Skip to content

Release 11.28.1#565

Merged
kaihaase merged 1 commit into
mainfrom
develop
Jul 15, 2026
Merged

Release 11.28.1#565
kaihaase merged 1 commit into
mainfrom
develop

Conversation

@kaihaase

Copy link
Copy Markdown
Member

Dependency maintenance

…phantom runtime deps, prune security overrides 9→6

- Update 17 packages within NestJS 11 (nestjs 11.1.23→11.1.28, mongoose 9.6.2→9.7.4,
  nodemailer 8.0.8→9.0.3, multer 2.1.1→2.2.0, + dev tooling); all pinned exactly
- Declare cron/jose/ws/graphql-ws explicitly — previously phantom deps resolved only
  transitively via @nestjs/schedule / better-auth / @nestjs/graphql; pinned to the
  already-resolved versions (resolution-neutral, protects npm + vendor consumers)
- Prune security overrides 9→6 (nodemailer/multer/vite now no-op after direct-dep bumps);
  pnpm audit stays at 0 vulnerabilities
- Normalize ejs import in better-auth email-verification service to CJS style (lint clean)
- Add migration guide 11.28.0→11.28.1 (vendor-mode consumers must declare the 4 runtime deps)

pnpm run check: PASSED (audit/format/lint/swc-tdz/test 1381/build/server-start all green)

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@kaihaase kaihaase changed the title 11.28.1 Release 11.28.1 Jul 15, 2026
@kaihaase
kaihaase merged commit cf64433 into main Jul 15, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant