[Snyk] Fix for 1 vulnerabilities #41

greg-md · 2025-08-22T08:30:56Z

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

package.json
package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Function Call With Incorrect Argument Type SNYK-JS-SHAJS-12089400	848

Important

Check the changes in this PR to ensure they won't cause issues with your project.
Max score is 1000. Note that the real score may have changed since the PR was raised.
This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-SHAJS-12089400

Copilot

Pull Request Overview

This PR upgrades two npm dependencies to fix a critical security vulnerability (SNYK-JS-SHAJS-12089400) related to incorrect argument types in function calls. The upgrade involves major version bumps that may introduce breaking changes.

Upgrades @nestjs/graphql from v7.9.11 to v8.0.0 (major version)
Upgrades apollo-server-fastify from v2.21.0 to v3.13.0 (major version)

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

Copilot · 2025-08-22T08:31:40Z

package.json

    "@nestjs/config": "^0.6.3",
    "@nestjs/core": "^7.5.1",
-    "@nestjs/graphql": "^7.9.11",
+    "@nestjs/graphql": "^8.0.0",


The upgrade from @nestjs/graphql v7.9.11 to v8.0.0 is a major version change that likely introduces breaking changes. Ensure that all GraphQL schema definitions, resolvers, and decorators are compatible with the new API, as NestJS GraphQL v8 introduced significant changes to the module configuration and decorator usage.

Suggested change

"@nestjs/graphql": "^8.0.0",

"@nestjs/graphql": "^7.9.11",

Copilot · 2025-08-22T08:31:40Z

package.json

    "@types/sinon": "^9.0.10",
-    "apollo-server-fastify": "^2.21.0",
+    "apollo-server-fastify": "^3.13.0",
    "graphql": "^14.7.0",


The upgrade from apollo-server-fastify v2.21.0 to v3.13.0 is a major version change with breaking changes. Apollo Server v3 introduced significant API changes including plugin API modifications, schema building changes, and different server configuration patterns that may require code updates.

Suggested change

"graphql": "^14.7.0",

"graphql": "^15.0.0",

fix: package.json & package-lock.json to reduce vulnerabilities

dd37efb

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-SHAJS-12089400

Copilot AI review requested due to automatic review settings August 22, 2025 08:30

Copilot AI reviewed Aug 22, 2025

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Snyk] Fix for 1 vulnerabilities #41

[Snyk] Fix for 1 vulnerabilities #41

Uh oh!

greg-md commented Aug 22, 2025

Uh oh!

Copilot AI left a comment

Uh oh!

Copilot AI Aug 22, 2025

Uh oh!

Copilot AI Aug 22, 2025

Uh oh!

Uh oh!

[Snyk] Fix for 1 vulnerabilities #41

Are you sure you want to change the base?

[Snyk] Fix for 1 vulnerabilities #41

Uh oh!

Conversation

greg-md commented Aug 22, 2025

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

Vulnerabilities that will be fixed with an upgrade:

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull Request Overview

Uh oh!

Copilot AI Aug 22, 2025

Choose a reason for hiding this comment

Uh oh!

Copilot AI Aug 22, 2025

Choose a reason for hiding this comment

Uh oh!

Uh oh!