-cloud-devsecops prisma-cloud-devsecops bot Nov 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@nestjs/swagger 11.2.2 / package.json

Total vulnerabilities: 2

Critical: 0 High: 1 Medium: 0 Low: 1
Vulnerability IDSeverityCVSSFixed inStatus
CVE-2024-45296 HIGH HIGH - - Open
CVE-2025-5889 LOW LOW - - Open

@TheRedHatter
Copy link
Owner Author

TheRedHatter commented Nov 17, 2025

Logo
Checkmarx One – Scan Summary & Details24ae39c6-a23e-4405-aeed-782592a25ac2

New Issues (23)

Checkmarx found the following issues in this Pull Request

Severity Issue Source File / Package Checkmarx Insight
CRITICAL CVE-2022-37616 Npm-xmldom-0.6.0
detailsDescription: A Prototype Pollution vulnerability exists in the function "copy" in "dom.js" in the @xmldom/xmldom for Node.js via the "p" variable. This issue af...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: JsC0ELOFPSN8zV%2BS2L4JYD4Enu2CtX%2FbomYP9ZkJp9s%3D
Vulnerable Package
HIGH CVE-2025-58754 Npm-axios-0.26.1
detailsRecommended version: 0.30.2
Description: Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to version 1.12.0 runs on Node.js and is given a URL with the "d...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: Coi1qkaA2O6vRp6heFPhge4MeoRimR19pkMnnAOmhyU%3D
Vulnerable Package
HIGH CVE-2025-58754 Npm-axios-0.21.4
detailsRecommended version: 0.30.2
Description: Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to version 1.12.0 runs on Node.js and is given a URL with the "d...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: SzU9Gh3BuOnt9JcnRW%2Fxu7Nqb0qgCtQUMv6GyMWsGN8%3D
Vulnerable Package
MEDIUM CVE-2025-9714 Npm-libxmljs-0.19.7
detailsDescription: Uncontrolled recursion in XPath evaluation in libxml2 versions through 2.9.14 allow a local attacker to cause a Stack Overflow via crafted expressi...
Attack Vector: LOCAL
Attack Complexity: LOW

ID: bp2F5JXCq%2FcOdZKZ95oOt4RWJOS1r%2F1l0Z9sNuXLb5o%3D
Vulnerable Package
MEDIUM Client_HTML5_Insecure_Storage /client/src/pages/main/Contact.tsx: 18
detailsThe application stores data setItem on the client, in an insecure manner, at line 14 of /client/src/api/makeApiRequest.ts.
ID: uiK52hD26OkcWZgBOsJ25UlWgLY%3D
Attack Vector
MEDIUM Client_HTML5_Insecure_Storage /client/src/pages/main/Contact.tsx: 15
detailsThe application stores data setItem on the client, in an insecure manner, at line 14 of /client/src/api/makeApiRequest.ts.
ID: JZDg45NluuE%2FqR%2Bp%2BWCS0x1tZLA%3D
Attack Vector
MEDIUM Client_HTML5_Insecure_Storage /client/src/pages/main/Contact.tsx: 16
detailsThe application stores data setItem on the client, in an insecure manner, at line 14 of /client/src/api/makeApiRequest.ts.
ID: %2BtI6gXdp3CQHT6EvDNvc%2FI39dCw%3D
Attack Vector
MEDIUM Client_HTML5_Insecure_Storage /client/src/pages/main/Contact.tsx: 17
detailsThe application stores data setItem on the client, in an insecure manner, at line 14 of /client/src/api/makeApiRequest.ts.
ID: TRaxCrq1rJuovIK6EiRB0NFsaXc%3D
Attack Vector
MEDIUM Cx9b50aef6-319d Npm-nodemailer-6.9.12
detailsRecommended version: 7.0.7
Description: The email parsing library incorrectly handles quoted local-parts containing '@' in versions through 7.0.6. This leads to misrouting of email recipi...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: u2Z5a7xymMvI8MVj4%2BbQfmFzS66s4zcHiA0LZ5vDOLM%3D
Vulnerable Package
LOW CVE-2025-6170 Npm-libxmljs-0.19.7
detailsDescription: A flaw was found in the interactive shell of the xmllint tool in libxml2, used for parsing XML files. When a user inputs an overly long command, th...
Attack Vector: LOCAL
Attack Complexity: HIGH

ID: 9K7R4NJo2UwdwPYY1uwubujo1FE3PLFMSIW2QNvZzM4%3D
Vulnerable Package
LOW Image Pull Policy Of The Container Is Not Set To Always /deployment.yaml: 30
detailsImage Pull Policy of the container must be defined and set to Always
ID: jbItttOvKogovAAd%2FH7ig4ypMIA%3D
LOW Image Pull Policy Of The Container Is Not Set To Always /deployment.yaml: 30
detailsImage Pull Policy of the container must be defined and set to Always
ID: kAB29SiF81Xj2yvqEXcagrysLLk%3D
LOW Image Pull Policy Of The Container Is Not Set To Always /deployment.yaml: 30
detailsImage Pull Policy of the container must be defined and set to Always
ID: wXXi0cahCHD4cGDLh4rsNi0F%2BxE%3D
LOW Missing AppArmor Profile /deployment.yaml: 15
detailsContainers should be configured with an AppArmor profile to enforce fine-grained access control over low-level system resources
ID: rVWUGXaxxgPUFH6NVrYH%2BIxRDoI%3D
LOW Missing AppArmor Profile /deployment.yaml: 15
detailsContainers should be configured with an AppArmor profile to enforce fine-grained access control over low-level system resources
ID: FtVqRT0IgpU5fG0V%2FoZRtkWXFjA%3D
LOW Missing AppArmor Profile /deployment.yaml: 15
detailsContainers should be configured with an AppArmor profile to enforce fine-grained access control over low-level system resources
ID: irG%2BNIBc6DWhLX%2BN60f7sxAVZvs%3D
LOW Missing AppArmor Profile /deployment.yaml: 15
detailsContainers should be configured with an AppArmor profile to enforce fine-grained access control over low-level system resources
ID: mE5WzW1JsoXaX7Y%2FDD4RZL6%2BTFg%3D
LOW Missing AppArmor Profile /deployment.yaml: 15
detailsContainers should be configured with an AppArmor profile to enforce fine-grained access control over low-level system resources
ID: AtGpeSzGAaO6IqS8kfZ1%2BmJ2So8%3D
LOW Pod or Container Without Security Context /deployment.yaml: 30
detailsA security context defines privilege and access control settings for a Pod or Container
ID: WRTmMWRmGjWWGOH58Uek%2B3mC6AY%3D
LOW Pod or Container Without Security Context /deployment.yaml: 30
detailsA security context defines privilege and access control settings for a Pod or Container
ID: fT1H%2BQm7xq21r2CSbuHh2HKfYqY%3D
LOW Pod or Container Without Security Context /deployment.yaml: 30
detailsA security context defines privilege and access control settings for a Pod or Container
ID: AESOX60Q5UC39RXXUYls3GmXdxg%3D
LOW Pod or Container Without Security Context /deployment.yaml: 30
detailsA security context defines privilege and access control settings for a Pod or Container
ID: QO1LDg3imADaP%2F3rfRqZzDjA61U%3D
LOW Pod or Container Without Security Context /deployment.yaml: 30
detailsA security context defines privilege and access control settings for a Pod or Container
ID: b3jDxVGkL%2Btdfas40YiFuaUKdSo%3D
Fixed Issues (14)

Great job! The following issues were fixed in this Pull Request

Severity Issue Source File / Package
HIGH CVE-2025-45767 Npm-jose-4.13.1
LOW Image Pull Policy Of The Container Is Not Set To Always /deployment.yaml: 30
LOW Image Pull Policy Of The Container Is Not Set To Always /deployment.yaml: 30
LOW Image Pull Policy Of The Container Is Not Set To Always /deployment.yaml: 30
LOW Missing AppArmor Profile /deployment.yaml: 15
LOW Missing AppArmor Profile /deployment.yaml: 15
LOW Missing AppArmor Profile /deployment.yaml: 15
LOW Missing AppArmor Profile /deployment.yaml: 15
LOW Missing AppArmor Profile /deployment.yaml: 15
LOW Pod or Container Without Security Context /deployment.yaml: 30
LOW Pod or Container Without Security Context /deployment.yaml: 30
LOW Pod or Container Without Security Context /deployment.yaml: 30
LOW Pod or Container Without Security Context /deployment.yaml: 30
LOW Pod or Container Without Security Context /deployment.yaml: 30

Use @Checkmarx to reach out to us for assistance.

Just send a PR comment with @Checkmarx followed by a natural language request.

Examples: @Checkmarx how are you able to help me? @Checkmarx rescan this PR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@prisma-cloud-devsecops prisma-cloud-devsecops[bot] prisma-cloud-devsecops[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@TheRedHatter @AC-KunalParmar @snyk-bot