fix(deps): update dependency @nestjs/platform-fastify to v11 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@nestjs/platform-fastify (source)	10.4.20 → 11.1.11

GitHub Vulnerability Alerts

CVE-2025-69211

A NestJS application is vulnerable if it meets all of the following criteria:

1. Platform: Uses @nestjs/platform-fastify.
2. Security Mechanism: Relies on NestMiddleware (via MiddlewareConsumer) for security checks (authentication, authorization, etc.), or through app.use()
3. Routing: Applies middleware to specific routes using string paths or controllers (e.g., .forRoutes('admin')).
   Example Vulnerable Config:

// app.module.ts
export class AppModule implements NestModule {
  configure(consumer: MiddlewareConsumer) {
    consumer
      .apply(AuthMiddleware) // Security check
      .forRoutes('admin');   // Vulnerable: Path-based restriction
  }
}

Attack Vector:

• Target Route: /admin
• Middleware Path: admin
• Attack Request: GET /%61dmin
• Result: Middleware is skipped (no match on %61dmin), but controller for /admin is executed.

Consequences:

• Authentication Bypass: Unauthenticated users can access protected routes.
• Authorization Bypass: Restricted administrative endpoints become accessible to lower-privileged users.
• Input Validation Bypass: Middleware performing sanitization or validation can be skipped.

Patches

Patched in @nestjs/platform-fastify@11.1.11

Resources

Credit goes to Hacktron AI for reporting this issue.

---

Release Notes

nestjs/nest (@​nestjs/platform-fastify)

v11.1.11

Compare Source

v11.1.11 (2025-12-29)

Bug fixes

• platform-fastify
  • #​16135 fix(platform-fastify): middie bypassing through decoded chars (@​kamilmysliwiec)
• core
  • #​16133 fix(core): add missing catch handler for forward-ref provider resolution (@​coti-z)

Dependencies

• platform-socket.io
  • #​16125 fix(deps): update dependency socket.io to v4.8.3 (@​renovate[bot])
  • #​16114 chore(deps): bump socket.io from 4.8.1 to 4.8.2 (@​dependabot[bot])
• platform-fastify
  • #​16130 fix(deps): update dependency @​fastify/static to v9 (@​renovate[bot])
• common
  • #​16127 chore(deps): bump file-type from 21.1.1 to 21.2.0 (@​dependabot[bot])

Committers: 3

• Himanshu Gupta (@​manureja64)
• Kamil Mysliwiec (@​kamilmysliwiec)
• coti (@​coti-z)

v11.1.10

Compare Source

v11.1.10 (2025-12-22)

Bug fixes

• core
  • #​16098 fix(core): instantiate nested transient providers in static context (@​mag123c)
  • #​16005 fix(core): resolve all providers when using resolve() with each option (@​malkovitc)
• microservices
  • #​16072 fix(microservices): fix grpc stream method return type (@​shash-hq)
• common
  • #​16077 fix(common): resolve file-type path explicitly (@​shash-hq)
  • #​16013 fix(common): Support fallbackToMimetype without buffer (@​chenjieya)

Enhancements

• common
  • #​16100 fix(common): improve error handling in FileTypeValidator (@​malkovitc)
  • #​16060 feat(common): add message property to file type validator (@​Jo-Minseok)
  • #​16079 fix: enhance ValidationPipe (@​liu-jin-yi)
• core
  • #​15721 feat(core): add Promise support for SSE handlers (@​pythonjsgo)
• microservices
  • #​15975 feat(microservices): add keepalive support for server side (@​OlegStrokan)
• common, core
  • #​15986 feat(core): add option for async logger compatibility (@​mag123c)

Dependencies

• platform-fastify
  • #​16041 fix(deps): update dependency @​fastify/cors to v11.2.0 (@​renovate[bot])
• platform-express
  • #​16002 fix(deps): update dependency express to v5.2.1 (@​renovate[bot])
• common
  • #​15948 chore(deps): bump file-type from 21.1.0 to 21.1.1 (@​dependabot[bot])

Committers: 11

• Alexander (@​pythonjsgo)
• J_Coder (@​Jo-Minseok)
• Luke Son (@​KAPUIST)
• Oleh Strokan (@​OlegStrokan)
• Praveen Somasundaram (@​som14062005)
• Shashank (@​shash-hq)
• @​chenjieya
• @​giorgikakauridze
• @​mag123c
• chernomortsev evgeny (@​malkovitc)
• liu-jin-yi (@​liu-jin-yi)

v11.1.9

Compare Source

v11.1.9 (2025-11-14)

Bug fixes

• core
  • #​15865 fix(core): make get() throw for implicitly request-scoped trees (@​JoeNutt)

Enhancements

• common
  • #​15863 feat(common): add method options to @​sse decorator (@​TomerSteinberg)

Dependencies

• platform-fastify
  • #​15899 chore(deps): bump fastify from 5.6.1 to 5.6.2 (@​dependabot[bot])

Committers: 4

• Rami (@​JoeNutt)
• Rhynel Algopera (@​dev-rhynel)
• Tomer Steinberg (@​TomerSteinberg)
• WuMingDao (@​WuMingDao)

v11.1.8

Compare Source

v11.1.8 (2025-10-27)

Bug fixes

• core
  • #​15815 fix(core): ensure nested transient provider isolation (@​mag123c)
• platform-fastify
  • #​15831 fix(fastify): Migrate fastify top-level options to routerOptions (@​kim-sung-jee)

Committers: 2

• JaeHo Jang (@​mag123c)
• Seongjee Kim (@​kim-sung-jee)

v11.1.7

Compare Source

v11.1.7 (2025-10-21)

Bug fixes

• microservices
  • #​15747 Fix/rmq microservice fanout bind (@​slon2015)
• platform-fastify
  • #​15732 fix: correct parameter type in RouteConstraints decorator (@​thedv91)
• core
  • #​15571 fix(core): skip lifecycle hooks for non-instantiated transient services (@​mag123c)
• common
  • #​15577 Add color allowance check to console logger options (@​kerryChen95)

Enhancements

• common, platform-socket.io, websockets
  • #​15543 feat(websockets): allow manual acknowledgement handling with @​Ack() decorator (@​kim-sung-jee)
• common
  • #​15705 fix(core): resolve extras in configurable module builder async methods (@​mag123c)
• common, core
  • #​15503 feat(common): add force-console option to console logger (@​mag123c)
• core
  • #​15588 fix(core): improve dependency resolution error messages (@​at7211)
• microservices
  • #​15598 feat(errors): add InvalidTcpDataReceptionException for handling TCP receive errors​ (@​ghyghoo8)

Dependencies

• platform-fastify
  • #​15664 chore(deps): bump fastify to 5.6.1 (@​dependabot[bot])
• core, platform-express, platform-fastify
  • #​15622 fix(deps): update dependency path-to-regexp to v8.3.0 (@​renovate[bot])
• common
  • #​15566 chore(deps): bump load-esm from 1.0.2 to 1.0.3 (@​dependabot[bot])

Committers: 9

• Harry (@​thedv91)
• JaeHo Jang (@​mag123c)
• Jay-Chou (@​at7211)
• Kerry (@​kerryChen95)
• Micael Levi L. Cavalcante (@​micalevisk)
• Seongjee Kim (@​kim-sung-jee)
• SerafimGerasimov (@​slon2015)
• @​Olexandr88
• ghy (@​ghyghoo8)

v11.1.6

Compare Source

v11.1.6 (2025-08-07)

Bug fixes

• core
  • #​15504 fix(core): fix race condition in class dependency resolution from imported modules (@​hajekjiri)
  • #​15469 fix(core): attach root inquirer for nested transient providers (@​kamilmysliwiec)
• microservices
  • #​15508 fix(microservices): report correct buffer length in exception (@​kim-sung-jee)
  • #​15492 fix(microservices): fix kafka serilization of class instances (@​LeonBiersch)

Dependencies

• platform-fastify
  • #​15493 chore(deps): bump @​fastify/cors from 11.0.1 to 11.1.0 (@​dependabot[bot])

Committers: 6

• Jiri Hajek (@​hajekjiri)
• Kamil Mysliwiec (@​kamilmysliwiec)
• Leon Biersch (@​LeonBiersch)
• Seongjee Kim (@​kim-sung-jee)
• @​premierbell
• pTr (@​ptrgits)

v11.1.5

Compare Source

v11.1.5 (2025-07-18)

Dependencies

• platform-express
  • #​15425 chore(deps): bump multer from 2.0.1 to 2.0.2 in /packages/platform-express (@​dependabot[bot])

v11.1.4

Compare Source

v11.1.4 (2025-07-16)

Bug fixes

• platform-fastify
  • #​15385 fix(testing): auto-init fastify adapter for middleware registration (@​mag123c)
• core, testing
  • #​15405 fix(core): fix race condition in class dependency resolution (@​hajekjiri)
• core
  • #​15333 fix(core): Make flattenRoutePath return a valid module (@​gentunian)
• microservices
  • #​15305 fix(microservices): Revisit RMQ pattern matching with wildcards (@​getlarge)
  • #​15250 fix(constants): update RMQ_DEFAULT_QUEUE to an empty string (@​EeeasyCode)

Enhancements

• platform-fastify
  • #​14789 feat(fastify): add decorator for custom schema (@​piotrfrankowski)
• common, core, microservices, platform-express, platform-fastify, websockets
  • #​15386 feat: enhance introspection capabilities (@​kamilmysliwiec)
• core
  • #​15374 feat: supporting fine async storage control (@​Farenheith)

Dependencies

• platform-ws
  • #​15350 chore(deps): bump ws from 8.18.2 to 8.18.3 (@​dependabot[bot])
• platform-fastify
  • #​15278 chore(deps): bump fastify from 5.3.3 to 5.4.0 (@​dependabot[bot])

Committers: 11

• Alexey Filippov (@​SocketSomeone)
• EFIcats (@​ext4cats)
• Edouard Maleix (@​getlarge)
• JaeHo Jang (@​mag123c)
• Jiri Hajek (@​hajekjiri)
• Kamil Mysliwiec (@​kamilmysliwiec)
• Khan / 이창민 (@​EeeasyCode)
• Peter F. (@​piotrfrankowski)
• Sebastian (@​gentunian)
• Thiago Oliveira Santos (@​Farenheith)
• jochong (@​jochongs)

v11.1.3

Compare Source

v11.1.3 (2025-06-06)

Bug fixes

• core
  • #​15201 fix(core): gracefully shutdown the app when repl exits (@​dzhlobo)

Enhancements

• common
  • #​15209 feat: add string array type to disposition (@​fjodor-rybakov)
• common, core
  • #​15203 feat(core): defer initialization connected microservice (@​isaryy)

Dependencies

• platform-express
  • #​15232 chore(deps): bump multer from 2.0.0 to 2.0.1 (@​dependabot[bot])

Committers: 3

• Dmitry Zhlobo (@​dzhlobo)
• @​fjodor-rybakov
• @​isaryy

v11.1.2

Compare Source

v11.1.2 (2025-05-26)

Bug fixes

• microservices
  • #​15172 fix(microservices): support custom strategy in async usefactory config (@​mag123c)
  • #​15166 fix(microservice): prevent error logs during redis client shutdown (@​janroker)

Dependencies

• common
  • #​15185 chore(deps): bump file-type from 20.5.0 to 21.0.0 (@​dependabot[bot])
• platform-express
  • #​15159 chore(deps): bump multer from 1.4.5-lts.2 to 2.0.0 (@​dependabot[bot])

Committers: 2

• JaeHo Jang (@​mag123c)
• Jan Roček (@​janroker)

v11.1.1

Compare Source

v11.1.1 (2025-05-14)

Bug fixes

• core
  • #​15056 fix(core): HTTP adapter error mapping (@​maxbronnikov10)
• microservices
  • #​15062 fix(microservices): ensure all redis and amqp client closes properly (@​yatin166)
  • #​15032 fix(microservices): ensure all the amqp connections are closed properly (@​yatin166)
  • #​15020 fix(microservices): ensure all redis connections are closed (@​yatin166)
• core, platform-fastify
  • #​15061 fix(core): bring back getHeader and appendHeader methods from AbstractHttpAdapter (@​micalevisk)
• platform-express
  • #​15010 feat: remove use of pipeline (@​jmcdo29)

Enhancements

• microservices
  • #​14606 feat(microservices): add specific transport id to microservices (@​maxbronnikov10)
  • #​15057 feat(microservices): Allow custom exchangeType as string for plugin compatibility (@​ChangmoKang)
  • #​15072 feat(microservices): Add exchange arguments to RabbitMQ (@​gapon2401)

Dependencies

• platform-fastify
  • #​15129 chore(deps): bump fastify from 5.3.2 to 5.3.3 (@​dependabot[bot])
• platform-ws
  • #​15068 chore(deps): bump ws from 8.18.1 to 8.18.2 (@​dependabot[bot])
• common
  • #​15029 chore(deps): bump file-type from 20.4.1 to 20.5.0 (@​dependabot[bot])

Committers: 7

• Antonio Tripodi (@​Tony133)
• Changmo Kang (Ryan) (@​ChangmoKang)
• Igor Gaponov (@​gapon2401)
• Jackie McDoniel (@​jmcdo29)
• Maxim Bronnikov (@​maxbronnikov10)
• Micael Levi L. Cavalcante (@​micalevisk)
• Yatin Gaikwad (@​yatin166)

v11.1.0

Compare Source

v11.1.0 (2025-04-23)

Enhancements

• microservices
  • #​14540 feat(microservices): add support for topic exchange (rabbitmq) (@​kamilmysliwiec)

Committers: 1

• Kamil Mysliwiec (@​kamilmysliwiec)

v11.0.21

Compare Source

v11.0.21 (2025-04-23)

Enhancements

• common
  • #​14995 feat(common): Add fallbackToMimetype support in FileTypeValidator (@​mag123c)

Dependencies

• platform-fastify
  • #​14989 fix(deps): update dependency fastify to v5.3.2 [security] (@​renovate[bot])

Committers: 1

• JaeHo Jang (@​mag123c)

v11.0.20

Compare Source

What's Changed

• refactor(common): Prevent JavaScript being wrapped in eval by @​Borewit in #​14974

New Contributors

• @​Borewit made their first contribution in #​14974

Full Changelog: nestjs/nest@v11.0.19...v11.0.20

v11.0.19

Compare Source

v11.0.18

Compare Source

What's Changed

• chore(common): temporarily move file-type to regular deps d9a69a3

Full Changelog: nestjs/nest@v11.0.17...v11.0.18

v11.0.17

Compare Source

v11.0.16

Compare Source

v11.0.16 (2025-04-11)

• fix(common): use file-type to validate file mimetypes by @​Chathula in #​14881

v11.0.15

Compare Source

v11.0.15 (2025-04-10)

Bug fixes

• platform-fastify
  • #​14935 fix(fastify): methods comparison (@​johaven)

Committers: 1

• Johan Legrand (@​johaven)

v11.0.14

Compare Source

v11.0.14 (2025-04-09)

Bug fixes

• platform-fastify
  • #​14511 fix(fastify): adds the non-standard http methods to the instance (@​johaven)

Committers: 1

• Johan Legrand (@​johaven)

v11.0.13

Compare Source

v11.0.13 (2025-04-03)

Bug fixes

• platform-fastify
  • #​14895 fix(fastify-adapter): global prefix exclusion path handling w/middleware (@​KyleLilly)
• microservices
  • #​14869 fix(microservices): do not re-create client connection once get client by service name (@​mingo023)

Dependencies

• platform-express
  • #​14883 fix(deps): update dependency express to v5.1.0 (@​renovate[bot])
  • #​14817 fix(deps): update dependency multer to v1.4.5-lts.2 (@​renovate[bot])
• platform-fastify
  • #​14861 fix(deps): update dependency fastify to v5.2.2 (@​renovate[bot])
  • #​14864 chore(deps): bump @​fastify/cors from 11.0.0 to 11.0.1 (@​dependabot[bot])

Committers: 2

• Kyle Lilly (@​KyleLilly)
• Minh Ngo (@​mingo023)

v11.0.12

Compare Source

v11.0.12 (2025-03-19)

Bug fixes

• core
  • #​14803 fix(core): infinite loop on broken circular reference (@​kamilmysliwiec)
  • #​14792 dependencies not resolving for request-scoped lazy providers (@​anizozina)

Enhancements

• core
  • #​14802 feat(core): add options to the legacy route converter (@​kamilmysliwiec)

v11.0.11

Compare Source

v11.0.11 (2025-02-28)

Enhancements

• platform-fastify
  • #​14677 perf: Switch deprecated parser querystring for fast-querystring (@​smith558)

Dependencies

• platform-fastify
  • #​14711 fix(deps): update dependency @​fastify/cors to v11 (@​renovate[bot])
• platform-ws
  • #​14689 chore(deps): bump ws from 8.18.0 to 8.18.1 (@​dependabot[bot])

Committers: 1

• Stanislav (Stanley) Modrak (@​smith558)

v11.0.10

Compare Source

v11.0.10 (2025-02-17)

Bug fixes

• microservices
  • #​14605 fix(microservices): server send drops emitted value (@​shprota)
• platform-express
  • #​14640 fix(platform-express) respect custom parser middlewares in Express 5 (@​luddwichr)

v11.0.9

Compare Source

v11.0.9 (2025-02-10)

Bug fixes

• core
  • #​14597 perf(core): use topology tree for calculating distance (depth) (@​kamilmysliwiec)
• common
  • #​14579 fix(common): revert to original value (swc builders regression) (@​kamilmysliwiec)

Committers: 2

• Kamil Mysliwiec (@​kamilmysliwiec)

v11.0.8

Compare Source

v11.0.8 (2025-02-06)

Bug fixes

• common
  • #​14546 fix(common): addLeadingSlash optional group support (@​dcharbonnier)
• platform-express
  • #​14574 fix(platform-express) make check for existing middlewares work with Express 5 (@​luddwichr)

Committers: 4

• Ghassen Rjab (@​GhassenRjab)
• Shay Molcho (@​shaymolcho)
• @​dcharbonnier
• @​luddwichr

v11.0.7

Compare Source

v11.0.7 (2025-01-31)

Bug fixes

• core
  • #​14523 fix: middleware sort issues (@​rbnayax)

Committers: 1

• @​rbnayax

v11.0.6

Compare Source

v11.0.6 (2025-01-27)

Bug fixes

• core
  • #​14522 fix(core): allow optional named wildcard groups (@​kamilmysliwiec)

Committers: 1

• Kamil Mysliwiec (@​kamilmysliwiec)

v11.0.5

Compare Source

v11.0.5 (2025-01-23)

Bug fixes

• core
  • #​14495 fix(core): global module middleware should be executed first (@​kamilmysliwiec)

Committers: 1

• Kamil Mysliwiec (@​kamilmysliwiec)

v11.0.4

Compare Source

v11.0.3

Compare Source

v11.0.2

Compare Source

v11.0.1

Compare Source

v11.0.0

Compare Source

v11.0.0 (2025-01-16)

Article: https://trilon.io/blog/announcing-nestjs-11-whats-new
Migration guide: https://docs.nestjs.com/migration-guide 👈 👈 👈

⚠️ Node v16 and v18 are no longer supported (>= v20 is required).

Features

• common, core, microservices
  • #​14142 feat(microservices): add status, unwrap, on methods to microservice transporters (clients/servers) (@​kamilmysliwiec)
• • #​14121 feat(common): add json logger, built-in logger improvements (@​kamilmysliwiec)
• common, core
  • #​13336 feat(core): introduce different module opaque key factories (improve bootstrap performance) (@​kamilmysliwiec)
• common, core, microservices, platform-express, platform-fastify, platform-socket.io, platform-ws, testing, websockets
  • #​14238 chore(deps): upgrade to express v5, fastify v5, add legacy route path converter to minimize breaking changes (@​kamilmysliwiec)

Enhancements

• common
  • #​14213 feat(common): add error messages for file validators (@​mag123c)
  • #​14131 feat(common): allow passing number to http error createBody (@​kamilmysliwiec)
  • #​14122 feat(common): add ParseDatePipe, add tsdoc to other pipes (@​kamilmysliwiec)
  • #​12735 feat(common)!: type narrowing allowed injection tokens for @Inject() (@​micalevisk)
  • #​12764 fix(common): apply options to plaintoclass in classserializerinterceptor (@​kmw14641)
  • #​14126 fix(common): type narrowing context parameter on createParamDecorator's callback (@​EeeasyCode)
  • #​13628 chore(class-transformer): plainToClass is deprectated and replaced with plainToInstance (@​tomflorentin)
• microservices
  • #​14200 feat(microservices): support nats queue per handler (@​kamilmysliwiec)
  • #​13924 feat(microservices): add gracefull shutdown option for nats server (@​alinowrouzii)
  • #​12622 feat: allow for microservice options to come from the di container (@​jmcdo29)
  • #​14134 feat(microservices): add max tcp packet buffer length (@​kamilmysliwiec)
  • #​12761 feat(microservices): ability to use a random port for the TCP server (@​PieterScheffers)
• websockets
  • #​14184 feat(websockets): include exception cause to associate error with req (@​kamilmysliwiec)
• common, core, microservices, websockets
  • #​14182 feat(common): introduce intrinsic exception (@​kamilmysliwiec)
• common, core, platform-fastify
  • #​13278 feat(core,common,platform-fastify): add webdav http methods support (@​johaven)
• platform-express
  • #​13407 feat: add multer error fieldname to the exception message (@​mmgroner)
• platform-ws
  • #​14127 feat(ws): introduce message parser for ws adapter (@​CodyTseng)
• platform-fastify
  • #​14115 chore(fastify): update fastify view options interface (@​Tony133)
  • #​14116 refactor(fastify): update fastify static options interface (@​Tony133)
• common, core
  • #​14113 feat(core): allow overriding abortOnError for the select method (@​kamilmysliwiec)

Bug fixes

• core
  • #​14267 fix shutdown hooks order (@​flovouin)
  • #​13388 correction of Reflector types (@​AlexRMU)
  • #​14110 fix(core): Calculate module distance after bindGlobalScope (@​wenlong-chen)
  • #​14111 fix(core): Order of module destroy should be the reverse of module init (@​wenlong-chen)
  • #​14097 fix(core): revisit dependencies w/ possibly higher distance (@​clkamp)
• platform-fastify
  • #​13797 fix(fastify-adapter): middleware not executed when root path is excluded (@​patrickacioli)
• microservices
  • #​14129 fix: rabbitmq bindings and auto-generated queues (@​EeeasyCode)
  • #​14112 fix(microservices): use instance refs for target handler callbacks (@​kamilmysliwiec)
  • #​13468 fix(microservices): delete unnecessary call of grpcClient.start (@​kamilmysliwiec)
• common
  • #​14114 fix(common)!: drop broken support for promises on exports of modules (@​micalevisk)

Other packages in the ecosystem

• config (breaking changes)
  • https://github.com/nestjs/config/releases/tag/4.0.0
• cli
  • https://github.com/nestjs/nest-cli/releases/tag/11.0.0
• cache-manager (breaking changes)
  • https://github.com/nestjs/cache-manager/releases/tag/3.0.0
• cqrs
  • https://github.com/nestjs/cqrs/releases/tag/11.0.0

Dependencies

• Other
  • #​14205 chore(dev-deps): upgrade to eslint v9 (@​kamilmysliwiec)
  • #​14428 fix(deps): update dependency mercurius to v16.0.1 (@​renovate[bot])
  • #​14424 fix(deps): update dependency mongoose to v8.9.5 (@​renovate[bot])
  • #​14410 fix(deps): update dependency @​fastify/static to v8.0.4 (@​renovate[bot])
  • #​14411 fix(deps): update dependency @​fastify/view to v10.0.2 (@​renovate[bot])
  • #​14403 chore(deps): update dependency nats to v2.29.1 (@​renovate[bot])
  • #​14400 fix(deps): update dependency ansis to v3.8.1 (@​renovate[bot])
  • #​14337 chore(deps): update dependency @​fastify/multipart to v9.0.2 (@​renovate[bot])
  • #​14415 fix(deps): update dependency mercurius to v16 (@​renovate[bot])
  • #​14397 chore(deps): update dependency webpack-cli to v6 (@​renovate[bot])
  • #​14384 fix(deps): update dependency typescript to v5.7.3 (@​renovate[bot])
  • #​14378 chore(deps): update dependency core-js to v3.40.0 (@​renovate[bot])
  • #​14377 chore(deps): update dependency @​eslint/js to v9.17.0 (@​renovate[bot])
  • #​14375 chore(deps): update dependency @​grpc/grpc-js to v1.12.5 (@​renovate[bot])
  • #​14370 chore(deps): update dependency ioredis to v5.4.2 (@​renovate[bot])
  • #​14197 chore(deps-dev): bump @​fastify/static from 7.0.4 to 8.0.3 (@​dependabot[bot])
  • #​14345 chore(deps): update dependency eslint to v9 (@​renovate[bot])
  • #​14324 fix(deps): update dependency @​socket.io/redis-adapter to v8.3.0 (@​renovate[bot])
  • #​14363 chore(deps): bump @​fastify/cors from 9.0.1 to 10.0.2 (@​dependabot[bot])
  • #​14354 chore(deps-dev): bump cache-manager from 5.7.6 to 6.3.2 (@​dependabot[bot])
  • #​14021 chore(deps-dev): bump @​fastify/view from 9.1.0 to 10.0.1 (@​dependabot[bot])
  • #​14326 fix(deps): update dependency mongodb to v6.12.0 (@​renovate[bot])
  • #​14307 fix(deps): update dependency @​grpc/grpc-js to v1.12.4 (@​renovate[bot])
• platform-fastify
  • #​14402 fix(deps): update dependency @​fastify/middie to v9.0.3 (@​renovate[bot])
  • #​14401 fix(deps): update dependency @​fastify/formbody to v8.0.2 (@​renovate[bot])
  • #​14387 fix(deps): update dependency light-my-request to v6.5.1 (@​renovate[bot])
  • #​13990 feat(platform-fastify): added support for Fastify v5 (@​Tony133)

Committers: 22

• Alex (@​AlexRMU)
• Ali Nowrouzi (@​alinowrouzii)
• Antonio Tripodi (@​Tony133)
• Christian Lütke-Stetzkamp (@​clkamp)
• Cody Tseng (@​CodyTseng)
• Flo (@​flovouin)
• Harel Danieli (@​Hareloo)
• Jackie McDoniel (@​jmcdo29)
• JaeHo Jang (@​mag123c)
• Johaven (@​johaven)
• Kamil Mysliwiec (@​kamilmysliwiec)
• Khan / 이창민 (@​EeeasyCode)
• Max Katz (@​maxktz)
• Mendel Groner (@​mmgroner)
• Micael Levi L. Cavalcante (@​micalevisk)
• Mitchell (@​Mittcio)
• Patrick Acioli (@​patrickacioli)
• Pieter Scheffers (@​PieterScheffers)
• @​bestlyg
• @​kmw14641
• @​tomflorentin
• @​wenlong-chen

v10.4.22

Compare Source

What's Changed

• fix(express): Update body-parser to 1.20.4 for CVE-2025-15284 by @​Xilis in #​16178

Full Changelog: nestjs/nest@v10.4.21...v10.4.22

v10.4.21

Compare Source

What's Changed

• fix(express): Update express to 4.22.1 to address CVE-2025-15284 by @​Xilis in #​16157

New Contributors

• @​Xilis made their first contribution in #​16157

Full Changelog: nestjs/nest@v10.4.20...v10.4.21

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.