Bump qs, @nestjs/core, @nestjs/event-emitter, @nestjs/platform-express, @nestjs/schedule, @nestjs/swagger and @nestjs/testing

[dependabot]

Bumps qs to 6.14.1 and updates ancestor dependencies qs, @nestjs/core, @nestjs/event-emitter, @nestjs/platform-express, @nestjs/schedule, @nestjs/swagger and @nestjs/testing. These dependencies need to be updated together.

Updates qs from 6.13.0 to 6.14.1

Changelog

Sourced from qs's changelog.

6.14.1

• [Fix] ensure arrayLength applies to [] notation as well
• [Fix] parse: when a custom decoder returns null for a key, ignore that key
• [Refactor] parse: extract key segment splitting helper
• [meta] add threat model
• [actions] add workflow permissions
• [Tests] stringify: increase coverage
• [Dev Deps] update eslint, @ljharb/eslint-config, npmignore, es-value-fixtures, for-each, object-inspect

6.14.0

• [New] parse: add throwOnParameterLimitExceeded option (#517)
• [Refactor] parse: use utils.combine more
• [patch] parse: add explicit throwOnLimitExceeded default
• [actions] use shared action; re-add finishers
• [meta] Fix changelog formatting bug
• [Deps] update side-channel
• [Dev Deps] update es-value-fixtures, has-bigints, has-proto, has-symbols
• [Tests] increase coverage

6.13.1

• [Fix] stringify: avoid a crash when a filter key is null
• [Fix] utils.merge: functions should not be stringified into keys
• [Fix] parse: avoid a crash with interpretNumericEntities: true, comma: true, and iso charset
• [Fix] stringify: ensure a non-string filter does not crash
• [Refactor] use __proto__ syntax instead of Object.create for null objects
• [Refactor] misc cleanup
• [Tests] utils.merge: add some coverage
• [Tests] fix a test case
• [actions] split out node 10-20, and 20+
• [Dev Deps] update es-value-fixtures, mock-property, object-inspect, tape

Commits

• 3fa11a5 v6.14.1
• a626704 [Dev Deps] update npmignore
• 3086902 [Fix] ensure arrayLength applies to [] notation as well
• fc7930e [Dev Deps] update eslint, @ljharb/eslint-config
• 0b06aac [Dev Deps] update @ljharb/eslint-config
• 64951f6 [Refactor] parse: extract key segment splitting helper
• e1bd259 [Dev Deps] update @ljharb/eslint-config
• f4b3d39 [eslint] add eslint 9 optional peer dep
• 6e94d95 [Dev Deps] update eslint, @ljharb/eslint-config, npmignore
• 973dc3c [actions] add workflow permissions
• Additional commits viewable in compare view

Updates @nestjs/core from 10.4.20 to 11.1.11

Release notes

Sourced from @​nestjs/core's releases.

v11.1.11 (2025-12-29)

Bug fixes

• platform-fastify
  • #16135 fix(platform-fastify): middie bypassing through decoded chars (@​kamilmysliwiec)
• core
  • #16133 fix(core): add missing catch handler for forward-ref provider resolution (@​coti-z)

Dependencies

• platform-socket.io
  • #16125 fix(deps): update dependency socket.io to v4.8.3 (@​renovate[bot])
  • #16114 chore(deps): bump socket.io from 4.8.1 to 4.8.2 (@​dependabot[bot])
• platform-fastify
  • #16130 fix(deps): update dependency @​fastify/static to v9 (@​renovate[bot])
• common
  • #16127 chore(deps): bump file-type from 21.1.1 to 21.2.0 (@​dependabot[bot])

Committers: 3

• Himanshu Gupta (@​manureja64)
• Kamil Mysliwiec (@​kamilmysliwiec)
• coti (@​coti-z)

v11.1.10 (2025-12-22)

Bug fixes

• core
  • #16098 fix(core): instantiate nested transient providers in static context (@​mag123c)
  • #16005 fix(core): resolve all providers when using resolve() with each option (@​malkovitc)
• microservices
  • #16072 fix(microservices): fix grpc stream method return type (@​shash-hq)
• common
  • #16077 fix(common): resolve file-type path explicitly (@​shash-hq)
  • #16013 fix(common): Support fallbackToMimetype without buffer (@​chenjieya)

Enhancements

• common
  • #16100 fix(common): improve error handling in FileTypeValidator (@​malkovitc)
  • #16060 feat(common): add message property to file type validator (@​Jo-Minseok)
  • #16079 fix: enhance ValidationPipe (@​liu-jin-yi)
• core
  • #15721 feat(core): add Promise support for SSE handlers (@​pythonjsgo)
• microservices
  • #15975 feat(microservices): add keepalive support for server side (@​OlegStrokan)
• common, core
  • #15986 feat(core): add option for async logger compatibility (@​mag123c)

Dependencies

• platform-fastify
  • #16041 fix(deps): update dependency @​fastify/cors to v11.2.0 (@​renovate[bot])
• platform-express

... (truncated)

Commits

• 585f55f chore: revert lerna version
• fef323b chore(release): publish v11.1.11 release
• 15198c6 fix(core): add missing catch handler for forward-ref provider resolution
• de5e026 chore(@​nestjs) publish v11.1.10 release
• 2c5221d refactor(core): improve is-static method readability
• 351f977 fix(core): instantiate nested transient providers in static context
• 61d728b style: address linter errors
• a0d79d8 Merge pull request #15721 from pythonjsgo/feat/sse-promise-support
• adff255 Merge pull request #16005 from malkovitc/fix/resolve-each-multiple-providers
• 3cbf281 test(core): Add tests for SilentLogger utility
• Additional commits viewable in compare view

Updates @nestjs/event-emitter from 2.1.1 to 3.0.1

Release notes

Sourced from @​nestjs/event-emitter's releases.

Release 3.0.1

• fix: provide separate event emitter instance per each app instance (7787c5e)

Release 3.0.0

Changelog

• chore(deps): update nest monorepo to v11 (cdd456d)
• feat: added durable support for event subscriber (8dedefb)

Commits

• a3c1d8d chore(): release v3.0.1
• 2251542 Merge pull request #1411 from fullstackhouse/separate-event-emitter-for-each-...
• 7787c5e fix: provide separate event emitter instance per each app instance
• b8abf27 chore(deps): update dependency ts-jest to v29.2.6 (#1410)
• 4b39f02 chore(deps): update dependency rxjs to v7.8.2 (#1409)
• 8311941 chore(deps): update dependency prettier to v3.5.2 (#1408)
• f3cfc92 chore(deps): update eslint monorepo to v9.21.0 (#1407)
• aee3f01 chore(deps): update dependency @​types/node to v22.13.5 (#1406)
• 89689f9 chore(deps): update typescript-eslint monorepo to v8.24.1 (#1405)
• 4651996 chore(deps): update nest monorepo to v11.0.10 (#1404)
• Additional commits viewable in compare view

Updates @nestjs/platform-express from 10.4.20 to 11.1.11

Release notes

Sourced from @​nestjs/platform-express's releases.

v11.1.11 (2025-12-29)

Bug fixes

• platform-fastify
  • #16135 fix(platform-fastify): middie bypassing through decoded chars (@​kamilmysliwiec)
• core
  • #16133 fix(core): add missing catch handler for forward-ref provider resolution (@​coti-z)

Dependencies

• platform-socket.io
  • #16125 fix(deps): update dependency socket.io to v4.8.3 (@​renovate[bot])
  • #16114 chore(deps): bump socket.io from 4.8.1 to 4.8.2 (@​dependabot[bot])
• platform-fastify
  • #16130 fix(deps): update dependency @​fastify/static to v9 (@​renovate[bot])
• common
  • #16127 chore(deps): bump file-type from 21.1.1 to 21.2.0 (@​dependabot[bot])

Committers: 3

• Himanshu Gupta (@​manureja64)
• Kamil Mysliwiec (@​kamilmysliwiec)
• coti (@​coti-z)

v11.1.10 (2025-12-22)

Bug fixes

• core
  • #16098 fix(core): instantiate nested transient providers in static context (@​mag123c)
  • #16005 fix(core): resolve all providers when using resolve() with each option (@​malkovitc)
• microservices
  • #16072 fix(microservices): fix grpc stream method return type (@​shash-hq)
• common
  • #16077 fix(common): resolve file-type path explicitly (@​shash-hq)
  • #16013 fix(common): Support fallbackToMimetype without buffer (@​chenjieya)

Enhancements

• common
  • #16100 fix(common): improve error handling in FileTypeValidator (@​malkovitc)
  • #16060 feat(common): add message property to file type validator (@​Jo-Minseok)
  • #16079 fix: enhance ValidationPipe (@​liu-jin-yi)
• core
  • #15721 feat(core): add Promise support for SSE handlers (@​pythonjsgo)
• microservices
  • #15975 feat(microservices): add keepalive support for server side (@​OlegStrokan)
• common, core
  • #15986 feat(core): add option for async logger compatibility (@​mag123c)

Dependencies

• platform-fastify
  • #16041 fix(deps): update dependency @​fastify/cors to v11.2.0 (@​renovate[bot])
• platform-express

... (truncated)

Commits

• 585f55f chore: revert lerna version
• fef323b chore(release): publish v11.1.11 release
• de5e026 chore(@​nestjs) publish v11.1.10 release
• 8f0840a test(express): Add tests for getBodyParserOptions utility
• 0c93692 chore: update prettier
• 0430f3f chore: resolve conflicts
• 5045fea chore: update eslint monorepo
• cacc3e7 fix(deps): update dependency express to v5.2.1
• 2703aad chore(deps): bump express in /packages/platform-express
• 64c8552 chore(@​nestjs) publish v11.1.9 release
• Additional commits viewable in compare view

Updates @nestjs/schedule from 4.1.2 to 6.1.0

Release notes

Sourced from @​nestjs/schedule's releases.

Release 6.1.0

What's Changed

• feat(module): add forRootAsync method to allow async module registration by @​daanhegger in nestjs/schedule#2142
• fix(deps): update dependency cron to v4.3.5 by @​renovate[bot] in nestjs/schedule#2133

New Contributors

• @​daanhegger made their first contribution in nestjs/schedule#2142

Full Changelog: nestjs/schedule@6.0.1...6.1.0

6.0.1

What's Changed

• Add threshold to CronOptions by @​arjunatlightspeed in nestjs/schedule#2085
• refactor : clear jobs before application shutdown by @​spotlight21c in nestjs/schedule#2053
• fix(deps): update dependency cron to v4.3.3 by @​renovate[bot] in nestjs/schedule#2001

New Contributors

• @​arjunatlightspeed made their first contribution in nestjs/schedule#2085
• @​spotlight21c made their first contribution in nestjs/schedule#2053

Full Changelog: nestjs/schedule@6.0.0...6.0.1

Release 6.0.0

What's Changed

• fix(deps): update dependency cron to v4 by @​renovate in nestjs/schedule#1899

Full Changelog: nestjs/schedule@5.0.1...6.0.0

Release 5.0.1

What's Changed

• feat: add waitForCompletion for cronjobs to disable concurrent running cronjobs by @​thomaschaaf in nestjs/schedule#1870

New Contributors

• @​thomaschaaf made their first contribution in nestjs/schedule#1870

Full Changelog: nestjs/schedule@5.0.0...5.0.1

Release 5.0.0

Breaking changes

• requires Node >= v20

Changelog

• fix(deps): update dependency cron to v3.5.0 (ae6c43c)
• chore(deps): update nest monorepo to v11 (41d8cdb)
• chore(deps): Use crypto.randomUUID() instead of uuid module (58f795d)

Commits

• 76b802b chore(): release v6.1.0
• 4973da5 Merge pull request #2124 from nestjs/renovate/cimg-node-24.x
• dca5b7c Merge pull request #2133 from nestjs/renovate/cron-4.x
• 7c00b0b Merge pull request #2142 from daanhegger/add-async-for-root
• 8ee5a5a chore(deps): update commitlint monorepo to v20.2.0 (#2151)
• b911f17 fix(deps): update dependency cron to v4.3.5
• 56ed372 chore(deps): update dependency prettier to v3.7.4 (#2150)
• 52f5c45 chore(deps): update dependency typescript-eslint to v8.48.1 (#2149)
• 7fa5d15 chore(deps): update dependency ts-jest to v29.4.6 (#2148)
• 056a618 chore(deps): update dependency prettier to v3.7.3 (#2147)
• Additional commits viewable in compare view

Updates @nestjs/swagger from 7.4.2 to 11.2.3

Release notes

Sourced from @​nestjs/swagger's releases.

Release 11.2.3

What's Changed

• Revert "fix(plugin): add async modifier when a reference is await import statement" by @​kamilmysliwiec in nestjs/swagger#3633

Full Changelog: nestjs/swagger@11.2.2...11.2.3

Release 11.2.2

11.2.2 (2025-11-16)

Bug fixes

• #3603 fix(plugin): add async modifier when a reference is await import statement (@​seonggukchoi)

Dependencies

• #3593 fix(deps): update dependency swagger-ui-dist to v5.30.2 (@​renovate[bot])
• #3621 fix(deps): update dependency @​microsoft/tsdoc to v0.16.0 (@​renovate[bot])
• #3627 fix(deps): update dependency js-yaml to v4.1.1 [security] (@​renovate[bot])

Committers: 1

• Eric Choi (@​seonggukchoi)

11.2.1

What's Changed

• feat(@​ApiExtension): When used on a controller it applies to all methods by @​drewish in nestjs/swagger#3485
• fix: dont serve pet store definiton on api/api by @​kamilmysliwiec in nestjs/swagger#3585
• fix(deps): update dependency path-to-regexp to v8.3.0 by @​renovate[bot] in nestjs/swagger#3556
• fix(deps): update dependency swagger-ui-dist to v5.29.4 by @​renovate[bot] in nestjs/swagger#3458
• fix: missing ApiProperty enum undefined on array handling by @​pvdspek in nestjs/swagger#3590
• fix(plugin): correct enum+nullable handling for Enum | null (and ar… by @​AliRaZa1121 in nestjs/swagger#3544

New Contributors

• @​pvdspek made their first contribution in nestjs/swagger#3590
• @​AliRaZa1121 made their first contribution in nestjs/swagger#3544

Full Changelog: nestjs/swagger@11.2.0...11.2.1

Release 11.2.0

11.2.0 (2025-05-05)

Enhancements

• #3424 feat(document-builder): add support for setting extensions inside the info object (@​daniseijo)
• #3248 feat(swagger): add extension in SecuritySchemeObject (@​mag123c)

Committers: 2

• Daniel Seijo (@​daniseijo)
• JaeHo Jang (@​mag123c)

Release 11.1.6

11.1.6 (2025-04-30)

... (truncated)

Commits

• ef0173b chore(): release v11.2.3
• 3af1a90 Merge pull request #3633 from nestjs/revert-3603-master
• d80325f Revert "fix(plugin): add async modifier when a reference is await import stat...
• 1f6ac4d chore(deps): update dependency typescript-eslint to v8.47.0 (#3632)
• f95540e chore(): release v11.2.2
• d494c63 Merge pull request #3603 from seonggukchoi/master
• 8e0df77 Merge pull request #3593 from nestjs/renovate/swagger-ui-dist-5.x
• 96ddedb Merge pull request #3609 from nestjs/renovate/cimg-node-24.x
• 16fe10d Merge pull request #3621 from nestjs/renovate/microsoft-tsdoc-0.x
• 0bbff5f Merge pull request #3627 from nestjs/renovate/npm-js-yaml-vulnerability
• Additional commits viewable in compare view

Updates @nestjs/testing from 10.4.20 to 11.1.11

Release notes

Sourced from @​nestjs/testing's releases.

v11.1.11 (2025-12-29)

Bug fixes

• platform-fastify
  • #16135 fix(platform-fastify): middie bypassing through decoded chars (@​kamilmysliwiec)
• core
  • #16133 fix(core): add missing catch handler for forward-ref provider resolution (@​coti-z)

Dependencies

• platform-socket.io
  • #16125 fix(deps): update dependency socket.io to v4.8.3 (@​renovate[bot])
  • #16114 chore(deps): bump socket.io from 4.8.1 to 4.8.2 (@​dependabot[bot])
• platform-fastify
  • #16130 fix(deps): update dependency @​fastify/static to v9 (@​renovate[bot])
• common
  • #16127 chore(deps): bump file-type from 21.1.1 to 21.2.0 (@​dependabot[bot])

Committers: 3

• Himanshu Gupta (@​manureja64)
• Kamil Mysliwiec (@​kamilmysliwiec)
• coti (@​coti-z)

v11.1.10 (2025-12-22)

Bug fixes

• core
  • #16098 fix(core): instantiate nested transient providers in static context (@​mag123c)
  • #16005 fix(core): resolve all providers when using resolve() with each option (@​malkovitc)
• microservices
  • #16072 fix(microservices): fix grpc stream method return type (@​shash-hq)
• common
  • #16077 fix(common): resolve file-type path explicitly (@​shash-hq)
  • #16013 fix(common): Support fallbackToMimetype without buffer (@​chenjieya)

Enhancements

• common
  • #16100 fix(common): improve error handling in FileTypeValidator (@​malkovitc)
  • #16060 feat(common): add message property to file type validator (@​Jo-Minseok)
  • #16079 fix: enhance ValidationPipe (@​liu-jin-yi)
• core
  • #15721 feat(core): add Promise support for SSE handlers (@​pythonjsgo)
• microservices
  • #15975 feat(microservices): add keepalive support for server side (@​OlegStrokan)
• common, core
  • #15986 feat(core): add option for async logger compatibility (@​mag123c)

Dependencies

• platform-fastify
  • #16041 fix(deps): update dependency @​fastify/cors to v11.2.0 (@​renovate[bot])
• platform-express

... (truncated)

Commits

• 585f55f chore: revert lerna version
• fef323b chore(release): publish v11.1.11 release
• de5e026 chore(@​nestjs) publish v11.1.10 release
• 5045fea chore: update eslint monorepo
• 64c8552 chore(@​nestjs) publish v11.1.9 release
• 68cd545 chore(@​nestjs) publish v11.1.8 release
• ee1b347 chore(@​nestjs) publish v11.1.7 release
• 33d6cb5 chore: update readme
• 35c3ded chore(@​nestjs) publish v11.1.6 release
• 9bb0560 chore(@​nestjs) publish v11.1.5 release
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.