fix(deps): update dependency @grpc/grpc-js to v1.9.15 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@grpc/grpc-js (source)	1.9.14 -> 1.9.15

GitHub Vulnerability Alerts

CVE-2024-37168

Impact

There are two separate code paths in which memory can be allocated per message in excess of the grpc.max_receive_message_length channel option:

1. If an incoming message has a size on the wire greater than the configured limit, the entire message is buffered before it is discarded.
2. If an incoming message has a size within the limit on the wire but decompresses to a size greater than the limit, the entire message is decompressed into memory, and on the server is not discarded.

Patches

This has been patched in versions 1.10.9, 1.9.15, and 1.8.22

---

Release Notes

grpc/grpc-node (@​grpc/grpc-js)

v1.9.15: @​grpc/grpc-js 1.9.15

Compare Source

• Avoid buffering significantly more than grpc.max_receive_message_size per received message.

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json

npm ERR! code ERESOLVE
npm ERR! ERESOLVE could not resolve
npm ERR! 
npm ERR! While resolving: @nestjs/[email protected]
npm ERR! Found: [email protected]
npm ERR! node_modules/reflect-metadata
npm ERR!   dev reflect-metadata@"0.2.1" from the root project
npm ERR!   peer reflect-metadata@"^0.1.12 || ^0.2.0" from @nestjs/[email protected]
npm ERR!   node_modules/@nestjs/common
npm ERR!     dev @nestjs/common@"10.3.2" from the root project
npm ERR!     peer @nestjs/common@"^8.0.0 || ^9.0.0 || ^10.0.0" from @mikro-orm/[email protected]
npm ERR!     node_modules/@mikro-orm/nestjs
npm ERR!       dev @mikro-orm/nestjs@"5.2.3" from the root project
npm ERR!     11 more (@nestjs/axios, @nestjs/core, @nestjs/mapped-types, ...)
npm ERR!   7 more (@nestjs/core, @nestjs/mapped-types, ...)
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! peer reflect-metadata@"^0.1.13" from @nestjs/[email protected]
npm ERR! node_modules/@nestjs/sequelize
npm ERR!   dev @nestjs/sequelize@"10.0.0" from the root project
npm ERR! 
npm ERR! Conflicting peer dependency: [email protected]
npm ERR! node_modules/reflect-metadata
npm ERR!   peer reflect-metadata@"^0.1.13" from @nestjs/[email protected]
npm ERR!   node_modules/@nestjs/sequelize
npm ERR!     dev @nestjs/sequelize@"10.0.0" from the root project
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR! 
npm ERR! See /tmp/renovate/cache/others/npm/eresolve-report.txt for a full report.

npm ERR! A complete log of this run can be found in:
npm ERR!     /tmp/renovate/cache/others/npm/_logs/2024-10-09T09_50_14_248Z-debug-0.log