fix(deps): update dependency @nestjs/common to v10.4.16 [security]

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@nestjs/common (source)	10.2.10 → 10.4.16

---

nest allows a remote attacker to execute arbitrary code via the Content-Type header

CVE-2024-29409 / GHSA-cj7v-w2c7-cp7c

More information

Details

File Upload vulnerability in nestjs nest prior to v.11.0.16 allows a remote attacker to execute arbitrary code via the Content-Type header.

Severity

• CVSS Score: 5.5 / 10 (Medium)
• Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

References

• https://nvd.nist.gov/vuln/detail/CVE-2024-29409
• https://github.com/nestjs/nest/issues/13311#issuecomment-1993839495
• https://gist.github.com/aydinnyunus/801342361584d1491c67a820a714f53f
• https://github.com/nestjs/nest/blob/83a48b2c7396985144b7a6cd5d3bee1abb7c5d81/packages/common/pipes/file/file-type.validator.ts#L19
• https://github.com/nestjs/nest/issues/14876
• https://github.com/nestjs/nest/issues/14876#issuecomment-2796888038
• https://github.com/nestjs/nest/pull/14881
• https://github.com/nestjs/nest/releases/tag/v11.0.16
• https://github.com/nestjs/nest/releases/tag/v10.4.16
• https://github.com/advisories/GHSA-cj7v-w2c7-cp7c

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Release Notes

nestjs/nest (@​nestjs/common)

v10.4.16

Compare Source

What's Changed

• fix(common): introduce magic file type validator to nestjs common by @​Chathula in #​14948

Full Changelog: nestjs/nest@v10.4.15...v10.4.16

v10.4.15

Compare Source

v10.4.15 (2024-12-09)

Dependencies

• platform-express
  • #​14282 fix(deps): update dependency express to v4.21.2 (@​renovate[bot])

v10.4.14

Compare Source

v10.4.13

Compare Source

v10.4.13 (2024-12-03)

Bug fixes

• common
  • #​14256 chore(common): Add type declaration for RawBody decorator with pipes (@​sapenlei)

Dependencies

• #​14257 fix(deps): update dependency @​fastify/static to v7.0.4 (@​renovate[bot])
• #​14258 fix(deps): update dependency @​nestjs/sequelize to v10.0.1 (@​renovate[bot])
• #​14249 chore(deps): bump @​apollo/gateway from 2.4.8 to 2.8.5 in /sample/32-graphql-federation-schema-first/users-application (@​dependabot[bot])
• #​14250 chore(deps): update jest monorepo (@​renovate[bot])
• #​14245 chore(deps): update dependency mqtt to v5.10.3 (@​renovate[bot])
• #​14247 fix(deps): update nest monorepo to v10.4.12 (@​renovate[bot])
• #​14251 chore(deps-dev): bump graphql-tools from 9.0.3 to 9.0.5 (@​dependabot[bot])
• #​14246 chore(deps): update nest monorepo (@​renovate[bot])

Committers: 3

• Kamil Mysliwiec (@​kamilmysliwiec)
• Micael Levi L. Cavalcante (@​micalevisk)
• sapenlei (@​sapenlei)

v10.4.12

Compare Source

v10.4.12 (2024-11-29)

Bug fixes

• common
  • #​14241 fix(common): enforce string type in validationpipe (@​LhonRafaat)

Dependencies

• Other
  • #​14243 chore(deps): update dependency @​types/node to v20.17.9 (@​renovate[bot])
  • #​14240 chore(deps): update dependency @​types/multer to v1.4.12 (@​renovate[bot])
  • #​14239 chore(deps): update dependency @​types/chai to v4.3.20 (@​renovate[bot])
  • #​14237 chore(deps): update confluentinc/cp-zookeeper docker tag to v7.7.2 (@​renovate[bot])
  • #​14236 chore(deps): update confluentinc/cp-kafka docker tag to v7.7.2 (@​renovate[bot])
  • #​12253 fix(deps): update apollo graphql packages (@​renovate[bot])
  • #​14235 chore(deps-dev): bump @​commitlint/config-angular from 19.5.0 to 19.6.0 (@​dependabot[bot])
  • #​14233 chore(deps): update nest monorepo (@​renovate[bot])
  • #​14232 fix(deps): update dependency path-to-regexp to v3.3.0 [security] (@​renovate[bot])
  • #​14229 chore(deps): update mongo docker tag to v8 (@​renovate[bot])
  • #​14228 chore(deps): update dependency @​types/node to v22.10.0 (@​renovate[bot])
  • #​14227 fix(deps): update nest-graphql monorepo to v12.2.1 (@​renovate[bot])
  • #​14224 fix(deps): update dependency sequelize to v6.37.5 (@​renovate[bot])
  • #​14230 chore(deps): update mysql docker tag to v9 (@​renovate[bot])
  • #​14231 fix(deps): update dependency @​nestjs/swagger to v8 (@​renovate[bot])
• common, core, microservices, platform-express, platform-fastify, platform-socket.io, platform-ws, testing, websockets
  • #​14226 fix(deps): update dependency tslib to v2.8.1 (@​renovate[bot])
• platform-socket.io
  • #​14225 fix(deps): update dependency socket.io to v4.8.1 (@​renovate[bot])

Committers: 1

• Lhon (@​LhonRafaat)

v10.4.11

Compare Source

v10.4.10

Compare Source

v10.4.10 (2024-11-27)

Bug fixes

• platform-socket.io, websockets
  • #​14204 fix(websockets): ensure non-shared servers call close method (@​sapenlei)

Dependencies

• #​14221 chore(deps): update mysql docker tag to v8.4.3 (@​renovate[bot])
• #​14220 chore(deps): update dependency webpack to v5.96.1 (@​renovate[bot])
• #​14219 chore(deps): update dependency nodemon to v3.1.7 (@​renovate[bot])
• #​14218 chore(deps): update confluentinc/cp-zookeeper docker tag to v7.7.1 (@​renovate[bot])
• #​14217 chore(deps): update confluentinc/cp-kafka docker tag to v7.7.1 (@​renovate[bot])
• #​14216 fix(deps): update dependency rimraf to v5.0.10 (@​renovate[bot])
• #​14215 fix(deps): update dependency dotenv to v16.4.5 (@​renovate[bot])
• #​14214 fix(deps): update dependency @​grpc/reflection to v1.0.4 (@​renovate[bot])
• #​12940 fix(deps): update dependency mongoose to v8.8.3 (@​renovate[bot])
• #​14207 chore(deps): update dependency @​types/dotenv to v8.2.3 (@​renovate[bot])
• #​14208 chore(deps): update dependency @​types/node to v20.17.8 (@​renovate[bot])
• #​14209 chore(deps): update dependency amqplib to v0.10.5 (@​renovate[bot])
• #​14212 chore(deps): update dependency webpack to v5.94.0 [security] (@​renovate[bot])
• #​14210 chore(deps): update dependency husky to v9.1.7 (@​renovate[bot])
• #​14211 chore(deps): update nest monorepo (@​renovate[bot])
• #​14206 chore(deps-dev): bump mongoose from 8.8.1 to 8.8.3 (@​dependabot[bot])

Committers: 1

• sapenlei (@​sapenlei)

v10.4.9

Compare Source

v10.4.9 (2024-11-25)

Bug fixes

• core, microservices
  • #​13923 fix(core): merge req context with tenant payload in the request instance (@​DylanVeldra)
• websockets
  • #​14185 fix(websockets): Prevent HTTP server early close in Socket.IO shutdown (@​sapenlei)
• common
  • #​14181 fix(common): fallback to empty string for enums when validating (swc builder) (@​kamilmysliwiec)
• core
  • #​13804 fix(core): dependencies not resolving for transient lazy providers (@​patrickacioli)
• microservices
  • #​14163 fix(microservices): grpc client streaming bugs (@​kamilmysliwiec)

Enhancements

• common, core
  • #​14175 fix(common,core): align the logic of optional provider (@​micalevisk)
• microservices
  • #​12954 feat: emit batch (@​gunb0s)

Dependencies

• Other
  • #​14192 chore(deps): update dependency webpack to v5.94.0 [security] (@​renovate[bot])
  • #​14188 chore(deps): bump cross-spawn from 7.0.3 to 7.0.6 in /sample/30-event-emitter (@​dependabot[bot])
  • #​14187 chore(deps): bump cookie and @​nestjs/platform-express in /sample/34-using-esm-packages (@​dependabot[bot])
  • #​14189 chore(deps): bump cross-spawn from 7.0.3 to 7.0.6 in /sample/19-auth-jwt (@​dependabot[bot])
  • #​14186 chore(deps): bump cross-spawn from 7.0.3 to 7.0.6 in /sample/31-graphql-federation-code-first/posts-application (@​dependabot[bot])
  • #​14183 chore(deps): bump cross-spawn from 7.0.3 to 7.0.6 in /sample/32-graphql-federation-schema-first/posts-application (@​dependabot[bot])
  • #​14176 chore(deps): bump cross-spawn from 7.0.3 to 7.0.6 in /sample/32-graphql-federation-schema-first/users-application (@​dependabot[bot])
  • #​14179 chore(deps-dev): bump @​types/mocha from 10.0.9 to 10.0.10 (@​dependabot[bot])
  • #​14174 chore(deps): bump cross-spawn from 7.0.3 to 7.0.6 in /sample/22-graphql-prisma (@​dependabot[bot])
  • #​14173 chore(deps): bump cross-spawn from 7.0.3 to 7.0.6 in /sample/28-sse (@​dependabot[bot])
  • #​14165 chore(deps-dev): bump @​typescript-eslint/parser from 8.14.0 to 8.15.0 (@​dependabot[bot])
  • #​14171 chore(deps): bump cross-spawn from 7.0.3 to 7.0.6 in /sample/11-swagger (@​dependabot[bot])
  • #​14172 chore(deps): bump cookie and @​nestjs/platform-express in /sample/35-use-esm-package-after-node22 (@​dependabot[bot])
  • #​14170 chore(deps): bump cross-spawn from 7.0.3 to 7.0.6 in /sample/24-serve-static (@​dependabot[bot])
  • #​14169 chore(deps): bump cross-spawn from 7.0.3 to 7.0.6 in /sample/15-mvc (@​dependabot[bot])
  • #​14164 chore(deps): bump cross-spawn from 7.0.3 to 7.0.6 in /sample/01-cats-app (@​dependabot[bot])
  • #​14167 chore(deps-dev): bump @​typescript-eslint/eslint-plugin from 8.14.0 to 8.15.0 (@​dependabot[bot])
  • #​14161 chore(deps): bump cross-spawn from 7.0.3 to 7.0.5 in /sample/25-dynamic-modules (@​dependabot[bot])
  • #​14159 chore(deps): bump cross-spawn from 7.0.3 to 7.0.5 in /sample/33-graphql-mercurius (@​dependabot[bot])
  • #​13632 fix(deps): update dependency mysql2 to v3.9.8 [security] (@​renovate[bot])
  • #​14151 chore(deps): bump cross-spawn from 7.0.3 to 7.0.5 in /sample/27-scheduling (@​dependabot[bot])
  • #​14155 build(sample): replace cli-color with smaller and faster ansis (@​webdiscus)
  • #​14146 chore(deps): bump cookie and @​nestjs/platform-express in /sample/28-sse (@​dependabot[bot])
  • #​14149 chore(deps): bump cross-spawn from 7.0.3 to 7.0.5 in /sample/32-graphql-federation-schema-first/gateway (@​dependabot[bot])
  • #​12995 chore(deps): update dependency supertest to v6.3.4 (@​renovate[bot])
  • #​12815 chore(deps): update dependency @​types/node to v20.17.6 (@​renovate[bot])
  • #​14147 chore: upgrade deps (@​kamilmysliwiec)
  • #​14144 chore(deps): bump cookie, light-my-request and @​nestjs/platform-fastify in /sample/33-graphql-mercurius (@​dependabot[bot])
• platform-fastify
  • #​14191 chore(deps): bump light-my-request from 6.1.0 to 6.3.0 (@​dependabot[bot])

Committers: 7

• Kamil Mysliwiec (@​kamilmysliwiec)
• Micael Levi L. Cavalcante (@​micalevisk)
• Patrick Acioli (@​patrickacioli)
• @​DylanVeldra
• @​webdiscus
• cain (@​gunb0s)
• sapenlei (@​sapenlei)

v10.4.8

Compare Source

v10.4.8 (2024-11-15)

Bug fixes

• microservices
  • #​14059 fix(microservices): include discarded rmq client options (@​v-sum)
  • #​14132 fix(microservices): no messages emitted with mqtt when qos set (@​kamilmysliwiec)
• core
  • #​14133 fix(core): flaky durable provider, remove instance on error (@​kamilmysliwiec)

Enhancements

• core
  • #​14143 feat(core): expose listening stream from http adapter host (@​kamilmysliwiec)
  • #​14139 chore(core): defer application shutdown until init finishes (@​mksony)

Committers: 3

• Kamil Mysliwiec (@​kamilmysliwiec)
• Max (@​mksony)
• Vasile Sumanschi (@​v-sum)

v10.4.7

Compare Source

v10.4.6

Compare Source

v10.4.5

Compare Source

v10.4.5 (2024-10-16)

Dependencies

• platform-express
  • #​14060 build(express): upgrade to express 4.2.1 (@​ezintz)
• Other
  • #​13903 chore(deps): bump ws and @​nestjs/graphql in /sample/31-graphql-federation-code-first/posts-application (@​dependabot[bot])
  • #​13917 chore(deps): bump micromatch from 4.0.4 to 4.0.8 in /sample/32-graphql-federation-schema-first/posts-application (@​dependabot[bot])
  • #​14015 chore(deps): bump find-my-way from 8.1.0 to 8.2.2 in /sample/10-fastify (@​dependabot[bot])
  • #​14039 chore(deps): bump serve-static, express and @​nestjs/platform-express in /sample/23-graphql-code-first (@​dependabot[bot])
  • #​14040 chore(deps): bump send, @​nestjs/platform-express and express in /sample/24-serve-static (@​dependabot[bot])
  • #​14034 chore(deps): bump serve-static and @​nestjs/platform-express in /sample/28-sse (@​dependabot[bot])
  • #​14035 chore(deps): bump send and @​nestjs/platform-express in /sample/28-sse (@​dependabot[bot])
  • #​14030 chore(deps): bump send and @​nestjs/platform-express in /sample/25-dynamic-modules (@​dependabot[bot])
  • #​14031 chore(deps): bump serve-static and @​nestjs/platform-express in /sample/25-dynamic-modules (@​dependabot[bot])
  • #​14026 chore(deps): bump serve-static and @​nestjs/platform-express in /sample/26-queues (@​dependabot[bot])
  • #​14025 chore(deps): bump send and @​nestjs/platform-express in /sample/26-queues (@​dependabot[bot])
• platform-fastify
  • #​14064 build(fastify): upgrade light-my-request to 6.1.0 (@​PattyTrish)

Committers: 5

• Eduard Zintz (@​ezintz)
• Fernando Vargas (@​frndvrgs)
• Micael Levi L. Cavalcante (@​micalevisk)
• Patricia Ahern (@​PattyTrish)
• Rick Dutour Geerling (@​tuxmachine)

v10.4.4

Compare Source

v10.4.3

Compare Source

v10.4.2

Compare Source

v10.4.2 (2024-09-16)

Dependencies

• common, core, microservices, platform-express, platform-fastify, platform-socket.io, platform-ws, testing, websockets
  • #​13911 chore(deps): bump tslib from 2.6.3 to 2.7.0 (@​dependabot[bot])
• platform-fastify
  • #​13938 chore(deps): bump light-my-request from 5.13.0 to 6.0.0 (@​dependabot[bot])
• Other
  • #​13936 chore(deps-dev): bump lint-staged from 15.2.9 to 15.2.10 (@​dependabot[bot])
  • #​13946 chore(deps): bump webpack and @​nestjs/cli in /sample/02-gateways (@​dependabot[bot])
  • #​13947 chore(deps-dev): bump webpack from 5.91.0 to 5.94.0 (@​dependabot[bot])
  • #​13966 chore(deps): bump dset from 3.1.2 to 3.1.4 in /sample/32-graphql-federation-schema-first/gateway (@​dependabot[bot])
  • #​13967 chore(deps): bump dset from 3.1.3 to 3.1.4 (@​dependabot[bot])
  • #​13968 chore(deps-dev): bump @​commitlint/cli from 19.4.0 to 19.5.0 (@​dependabot[bot])
  • #​13969 chore(deps-dev): bump mongoose from 8.6.0 to 8.6.2 (@​dependabot[bot])
  • #​13973 chore(deps-dev): bump @​types/node from 22.5.1 to 22.5.5 (@​dependabot[bot])
  • #​13922 chore(deps): bump @​apollo/gateway from 2.2.3 to 2.9.0 in /sample/31-graphql-federation-code-first/users-application (@​dependabot[bot])
  • #​13921 chore(deps): bump @​apollo/query-planner from 2.4.8 to 2.9.0 in /sample/31-graphql-federation-code-first/posts-application (@​dependabot[bot])
  • #​13926 chore(deps-dev): bump mongoose from 8.5.3 to 8.6.0 (@​dependabot[bot])
  • #​13928 chore(deps-dev): bump @​types/node from 22.5.0 to 22.5.1 (@​dependabot[bot])
  • #​13929 chore(deps-dev): bump @​commitlint/config-angular from 19.3.0 to 19.4.1 (@​dependabot[bot])
  • #​13893 chore(deps-dev): bump @​typescript-eslint/eslint-plugin from 7.18.0 to 8.2.0 (@​dependabot[bot])
  • #​13896 chore(deps-dev): bump husky from 9.1.4 to 9.1.5 (@​dependabot[bot])
  • #​13897 chore(deps-dev): bump core-js from 3.38.0 to 3.38.1 (@​dependabot[bot])
  • #​13901 chore(deps-dev): bump @​types/node from 22.3.0 to 22.5.0 (@​dependabot[bot])
  • #​13902 chore(deps-dev): bump artillery from 2.0.19 to 2.0.20 (@​dependabot[bot])
  • #​13884 chore(deps-dev): bump mongoose from 8.5.2 to 8.5.3 (@​dependabot[bot])
  • #​13885 chore(deps-dev): bump lint-staged from 15.2.8 to 15.2.9 (@​dependabot[bot])
  • #​13890 chore(deps-dev): bump @​types/node from 22.2.0 to 22.3.0 (@​dependabot[bot])

Committers: 3

• Kamil Mysliwiec (@​kamilmysliwiec)
• Micael Levi L. Cavalcante (@​micalevisk)
• @​haouvw

v10.4.1

Compare Source

v10.4.0

Compare Source

v10.3.10

Compare Source

v10.3.10 (2024-07-01)

Bug fixes

• core
  • #​13712 fix(core): when using forward references on exports array (@​micalevisk)

Enhancements

• platform-fastify
  • #​13734 feat(fastify-adapter): support for skipping middie registration (@​ancyrweb)

Dependencies

• Other
  • #​13706 chore(deps-dev): bump nodemon from 3.1.3 to 3.1.4 (@​dependabot[bot])
  • #​13716 chore(deps-dev): bump ts-morph from 22.0.0 to 23.0.0 (@​dependabot[bot])
  • #​13697 chore(deps): bump ws from 8.13.0 to 8.17.1 in /sample/16-gateways-ws (@​dependabot[bot])
  • #​13708 chore(deps-dev): bump nats from 2.26.0 to 2.27.0 (@​dependabot[bot])
  • #​13709 chore(deps-dev): bump typescript from 5.4.5 to 5.5.2 (@​dependabot[bot])
  • #​13715 chore(deps-dev): bump graphql from 16.8.2 to 16.9.0 (@​dependabot[bot])
  • #​13718 chore(deps-dev): bump engine.io-client from 6.5.4 to 6.6.0 (@​dependabot[bot])
  • #​13724 chore(deps-dev): bump @​types/node from 20.14.6 to 20.14.9 (@​dependabot[bot])
  • #​13672 chore(deps-dev): bump braces from 3.0.2 to 3.0.3 in /sample/26-queues (@​dependabot[bot])
  • #​13693 chore(deps-dev): bump @​typescript-eslint/eslint-plugin from 7.13.0 to 7.13.1 (@​dependabot[bot])
  • #​13699 chore(deps-dev): bump engine.io-client from 6.5.3 to 6.5.4 (@​dependabot[bot])
  • #​13702 chore(deps-dev): bump @​types/node from 20.14.4 to 20.14.6 (@​dependabot[bot])
  • #​13703 chore(deps): bump fast-json-stringify from 5.16.0 to 5.16.1 (@​dependabot[bot])
  • #​13694 chore(deps-dev): bump mongoose from 8.4.1 to 8.4.3 (@​dependabot[bot])
  • #​13695 chore(deps-dev): bump @​typescript-eslint/parser from 7.13.0 to 7.13.1 (@​dependabot[bot])
  • #​13696 chore(deps-dev): bump @​types/node from 20.14.2 to 20.14.4 (@​dependabot[bot])
  • #​13678 chore(deps-dev): bump graphql from 16.8.1 to 16.8.2 (@​dependabot[bot])
  • #​13682 chore(deps-dev): bump mysql2 from 3.10.0 to 3.10.1 (@​dependabot[bot])
  • #​13674 chore(deps-dev): bump prettier from 3.3.1 to 3.3.2 (@​dependabot[bot])
  • #​13677 chore(deps-dev): bump lint-staged from 15.2.5 to 15.2.7 (@​dependabot[bot])
  • #​13671 chore(deps-dev): bump braces from 3.0.2 to 3.0.3 in /sample/27-scheduling (@​dependabot[bot])
  • #​13670 chore(deps-dev): bump braces from 3.0.2 to 3.0.3 in /sample/30-event-emitter (@​dependabot[bot])
  • #​13667 chore(deps-dev): bump @​typescript-eslint/eslint-plugin from 7.12.0 to 7.13.0 (@​dependabot[bot])
  • #​13665 chore(deps-dev): bump artillery from 2.0.14 to 2.0.15 (@​dependabot[bot])
  • #​13660 chore(deps): bump @​grpc/grpc-js from 1.10.0 to 1.10.9 in /sample/04-grpc (@​dependabot[bot])
  • #​13662 chore(deps-dev): bump @​grpc/grpc-js from 1.10.8 to 1.10.9 (@​dependabot[bot])
  • #​13663 chore(deps-dev): bump @​fastify/multipart from 8.2.0 to 8.3.0 (@​dependabot[bot])
  • #​13666 chore(deps-dev): bump @​typescript-eslint/parser from 7.11.0 to 7.13.0 (@​dependabot[bot])
  • #​13669 chore(deps): bump uuid from 9.0.1 to 10.0.0 (@​dependabot[bot])
  • #​13640 chore(deps-dev): bump nodemon from 3.1.2 to 3.1.3 (@​dependabot[bot])
  • #​13641 chore(deps-dev): bump @​typescript-eslint/eslint-plugin from 7.11.0 to 7.12.0 (@​dependabot[bot])
  • #​13642 chore(deps-dev): bump mongoose from 8.4.0 to 8.4.1 (@​dependabot[bot])
  • #​13651 chore(deps-dev): bump prettier from 3.2.5 to 3.3.1 (@​dependabot[bot])
  • #​13652 chore(deps-dev): bump @​types/node from 20.12.12 to 20.14.2 (@​dependabot[bot])
  • #​13653 chore(deps-dev): bump cache-manager from 5.5.3 to 5.6.1 (@​dependabot[bot])
• platform-ws
  • #​13690 chore(deps): bump ws from 8.17.0 to 8.17.1 (@​dependabot[bot])
• platform-fastify
  • #​13691 chore(deps): bump fastify from 4.27.0 to 4.28.0 (@​dependabot[bot])
• common, core, microservices, platform-express, platform-fastify, platform-socket.io, platform-ws, testing, websockets
  • #​13649 chore(deps): bump tslib from 2.6.2 to 2.6.3 (@​dependabot[bot])

Committers: 4

• () => { } (@​ragavendra)
• Anthony Cyrille (@​ancyrweb)
• Lincoln (@​L-Qun)
• Micael Levi L. Cavalcante (@​micalevisk)

v10.3.9

Compare Source

v10.3.9 (2024-06-03)

Bug fixes

• core
  • #​13453 fix(core): possible memory leak when using server side events (@​zhengjitf)
  • #​13405 fix(core): auto flush logs on synchronous internal errors (@​micalevisk)
• platform-fastify
  • #​13536 feat(fastify): Do not crash if enableVersioning is not used (@​Fcmam5)

Enhancements

• platform-ws
  • #​13531 fix(ws): close existing connections (@​bettercalljason)
• common, core
  • #​13428 feat(common): support empty @Inject() on constructor-based injection (@​micalevisk)
• core
  • #​13614 fix(core): prevent exclude method from overwriting previous calls (@​dragontaek-lee)

Docs

• common
  • #​13471 doc: fix typos & clarify comments (@​le-harivansh)

Dependencies

• Other
  • #​13619 chore(deps-dev): bump @​typescript-eslint/parser from 7.9.0 to 7.11.0 (@​dependabot[bot])
  • #​13631 chore(deps): bump mysql2 from 3.9.7 to 3.9.8 in /sample/05-sql-typeorm (@​dependabot[bot])
  • #​13624 chore(deps-dev): bump mqtt from 5.6.0 to 5.7.0 (@​dependabot[bot])
  • #​13617 chore(deps-dev): bump lint-staged from 15.2.2 to 15.2.5 (@​dependabot[bot])
  • #​13611 chore(deps-dev): bump cache-manager from 5.5.2 to 5.5.3 (@​dependabot[bot])
  • #​13610 chore(deps): bump fast-json-stringify from 5.15.1 to 5.16.0 (@​dependabot[bot])
  • #​13620 chore(deps-dev): bump @​typescript-eslint/eslint-plugin from 7.10.0 to 7.11.0 (@​dependabot[bot])
  • #​13625 chore(deps-dev): bump artillery from 2.0.12 to 2.0.14 (@​dependabot[bot])
  • #​13629 chore(deps-dev): bump nodemon from 3.1.0 to 3.1.2 (@​dependabot[bot])
  • #​13633 chore(deps-dev): bump mysql2 from 3.9.7 to 3.10.0 (@​dependabot[bot])
  • #​13588 chore(deps): bump express and @​nestjs/platform-express in /sample/04-grpc (@​dependabot[bot])
  • #​13591 chore(deps): bump express and @​nestjs/platform-express in /sample/02-gateways (@​dependabot[bot])
  • #​13592 chore(deps): bump express and @​nestjs/platform-express in /sample/01-cats-app (@​dependabot[bot])
  • #​13594 chore(deps-dev): bump core-js from 3.37.0 to 3.37.1 (@​dependabot[bot])
  • #​13595 chore(deps-dev): bump redis from 4.6.13 to 4.6.14 (@​dependabot[bot])
  • #​13596 chore(deps-dev): bump sinon from 17.0.1 to 18.0.0 (@​dependabot[bot])
  • #​13597 chore(deps-dev): bump @​grpc/grpc-js from 1.10.7 to 1.10.8 (@​dependabot[bot])
  • #​13602 chore(deps-dev): bump mongoose from 8.3.4 to 8.4.0 (@​dependabot[bot])
  • #​13605 chore(deps-dev): bump nats from 2.25.0 to 2.26.0 (@​dependabot[bot])
  • #​13606 chore(deps-dev): bump @​typescript-eslint/eslint-plugin from 7.9.0 to 7.10.0 (@​dependabot[bot])
  • #​13590 chore(deps): bump express and @​nestjs/platform-express in /sample/05-sql-typeorm (@​dependabot[bot])
  • #​13589 chore(deps): bump express and @​nestjs/platform-express in /sample/03-microservices (@​dependabot[bot])
  • #​13587 chore(deps): bump express and @​nestjs/platform-express in /sample/08-webpack (@​dependabot[bot])
  • #​13586 chore(deps): bump express and @​nestjs/platform-express in /sample/06-mongoose (@​dependabot[bot])
  • #​13585 chore(deps): bump express and @​nestjs/platform-express in /sample/09-babel-example (@​dependabot[bot])
  • #​13584 chore(deps): bump express and @​nestjs/platform-express in /sample/07-sequelize (@​dependabot[bot])
  • #​13583 chore(deps): bump express and @​nestjs/platform-express in /sample/11-swagger (@​dependabot[bot])
  • #​13576 chore(deps-dev): bump @​typescript-eslint/eslint-plugin from 7.8.0 to 7.9.0 (@​dependabot[bot])
  • #​13567 chore(deps): bump express and @​nestjs/platform-express in /sample/15-mvc (@​dependabot[bot])
  • #​13570 chore(deps): bump express and @​nestjs/platform-express in /sample/19-auth-jwt (@​dependabot[bot])
  • #​13563 chore(deps): bump express and @​nestjs/platform-express in /sample/20-cache (@​dependabot[bot])
  • #​13564 chore(deps): bump express and @​nestjs/platform-express in /sample/21-serializer (@​dependabot[bot])
  • #​13565 chore(deps): bump express and @​nestjs/platform-express in /sample/22-graphql-prisma (@​dependabot[bot])
  • #​13568 chore(deps): bump express and @​nestjs/platform-express in /sample/13-mongo-typeorm (@​dependabot[bot])
  • #​13569 chore(deps): bump express and

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (in timezone Asia/Shanghai)

• Branch creation
  • ""
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pnpm-lock.yaml

Progress: resolved 1, reused 0, downloaded 0, added 0
[WARN] deprecated eslint@8.54.0: This version is no longer supported. Please see https://eslint.org/version-support for other options.
[WARN] deprecated uuid@10.0.0: uuid@10 and below is no longer supported.  For ESM codebases, update to uuid@latest.  For CommonJS codebases, use uuid@11 (but be aware this version will likely be deprecated in 2028).
Progress: resolved 119, reused 0, downloaded 0, added 0
Progress: resolved 138, reused 0, downloaded 0, added 0
Progress: resolved 372, reused 0, downloaded 0, added 0
[ERR_PNPM_NO_MATCHING_VERSION] No matching version found for has@1.0.29 while fetching it from https://registry.npmjs.org/

This error happened while installing the dependencies of @innei/eslint-config-ts@0.11.1
 at eslint-plugin-import@2.28.1

The latest release of has is "1.0.4".

If you need the full list of all 6 published versions run "pnpm view has versions".