Bump express, @nestjs/core, @nestjs/platform-express, @nestjs/swagger and @nestjs/testing in /library-nest-server

[dependabot]

Bumps express to 5.1.0 and updates ancestor dependencies express, @nestjs/core, @nestjs/platform-express, @nestjs/swagger and @nestjs/testing. These dependencies need to be updated together.

Updates express from 4.18.2 to 5.1.0

Release notes

Sourced from express's releases.

v5.1.0

What's Changed

• Update captains by @​UlisesGascon in expressjs/express#6027
• build: Node.js 23.0 by @​bjohansebas in expressjs/express#6075
• Add funding field (v5) by @​bjohansebas in expressjs/express#6064
• ✅ add discarded middleware test by @​ctcpip in expressjs/express#5819
• update homepage link http to https by @​bjohansebas in expressjs/express#5920
• Improve readme by @​bjohansebas in expressjs/express#5994
• Add bjohansebas as repo captain for expressjs.com by @​crandmck in expressjs/express#6058
• Remove Object.setPrototypeOf polyfill by @​Phillip9587 in expressjs/express#6081
• fix(buffer): use node:buffer instead of safe-buffer by @​bhavya3024 in expressjs/express#6071
• docs: Add DCO by @​UlisesGascon in expressjs/express#6048
• cleanup: remove promise support check from tests by @​Phillip9587 in expressjs/express#6148
• Use loop for acceptParams by @​blakeembrey in expressjs/express#6066
• Improve documentation step in release process by @​bjohansebas in expressjs/express#6150
• cleanup: remove unnecessary require for global Buffer by @​Phillip9587 in expressjs/express#6146
• cleanup: remove AsyncLocalStorage check by @​Phillip9587 in expressjs/express#6147
• update history.md for acceptParams change by @​jonchurch in expressjs/express#6177
• docs: add @​rxmarbles to the triage team by @​UlisesGascon in expressjs/express#6151
• refactor: improve readability by @​sazk07 in expressjs/express#6173
• docs: clarify the security process in the triage role by @​bjohansebas in expressjs/express#6217
• chore: replace methods dependency with standard library by @​jonkoops in expressjs/express#6196
• Remove utils-merge dependency - use spread syntax instead by @​Phillip9587 in expressjs/express#6091
• fix(securite): fix vulnerabilities by @​Abdel-Monaam-Aouini in expressjs/express#6211
• refactor: prefix built-in node module imports by @​slagiewka in expressjs/express#6236
• fix: remove download size badges by @​wesleytodd in expressjs/express#6266
• Remove unused depd dependency by @​jonkoops in expressjs/express#6197
• fix: usage of Invalid action input 'persist-credentials' for actions/setup-node@v4 in ci.yml by @​hamirmahal in expressjs/express#6256
• Add support for OSSF scorecard reporting by @​UlisesGascon in expressjs/express#5431
• docs: add @​Phillip9587 to the triage team by @​bjohansebas in expressjs/express#6276
• fix: added a missing semicolon in css styles in examples/auth by @​pr4j3sh in expressjs/express#6297
• docs: include team email in the security policy by @​UlisesGascon in expressjs/express#6278
• refactor: simplify normalizeTypes function by @​Ayoub-Mabrouk in expressjs/express#6097
• ci: updated github actions ci workflow by @​Phillip9587 in expressjs/express#6314
• ci: fix npm install --include typo by @​Phillip9587 in expressjs/express#6324
• ci: updated scorecard actions by @​Phillip9587 in expressjs/express#6322
• build(deps): use carat notation for dependency versions by @​dpopp07 in expressjs/express#6317
• chore(deps): update debug to ^4.4.0 by @​Phillip9587 in expressjs/express#6313
• docs: retroactively note 5.0.0-beta.1 api change in history file by @​dpopp07 in expressjs/express#6333
• feat(deps): body-parser@^2.1.0 by @​wesleytodd in expressjs/express#6332
• feat(deps): router@^2.1.0 by @​wesleytodd in expressjs/express#6331
• Update repo captains by @​UlisesGascon in expressjs/express#6234
• deps: upgrade nyc by @​agungjati in expressjs/express#6122
• fix (deps): update deps by @​wesleytodd in expressjs/express#6337
• response: add support for ETag option in res.sendFile by @​juanarbol in expressjs/express#6073
• Update multiple links to use https instead of http by @​Phillip9587 in expressjs/express#6338
• Extend res.links() to allow adding multiple links with the same rel #2729 by @​andvea in expressjs/express#4885
• docs: update emeritus triagers by @​UlisesGascon in expressjs/express#6345
• docs: update guidance for triager nominations by @​bjohansebas in expressjs/express#6349
• docs: clarify guidelines for becoming a committer by @​bjohansebas in expressjs/express#6364

... (truncated)

Changelog

Sourced from express's changelog.

5.1.0 / 2025-03-31

• Add support for Uint8Array in res.send()
• Add support for ETag option in res.sendFile()
• Add support for multiple links with the same rel in res.links()
• Add funding field to package.json
• perf: use loop for acceptParams
• refactor: prefix built-in node module imports
• deps: remove setprototypeof
• deps: remove safe-buffer
• deps: remove utils-merge
• deps: remove methods
• deps: remove depd
• deps: debug@^4.4.0
• deps: body-parser@^2.2.0
• deps: router@^2.2.0
• deps: content-type@^1.0.5
• deps: finalhandler@^2.1.0
• deps: qs@^6.14.0
• deps: server-static@2.2.0
• deps: type-is@2.0.1

5.0.1 / 2024-10-08

• Update cookie semver lock to address CVE-2024-47764

5.0.0 / 2024-09-10

• remove:
  • path-is-absolute dependency - use path.isAbsolute instead
• breaking:
  • res.status() accepts only integers, and input must be greater than 99 and less than 1000
    • will throw a RangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 1000. for inputs outside this range
    • will throw a TypeError: Invalid status code: ${code}. Status code must be an integer. for non integer inputs
  • deps: send@1.0.0
  • res.redirect('back') and res.location('back') is no longer a supported magic string, explicitly use req.get('Referrer') || '/'.
• change:
  • res.clearCookie will ignore user provided maxAge and expires options
• deps: cookie-signature@^1.2.1
• deps: debug@4.3.6
• deps: merge-descriptors@^2.0.0
• deps: serve-static@^2.1.0
• deps: qs@6.13.0
• deps: accepts@^2.0.0
• deps: mime-types@^3.0.0
  • application/javascript => text/javascript
• deps: type-is@^2.0.0
• deps: content-disposition@^1.0.0

... (truncated)

Commits

• cd7d439 5.1.0
• 4c4f3ea fix(deps): serve-static@^2.2.0 (#6418)
• cb4c56e fix(docs): remove @​mertcanaltin from Triagers (#6408)
• 7b44e1d ci: use full SHAs for github action versions
• eb6d125 deps: router@^2.2.0 (#6417)
• f1a2dc8 deps: type-is@^2.0.1 (#6420)
• 6b51e8e deps: body-parser@^2.2.0 (#6419)
• 1f311c5 build(deps-dev): bump cookie-session from 2.0.0 to 2.1.0 (#6399)
• 9e97144 feat(deps): finalhandler@2.1.0 (#6373)
• 29d0980 build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 (#6397)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates @nestjs/core from 9.3.5 to 11.1.9

Release notes

Sourced from @​nestjs/core's releases.

v11.1.9 (2025-11-14)

Bug fixes

• core
  • #15865 fix(core): make get() throw for implicitly request-scoped trees (@​JoeNutt)

Enhancements

• common
  • #15863 feat(common): add method options to @​sse decorator (@​TomerSteinberg)

Dependencies

• platform-fastify
  • #15899 chore(deps): bump fastify from 5.6.1 to 5.6.2 (@​dependabot[bot])

Committers: 4

• Rami (@​JoeNutt)
• Rhynel Algopera (@​dev-rhynel)
• Tomer Steinberg (@​TomerSteinberg)
• WuMingDao (@​WuMingDao)

v11.1.8 (2025-10-27)

Bug fixes

• core
  • #15815 fix(core): ensure nested transient provider isolation (@​mag123c)
• platform-fastify
  • #15831 fix(fastify): Migrate fastify top-level options to routerOptions (@​kim-sung-jee)

Committers: 2

• JaeHo Jang (@​mag123c)
• Seongjee Kim (@​kim-sung-jee)

v11.1.7 (2025-10-21)

Bug fixes

• microservices
  • #15747 Fix/rmq microservice fanout bind (@​slon2015)
• platform-fastify
  • #15732 fix: correct parameter type in RouteConstraints decorator (@​thedv91)
• core
  • #15571 fix(core): skip lifecycle hooks for non-instantiated transient services (@​mag123c)
• common
  • #15577 Add color allowance check to console logger options (@​kerryChen95)

Enhancements

• common, platform-socket.io, websockets
  • #15543 feat(websockets): allow manual acknowledgement handling with @​Ack() decorator (@​kim-sung-jee)
• common
  • #15705 fix(core): resolve extras in configurable module builder async methods (@​mag123c)
• common, core

... (truncated)

Commits

• 64c8552 chore(@​nestjs) publish v11.1.9 release
• cc50925 fix(core): make get() throw for implicitly request-scoped trees
• 68cd545 chore(@​nestjs) publish v11.1.8 release
• 334012e Merge pull request #15815 from mag123c/fix/transient-nested-dependency-isolation
• 4ffe045 fix(core): ensure nested transient provider isolation
• ee1b347 chore(@​nestjs) publish v11.1.7 release
• 33d6cb5 chore: update readme
• 82b4f07 Merge pull request #15622 from nestjs/renovate/path-to-regexp-8.x
• 5586038 Merge pull request #15503 from mag123c/feat/add-forceconsole-option-to-logger
• fada0a7 Merge pull request #15588 from at7211/feat/enhance-dependency-error-messages
• Additional commits viewable in compare view

Updates @nestjs/platform-express from 9.3.5 to 11.1.9

Release notes

Sourced from @​nestjs/platform-express's releases.

v11.1.9 (2025-11-14)

Bug fixes

• core
  • #15865 fix(core): make get() throw for implicitly request-scoped trees (@​JoeNutt)

Enhancements

• common
  • #15863 feat(common): add method options to @​sse decorator (@​TomerSteinberg)

Dependencies

• platform-fastify
  • #15899 chore(deps): bump fastify from 5.6.1 to 5.6.2 (@​dependabot[bot])

Committers: 4

• Rami (@​JoeNutt)
• Rhynel Algopera (@​dev-rhynel)
• Tomer Steinberg (@​TomerSteinberg)
• WuMingDao (@​WuMingDao)

v11.1.8 (2025-10-27)

Bug fixes

• core
  • #15815 fix(core): ensure nested transient provider isolation (@​mag123c)
• platform-fastify
  • #15831 fix(fastify): Migrate fastify top-level options to routerOptions (@​kim-sung-jee)

Committers: 2

• JaeHo Jang (@​mag123c)
• Seongjee Kim (@​kim-sung-jee)

v11.1.7 (2025-10-21)

Bug fixes

• microservices
  • #15747 Fix/rmq microservice fanout bind (@​slon2015)
• platform-fastify
  • #15732 fix: correct parameter type in RouteConstraints decorator (@​thedv91)
• core
  • #15571 fix(core): skip lifecycle hooks for non-instantiated transient services (@​mag123c)
• common
  • #15577 Add color allowance check to console logger options (@​kerryChen95)

Enhancements

• common, platform-socket.io, websockets
  • #15543 feat(websockets): allow manual acknowledgement handling with @​Ack() decorator (@​kim-sung-jee)
• common
  • #15705 fix(core): resolve extras in configurable module builder async methods (@​mag123c)
• common, core

... (truncated)

Commits

• 64c8552 chore(@​nestjs) publish v11.1.9 release
• 68cd545 chore(@​nestjs) publish v11.1.8 release
• ee1b347 chore(@​nestjs) publish v11.1.7 release
• 33d6cb5 chore: update readme
• fc72d1e fix(deps): update dependency path-to-regexp to v8.3.0
• 35c3ded chore(@​nestjs) publish v11.1.6 release
• 9bb0560 chore(@​nestjs) publish v11.1.5 release
• da24918 chore(deps): bump multer in /packages/platform-express
• 1f101ac chore(@​nestjs) publish v11.1.4 release
• 436e1de style: address linter warnings
• Additional commits viewable in compare view

Updates @nestjs/swagger from 6.2.1 to 11.2.3

Release notes

Sourced from @​nestjs/swagger's releases.

Release 11.2.3

What's Changed

• Revert "fix(plugin): add async modifier when a reference is await import statement" by @​kamilmysliwiec in nestjs/swagger#3633

Full Changelog: nestjs/swagger@11.2.2...11.2.3

Release 11.2.2

11.2.2 (2025-11-16)

Bug fixes

• #3603 fix(plugin): add async modifier when a reference is await import statement (@​seonggukchoi)

Dependencies

• #3593 fix(deps): update dependency swagger-ui-dist to v5.30.2 (@​renovate[bot])
• #3621 fix(deps): update dependency @​microsoft/tsdoc to v0.16.0 (@​renovate[bot])
• #3627 fix(deps): update dependency js-yaml to v4.1.1 [security] (@​renovate[bot])

Committers: 1

• Eric Choi (@​seonggukchoi)

11.2.1

What's Changed

• feat(@​ApiExtension): When used on a controller it applies to all methods by @​drewish in nestjs/swagger#3485
• fix: dont serve pet store definiton on api/api by @​kamilmysliwiec in nestjs/swagger#3585
• fix(deps): update dependency path-to-regexp to v8.3.0 by @​renovate[bot] in nestjs/swagger#3556
• fix(deps): update dependency swagger-ui-dist to v5.29.4 by @​renovate[bot] in nestjs/swagger#3458
• fix: missing ApiProperty enum undefined on array handling by @​pvdspek in nestjs/swagger#3590
• fix(plugin): correct enum+nullable handling for Enum | null (and ar… by @​AliRaZa1121 in nestjs/swagger#3544

New Contributors

• @​pvdspek made their first contribution in nestjs/swagger#3590
• @​AliRaZa1121 made their first contribution in nestjs/swagger#3544

Full Changelog: nestjs/swagger@11.2.0...11.2.1

Release 11.2.0

11.2.0 (2025-05-05)

Enhancements

• #3424 feat(document-builder): add support for setting extensions inside the info object (@​daniseijo)
• #3248 feat(swagger): add extension in SecuritySchemeObject (@​mag123c)

Committers: 2

• Daniel Seijo (@​daniseijo)
• JaeHo Jang (@​mag123c)

Release 11.1.6

11.1.6 (2025-04-30)

... (truncated)

Commits

• ef0173b chore(): release v11.2.3
• 3af1a90 Merge pull request #3633 from nestjs/revert-3603-master
• d80325f Revert "fix(plugin): add async modifier when a reference is await import stat...
• 1f6ac4d chore(deps): update dependency typescript-eslint to v8.47.0 (#3632)
• f95540e chore(): release v11.2.2
• d494c63 Merge pull request #3603 from seonggukchoi/master
• 8e0df77 Merge pull request #3593 from nestjs/renovate/swagger-ui-dist-5.x
• 96ddedb Merge pull request #3609 from nestjs/renovate/cimg-node-24.x
• 16fe10d Merge pull request #3621 from nestjs/renovate/microsoft-tsdoc-0.x
• 0bbff5f Merge pull request #3627 from nestjs/renovate/npm-js-yaml-vulnerability
• Additional commits viewable in compare view

Updates @nestjs/testing from 9.3.5 to 11.1.9

Release notes

Sourced from @​nestjs/testing's releases.

v11.1.9 (2025-11-14)

Bug fixes

• core
  • #15865 fix(core): make get() throw for implicitly request-scoped trees (@​JoeNutt)

Enhancements

• common
  • #15863 feat(common): add method options to @​sse decorator (@​TomerSteinberg)

Dependencies

• platform-fastify
  • #15899 chore(deps): bump fastify from 5.6.1 to 5.6.2 (@​dependabot[bot])

Committers: 4

• Rami (@​JoeNutt)
• Rhynel Algopera (@​dev-rhynel)
• Tomer Steinberg (@​TomerSteinberg)
• WuMingDao (@​WuMingDao)

v11.1.8 (2025-10-27)

Bug fixes

• core
  • #15815 fix(core): ensure nested transient provider isolation (@​mag123c)
• platform-fastify
  • #15831 fix(fastify): Migrate fastify top-level options to routerOptions (@​kim-sung-jee)

Committers: 2

• JaeHo Jang (@​mag123c)
• Seongjee Kim (@​kim-sung-jee)

v11.1.7 (2025-10-21)

Bug fixes

• microservices
  • #15747 Fix/rmq microservice fanout bind (@​slon2015)
• platform-fastify
  • #15732 fix: correct parameter type in RouteConstraints decorator (@​thedv91)
• core
  • #15571 fix(core): skip lifecycle hooks for non-instantiated transient services (@​mag123c)
• common
  • #15577 Add color allowance check to console logger options (@​kerryChen95)

Enhancements

• common, platform-socket.io, websockets
  • #15543 feat(websockets): allow manual acknowledgement handling with @​Ack() decorator (@​kim-sung-jee)
• common
  • #15705 fix(core): resolve extras in configurable module builder async methods (@​mag123c)
• common, core

... (truncated)

Commits

• 64c8552 chore(@​nestjs) publish v11.1.9 release
• 68cd545 chore(@​nestjs) publish v11.1.8 release
• ee1b347 chore(@​nestjs) publish v11.1.7 release
• 33d6cb5 chore: update readme
• 35c3ded chore(@​nestjs) publish v11.1.6 release
• 9bb0560 chore(@​nestjs) publish v11.1.5 release
• 1f101ac chore(@​nestjs) publish v11.1.4 release
• a453b63 fix(core): fix race condition in class dependency resolution
• 1613f50 chore(@​nestjs) publish v11.1.3 release
• 32b5feb chore(@​nestjs) publish v11.1.2 release
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.