Skip to content

docs: refresh NestJS case study with measured two-pass remediation#749

Merged
Ayush7614 merged 1 commit into
OWASP:mainfrom
Ayush7614:docs/nestjs-case-study-158
Jun 25, 2026
Merged

docs: refresh NestJS case study with measured two-pass remediation#749
Ayush7614 merged 1 commit into
OWASP:mainfrom
Ayush7614:docs/nestjs-case-study-158

Conversation

@Ayush7614

@Ayush7614 Ayush7614 commented Jun 24, 2026
edited
Loading

Copy link
Copy Markdown
Collaborator

Summary

  • Restructures website/docs/case-studies/nestjs.md around measured remediation on NestJS revision cee51af using CVE Lite v1.25.0 (2026-06-24)
  • Adds a publication-grade Before vs After table: lockfile baseline 51 → 50 → 47 across two passes (fastify@5.8.5, then mocha@12.0.0-beta-4)
  • Documents what cleared after each pass, preserves honest remaining-risk discussion (47 findings still present), and aligns usage-aware triage (51 → 10 with --only-used)
  • Updates scan verification metadata and reproduction steps for a local NestJS clone (no in-repo fixture)

Fixes #158

Test plan

  • Verified markdown renders in docs site structure
  • Numbers tied to live scans on pinned revision (cee51af)
  • Two-pass Fix Journey matches measured deltas (pass 1: direct fastify; pass 2: Mocha parent chain)
  • Remaining risk section reflects post-pass-2 counts without zero-CVE framing

@Ayush7614
docs: refresh NestJS case study with measured two-pass remediation
9d578b9 
Restructure the NestJS write-up around fresh v1.25.0 scans on revision
cee51af, documenting baseline (51 findings) and two remediation passes
(fastify then mocha) with honest remaining-risk counts.

Fixes OWASP#158
@Ayush7614 Ayush7614 mentioned this pull request Jun 24, 2026
Closed
@Ayush7614

Ayush7614 commented Jun 24, 2026

Copy link
Copy Markdown
Collaborator Author

cc: @sonukapoor

sonukapoor
sonukapoor approved these changes Jun 25, 2026
View reviewed changes

@sonukapoor sonukapoor left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Clean update — numbers are internally consistent throughout (51→50→47 two-pass, --only-used 51→10), the remaining risk section is honest (4 critical still present after both passes), and the fix journey documents the peer-dependency friction accurately. Good work on the measured passes.

@Ayush7614 Ayush7614 merged commit e209a48 into OWASP:main Jun 25, 2026
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sonukapoor sonukapoor sonukapoor approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

docs: Refresh NestJS case study with measured remediation structure

2 participants

@Ayush7614 @sonukapoor