chore(deps): bump the major group across 1 directory with 14 updates

[dependabot]

Bumps the major group with 14 updates in the / directory:

Package	From	To
nodemailer	8.0.7	9.0.0
typeorm	0.3.29	1.0.0
uuid	11.1.1	14.0.0
@commitlint/cli	20.5.3	21.0.2
@commitlint/config-conventional	20.5.3	21.0.2
@eslint/js	9.39.4	10.0.1
@types/node	22.19.15	25.9.3
@types/uuid	10.0.0	11.0.0
eslint	9.39.4	10.5.0
jest	29.7.0	30.4.2
@types/jest	29.5.14	30.0.0
jscpd	4.1.0	5.0.9
knip	5.88.0	6.16.1
typescript	5.9.3	6.0.3

Updates nodemailer from 8.0.7 to 9.0.0

Release notes

Sourced from nodemailer's releases.

v9.0.0

9.0.0 (2026-06-14)

⚠ BREAKING CHANGES

• HTTPS requests made while fetching remote content (attachment href/path URLs, OAuth2 token endpoints, HTTP/HTTPS proxy CONNECT) now validate the server's TLS certificate by default. Requests to hosts with self-signed, expired, or hostname-mismatched certificates that previously succeeded will now fail. Opt back out per request with tls.rejectUnauthorized=false (transport options, or a per-attachment tls option).

Bug Fixes

• replace deprecated url.parse with a WHATWG URL wrapper (0c080fb)
• validate TLS certificates by default when fetching remote content (6a947ac)

v8.0.11

8.0.11 (2026-06-10)

Bug Fixes

• apply the transport-level newline option in stream and sendmail transports (cb4f904)
• include icalEvent path/href content in the application/ics attachment (b801c48)
• parse Ethereal response props without polynomial regex backtracking (067aebe)
• resolve oauth2_provision_cb at send time for non-pooled SMTP transports (203c8ec)
• return the promise from every resolveContent branch (07ffe8c)
• strip the url scheme from List-ID header values (77e5885)
• tag AWS SES transport errors with the ESES code (efa647a)

v8.0.10

8.0.10 (2026-05-29)

Bug Fixes

• fall back to lower-severity handler when custom logger lacks a level method (6d849df)

v8.0.9

8.0.9 (2026-05-26)

Bug Fixes

• two pending security advisories (jsonTransport access bypass, List-* CRLF injection) (#1820) (5f69497)

v8.0.8

8.0.8 (2026-05-23)

Bug Fixes

• enforce strict TLS for OAuth2 and Ethereal credential requests (#1818) (833d6e5)

... (truncated)

Changelog

Sourced from nodemailer's changelog.

9.0.0 (2026-06-14)

⚠ BREAKING CHANGES

• HTTPS requests made while fetching remote content (attachment href/path URLs, OAuth2 token endpoints, HTTP/HTTPS proxy CONNECT) now validate the server's TLS certificate by default. Requests to hosts with self-signed, expired, or hostname-mismatched certificates that previously succeeded will now fail. Opt back out per request with tls.rejectUnauthorized=false (transport options, or a per-attachment tls option).

Bug Fixes

• replace deprecated url.parse with a WHATWG URL wrapper (0c080fb)
• validate TLS certificates by default when fetching remote content (6a947ac)

8.0.11 (2026-06-10)

Bug Fixes

• apply the transport-level newline option in stream and sendmail transports (cb4f904)
• include icalEvent path/href content in the application/ics attachment (b801c48)
• parse Ethereal response props without polynomial regex backtracking (067aebe)
• resolve oauth2_provision_cb at send time for non-pooled SMTP transports (203c8ec)
• return the promise from every resolveContent branch (07ffe8c)
• strip the url scheme from List-ID header values (77e5885)
• tag AWS SES transport errors with the ESES code (efa647a)

8.0.10 (2026-05-29)

Bug Fixes

• fall back to lower-severity handler when custom logger lacks a level method (6d849df)

8.0.9 (2026-05-26)

Bug Fixes

• two pending security advisories (jsonTransport access bypass, List-* CRLF injection) (#1820) (5f69497)

8.0.8 (2026-05-23)

Bug Fixes

• enforce strict TLS for OAuth2 and Ethereal credential requests (#1818) (833d6e5)
• four listener/stream leaks in SMTP transport, connection, pool (#1817) (850bb91)

Commits

• 541f5fd chore(master): release 9.0.0 (#1827)
• 0c080fb fix: replace deprecated url.parse with a WHATWG URL wrapper
• 6a947ac fix!: validate TLS certificates by default when fetching remote content
• e3b1bda chore(master): release 8.0.11 (#1826)
• 4358caf refactor: remove dead checks flagged by Code Quality analysis
• cf5195c chore: harden workflow token permissions and update GitHub Actions
• 067aebe fix: parse Ethereal response props without polynomial regex backtracking
• 0cee4fe chore: add CodeQL code scanning workflow
• cb9da47 chore: update dev dependencies
• e0a4928 chore: format CLAUDE.md with prettier
• Additional commits viewable in compare view

Updates typeorm from 0.3.29 to 1.0.0

Release notes

Sourced from typeorm's releases.

1.0.0

TypeORM v1.0 is here! 🥳

👉 For a structured walk-through of the changes in v1.0 — breaking changes, new features, security fixes, and the upgrade path from 0.3.x — see the v1.0 Release Notes.

This release includes breaking changes. See the v1.0 Upgrade Guide

What's Changed

• fix: include joined entity primary keys in pagination subquery by @​mag123c in typeorm/typeorm#11669
• feat(postgres): add support for PostgreSQL indices by @​freePixel in typeorm/typeorm#11318
• refactor!: remove legacy expo driver by @​G0maa in typeorm/typeorm#11860
• fix(cockroachdb): preserve structured query results during txn retry replay by @​naorpeled in typeorm/typeorm#11861
• docs: add version dropdown (stable/dev) to master by @​naorpeled in typeorm/typeorm#11862
• docs: link to queryrunner api docs from top level queryrunner page by @​hughrawlinson in typeorm/typeorm#11869
• feat: add error handling and log warning for ormconfig loading failures by @​Cprakhar in typeorm/typeorm#11871
• refactor: remove shajs by @​G0maa in typeorm/typeorm#11864
• ci: setup pnpm by @​alumni in typeorm/typeorm#11881
• chore(docs): move to PNPM by @​naorpeled in typeorm/typeorm#11884
• feat: add better typing for conditions in increment and decrement of EntityManager by @​OSA413 in typeorm/typeorm#11294
• fix: getPendingMigrations unnecessarily creating migrations table by @​pkuczynski in typeorm/typeorm#11672
• fix: copy cordova query rows affected into query result by @​jacobg in typeorm/typeorm#10873
• fix: resolve nameless TableForeignKey on drop foreign key by @​taichunmin in typeorm/typeorm#10744
• feat(docs): add Kapa.ai widget for AI-powered documentation assistance by @​dlhck in typeorm/typeorm#11891
• fix: virtual property handling in schema builder by @​skyran1278 in typeorm/typeorm#11000
• fix(mongo): correctly process embedded arrays of nested documents by @​mciuchitu in typeorm/typeorm#10940
• feat(postgres): use ADD VALUE when changing enum values if possible by @​janzipek in typeorm/typeorm#10956
• test: add mutation testing and mutation score badge by @​OSA413 in typeorm/typeorm#11253
• fix: change import for process dependency by @​yohannpoli in typeorm/typeorm#11248
• chore(tests): adapt Stryker mutator to pnpm and fix markup in README for badges by @​OSA413 in typeorm/typeorm#11893
• chore(tests): send only mutation score to the Stryker dashboard by @​OSA413 in typeorm/typeorm#11895
• fix: fix working with tables with quotes in the names for postgres and cockroachdb by @​iskalyakin in typeorm/typeorm#10993
• refactor: replace uuid with native Crypto API by @​mag123c in typeorm/typeorm#11769
• fix(mysql): getVersion returning undefined for PolarDB-X 2.0 by @​Missna in typeorm/typeorm#11837
• test: align file names by @​gioboa in typeorm/typeorm#11898
• ci: ensure pull request follow conventional commits spec by @​pkuczynski in typeorm/typeorm#11840
• feat(qodo): enable new review experience by @​naorpeled in typeorm/typeorm#11909
• test: modify tests to confirm ON CONFLICT ON CONSTRAINT on PostgreSQL/CockroachDB by @​Cprakhar in typeorm/typeorm#11908
• feat: add support for installing additional postgres extensions by @​Cprakhar in typeorm/typeorm#11888
• feat: add deferrable support to exclusion decorator to mirror unique and index decorators by @​oGAD31 in typeorm/typeorm#11802
• chore(mutation testing): tweak Stryker for lower resource usage and decrease timeout for slow running mutants by @​OSA413 in typeorm/typeorm#11901
• fix: raw select query with correctly ordered selected columns by @​Cprakhar in typeorm/typeorm#11902
• docs: fix typo 'spass' to 'pass' by @​guoxk-me in typeorm/typeorm#11919
• chore: align master with v0.3 by @​gioboa in typeorm/typeorm#11912
• fix: update child's mpath by @​JoseCToscano in typeorm/typeorm#10844
• test: verify column names when using referencedColumnName in composite relations by @​Cprakhar in typeorm/typeorm#11883
• fix: merging into an entity now respects null values by @​knoid in typeorm/typeorm#11154
• fix: handle re-save of postgres geometric types by @​Cprakhar in typeorm/typeorm#11857
• fix(sqlite): handle simple-enum arrays correctly by @​Cprakhar in typeorm/typeorm#11865
• fix: fix up map objects comparison by @​mgohin in typeorm/typeorm#10990
• feat: support INSERT INTO ... SELECT FROM ... in QueryBuilder by @​Cprakhar in typeorm/typeorm#11896

... (truncated)

Changelog

Sourced from typeorm's changelog.

1.0.0 (2026-05-19)

👉 For a structured walk-through of the changes in v1.0 — breaking changes, new features, security fixes, and the upgrade path from 0.3.x — see the v1.0 Release Notes.

The list below is the set of commits between 0.3.30 and 1.0.0 — fixes already shipped on the 0.3.x line are listed under their respective 0.3.x entries below.

• feat!: drop support for node 16 and 18 (#11382) (349d910), closes #11382

Bug Fixes

• cascade: propagate withDeleted to relation-id loader for many-to-many recover (#12287) (cfba9e7)
• cascade: support cascade remove for OneToMany relations with composite PKs (#12286) (09183c8)
• cli: preserve devDependencies needed by init command in published package (#12281) (c3b771c)
• cockroachdb: preserve structured query results during txn retry replay (#11861) (09db48c)
• codemod: apply find-options select/relations rewrites to .exists() too (#12399) (4461063)
• codemod: correct relation-count guidance and flag loadRelationCountAndMap (#12374) (5de5490)
• codemod: cover ColumnMetadata args.options in column option rewrites (#12400) (7a68cf2)
• codemod: exclude type declarations from build (#12292) (4c645f0)
• codemod: handle aliases, quoted keys, and ObjectProperty variants (#12377) (2d15644)
• codemod: handle lock option objects correctly and increase test coverage (#12353) (b871719)
• codemod: handle typeof type queries and use getStringValue consistently (#12379) (dedea37)
• codemod: harden destructure and DI accessor rewrites for connection to dataSource rename (#12398) (057ddbc)
• codemod: harden scope and type-name detection across more AST shapes (#12394) (9d1fd8d)
• codemod: harden scope, idempotency, and import-strip semantics (#12391) (ed5a19b)
• codemod: recognize typeorm deep-path imports (#12382) (a96b097)
• codemod: rename .connection on EntityMetadata, ColumnMetadata, IndexMetadata (#12383) (8a51e30), closes #12249
• codemod: rewrite typeorm re-exports in barrel files (#12373) (25f0b5f)
• codemod: scope v1 transforms to typeorm imports and skip .d.ts files (#12372) (a34fdb2)
• codemod: track DataSource accessor chains for typed-variable renames (#12385) (14a3132)
• copy cordova query rows affected into query result (#10873) (ad22c10)
• disable global order for aggregate functions (#11925) (2efb2a1)
• do not run npm install during CLI init (#12386) (66aa930)
• docs: add lunr as explicit dependency for pnpm strict hoisting (f4d435e)
• docs: align code style (#12081) (5f6eb4c)
• docs: complete Typesense removal missed during cherry-pick (eb7a5b6)
• docs: update docs pnpm lockfile for new dependencies (4123db9)
• eager load relation strategy (#11326) (5797d97)
• enhance upsert functionality for proper sql generation with table alias (#11915) (42ce630)
• expo: auto-load expo-sqlite driver via loadDependencies() (#12363) (212c8ef)
• fix up change detection with date transformer (#11963) (e3e3c97)
• fix up generated query with .update() (#11993) (fe6c072)
• fix up join attributes inside bracket (#11218) (d233daa)
• fix up map objects comparison (#10990) (f66eee7)
• fix up save with eagerly loaded relation (#11975) (f5cea95)
• fix working with tables with quotes in the names for postgres and cockroachdb (#10993) (e5a8afb)
• handle re-save of postgres geometric types (#11857) (65dea3c)
• handle relation ids in nested embedded entities (#11942) (5237bee)
• include joined entity primary keys in pagination subquery (#11669) (4ffe666)
• make shorten method to properly work with camelCase_aliases (#11283) (8a9a376)
• merging into an entity now respects null values (#11154) (1676484)

... (truncated)

Commits

• cf3f13f docs: restyle version dropdown for v1 release (#12514)
• 6997b23 chore: release v1.0.0 (#12510)
• df09802 fix(cockroachdb): adjust join in loadTables to load correct table columns (#1...
• f5cc456 fix(find-options): allow array values in JsonContains (#12420)
• 9440998 fix(mysql)!: use index identifiers instead of raw SQL in QB.useIndex() (#12...
• a4f26af chore(deps): bump the github-actions-official group with 3 updates (#12483)
• ac2ffc6 chore(deps): bump the github-actions-third-party group with 3 updates (#12484)
• 62948a3 revert: fix up limit with joins (#12478)
• c2b788f ci: pin all GitHub Actions to commit SHAs (#12481)
• 9284c16 fix(security): validate limit() in Update/SoftDelete query builders (#12436)
• Additional commits viewable in compare view

Updates uuid from 11.1.1 to 14.0.0

Release notes

Sourced from uuid's releases.

v14.0.0

14.0.0 (2026-04-19)

⚠ BREAKING CHANGES

• expect crypto to be global everywhere (requires node@20+) (#935)
• drop node@18 support (#934)

Features

• drop node@18 support (#934) (dc4ddb8)

Bug Fixes

• expect crypto to be global everywhere (requires node@20+) (#935) (f2c235f)
• Use GITHUB_TOKEN for release-please and enable npm provenance (#925) (ffa3138)

v13.0.2

13.0.2 (2026-05-04)

Bug Fixes

• rerelease to fix provenance. (49ccb35)

v13.0.1

13.0.1 (2026-04-27)

Bug Fixes

• backport fix for GHSA-w5hq-g745-h8pq (9d27ddf)

v13.0.0

13.0.0 (2025-09-08)

⚠ BREAKING CHANGES

• make browser exports the default (#901)

Bug Fixes

• make browser exports the default (#901) (bce9d72)

v12.0.1

12.0.1 (2026-04-29)

... (truncated)

Changelog

Sourced from uuid's changelog.

14.0.0 (2026-04-19)

Security

• Fixes GHSA-w5hq-g745-h8pq: v3(), v5(), and v6() did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid offset was provided. A RangeError is now thrown if offset < 0 or offset + 16 > buf.length.

⚠ BREAKING CHANGES

• crypto is now expected to be globally defined (requires node@20+) (#935)
• drop node@18 support (#934)
• upgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years

13.0.0 (2025-09-08)

⚠ BREAKING CHANGES

• make browser exports the default (#901)

Bug Fixes

• make browser exports the default (#901) (bce9d72)

12.0.0 (2025-09-05)

⚠ BREAKING CHANGES

• update to typescript@5.2 (#887)
• remove CommonJS support (#886)
• drop node@16 support (#883)

Features

• add node@24 to ci matrix (#879) (42b6178)
• drop node@16 support (#883) (0f38cf1)
• remove CommonJS support (#886) (ae786e2)
• update to typescript@5.2 (#887) (c7ee405)

Bug Fixes

• improve v4() performance (#894) (5fd974c)
• restore node: prefix (#889) (e1f42a3)

11.1.0 (2025-02-19)

... (truncated)

Commits

• 7c1ea08 chore(main): release 14.0.0 (#926)
• 3d2c5b0 Merge commit from fork
• f2c235f fix!: expect crypto to be global everywhere (requires node@20+) (#935)
• 529ef08 chore: upgrade TypeScript and fixup types (#927)
• 086fd79 chore: update dependencies (#933)
• dc4ddb8 feat!: drop node@18 support (#934)
• 0f1f9c9 chore: switch to Biome for parsing and linting (#932)
• e2879e6 chore: use maintained version of npm-run-all (#930)
• ffa3138 fix: Use GITHUB_TOKEN for release-please and enable npm provenance (#925)
• 0423d49 docs: remove obsolete v1 option notes (#915)
• Additional commits viewable in compare view

Updates @commitlint/cli from 20.5.3 to 21.0.2

Release notes

Sourced from @​commitlint/cli's releases.

v21.0.2

21.0.2 (2026-05-29)

Bug Fixes

• fix: emit actionable error when --edit cannot find COMMIT_EDITMSG (#589) by @​escapedcat in conventional-changelog/commitlint#4755
• fix: apply oxfmt formatting to get-edit-commit.ts by @​escapedcat in conventional-changelog/commitlint#4768
• fix(read): fail when --from and --to share no merge-base #4555 by @​CervEdin in conventional-changelog/commitlint#4754
• fix: disallow same commit hash for --from and --to by @​knocte in conventional-changelog/commitlint#4773

Chore/CI

• ci: have renovate rebase stale PRs before merging by @​escapedcat in conventional-changelog/commitlint#4782
• chore: have renovate hold PRs for 3 days after release by @​escapedcat in conventional-changelog/commitlint#4788
• chore: anchor vite 8 by @​escapedcat in conventional-changelog/commitlint#4790
• ci: run commitlint once per same-repo PR by @​escapedcat in conventional-changelog/commitlint#4795

New Contributors

• @​CervEdin made their first contribution in conventional-changelog/commitlint#4754

Full Changelog: conventional-changelog/commitlint@v21.0.1...v21.0.2

v21.0.1

21.0.1 (2026-05-12)

Bug Fixes

• fix(load): only resolve relative formatter paths by @​escapedcat in conventional-changelog/commitlint#4761
• fix(types): add presetConfig to ParserPreset interface by @​SAY-5 in conventional-changelog/commitlint#4749

CI

• ci: stop spawning schedule jobs on contributors' forks by @​knocte in conventional-changelog/commitlint#4753
• ci: add weekly non-blocking pnpm audit by @​escapedcat in conventional-changelog/commitlint#4766

New Contributors

• @​SAY-5 made their first contribution in conventional-changelog/commitlint#4749

Full Changelog: conventional-changelog/commitlint@v21.0.0...v21.0.1

v21.0.0

Heads-up: --legacy-output is a transitional escape hatch. It will be removed in a future major release. Plan to migrate your parsers / snapshots to the new format during the v21 lifecycle.

... (truncated)

Changelog

Sourced from @​commitlint/cli's changelog.

21.0.2 (2026-05-29)

Bug Fixes

• disallow same commit hash for --from and --to (#4773) (121005e)

21.0.1 (2026-05-12)

Note: Version bump only for package @​commitlint/cli

21.0.0 (2026-05-08)

• chore!: minimum node version v22 (#4679) (ac2b3f4), closes #4679

BREAKING CHANGES

• drop node v18 and v20 support

• Bump engines to >=v22 in all 39 package.json files
• Update @​types/node to ^22.0.0
• Update CI matrix to [22, 24]
• Update Ubuntu baseline job to ubuntu:26.04
• Update Dockerfile.ci, .mise.toml, .codesandbox/ci.json
• Update pre-commit hook to use --ignore-engines
• Update README and docs

Co-authored-by: Claude Opus 4.6 (1M context) noreply@anthropic.com

Commits

• 8069048 v21.0.2
• 121005e fix: disallow same commit hash for --from and --to (#4773)
• db8d7d6 v21.0.1
• 1329a25 chore: migrate to pnpm (#4762)
• db39968 chore: pre pnpm cleanup (#4759)
• 6099ae5 chore: replace eslint with oxlint (#4756)
• f081a8e v21.0.0
• 40d7e36 feat!: show input from a new line (#4727)
• 44c3174 chore: update dependency yargs to v18 #4432 (#4686)
• ac01464 chore: replace dependencies with Node 22 built-ins (#4681)
• Additional commits viewable in compare view

Updates @commitlint/config-conventional from 20.5.3 to 21.0.2

Release notes

Sourced from @​commitlint/config-conventional's releases.

v21.0.2

21.0.2 (2026-05-29)

Bug Fixes

• fix: emit actionable error when --edit cannot find COMMIT_EDITMSG (#589) by @​escapedcat in conventional-changelog/commitlint#4755
• fix: apply oxfmt formatting to get-edit-commit.ts by @​escapedcat in conventional-changelog/commitlint#4768
• fix(read): fail when --from and --to share no merge-base #4555 by @​CervEdin in conventional-changelog/commitlint#4754
• fix: disallow same commit hash for --from and --to by @​knocte in conventional-changelog/commitlint#4773

Chore/CI

• ci: have renovate rebase stale PRs before merging by @​escapedcat in conventional-changelog/commitlint#4782
• chore: have renovate hold PRs for 3 days after release by @​escapedcat in conventional-changelog/commitlint#4788
• chore: anchor vite 8 by @​escapedcat in conventional-changelog/commitlint#4790
• ci: run commitlint once per same-repo PR by @​escapedcat in conventional-changelog/commitlint#4795

New Contributors

• @​CervEdin made their first contribution in conventional-changelog/commitlint#4754

Full Changelog: conventional-changelog/commitlint@v21.0.1...v21.0.2

v21.0.1

21.0.1 (2026-05-12)

Bug Fixes

• fix(load): only resolve relative formatter paths by @​escapedcat in conventional-changelog/commitlint#4761
• fix(types): add presetConfig to ParserPreset interface by @​SAY-5 in conventional-changelog/commitlint#4749

CI

• ci: stop spawning schedule jobs on contributors' forks by @​knocte in conventional-changelog/commitlint#4753
• ci: add weekly non-blocking pnpm audit by @​escapedcat in conventional-changelog/commitlint#4766

New Contributors

• @​SAY-5 made their first contribution in conventional-changelog/commitlint#4749

Full Changelog: conventional-changelog/commitlint@v21.0.0...v21.0.1

v21.0.0

Heads-up: --legacy-output is a transitional escape hatch. It will be removed in a future major release. Plan to migrate your parsers / snapshots to the new format during the v21 lifecycle.

... (truncated)

Changelog

Sourced from @​commitlint/config-conventional's changelog.

21.0.2 (2026-05-29)

Note: Version bump only for package @​commitlint/config-conventional

21.0.1 (2026-05-12)

Note: Version bump only for package @​commitlint/config-conventional

21.0.0 (2026-05-08)

• chore!: minimum node version v22 (#4679) (ac2b3f4), closes #4679

BREAKING CHANGES

• drop node v18 and v20 support

• Bump engines to >=v22 in all 39 package.json files
• Update @​types/node to ^22.0.0
• Update CI matrix to [22, 24]
• Update Ubuntu baseline job to ubuntu:26.04
• Update Dockerfile.ci, .mise.toml, .codesandbox/ci.json
• Update pre-commit hook to use --ignore-engines
• Update README and docs

Co-authored-by: Claude Opus 4.6 (1M context) noreply@anthropic.com

Commits

• 8069048 v21.0.2
• db8d7d6 v21.0.1
• 1329a25 chore: migrate to pnpm (#4762)
• 6099ae5 chore: replace eslint with oxlint (#4756)
• f081a8e v21.0.0
• 44c3174 chore: update dependency yargs to v18 #4432 (#4686)
• ac2b3f4 chore!: minimum node version v22 (#4679)
• See full diff in compare view

Updates @eslint/js from 9.39.4 to 10.0.1

Release notes

Sourced from @​eslint/js's releases.

v10.0.1

Bug Fixes

• c87d5bd fix: update eslint (#20531) (renovate[bot])
• d841001 fix: update minimatch to 10.2.1 to address security vulnerabilities (#20519) (루밀LuMir)
• 04c2147 fix: up...

  Description has been truncated

[dependabot]

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[clearpr]

ClearPR Review

Diff stats: 4,846 raw lines → 2,348 semantic lines (51.55% noise filtered)

Findings

• 1 warning
• 4 info

Inline comments could not be anchored to the diff (e.g. an unsupported language), so the findings are listed here:

• [warning] package.json:1 Engine range "node": ">=20.0.0 <22" conflicts with several devDependencies. @commitlint/cli and the other @commitlint/* packages declare engines.node: ">=22.12.0", and eslint@10 / @eslint/* declare ^20.19.0 || ^22.13.0 || >=24. No Node version in >=20.0.0 <22 satisfies all of these: Node 20.0-20.18 fails eslint's 20.19+ floor, and Node 21.x fails commitlint's 22.12+ floor. Either widen the engine range (e.g. >=22.12.0) or pin dev tooling to versions compatible with Node 20/21.
• [info] package.json:1 @types/uuid@^11.0.0 is now a deprecated stub (the lockfile records: "uuid provides its own type definitions, so you do not need this installed"). Since uuid@^14.0.0 ships its own types, drop @types/uuid from devDependencies. The major mismatch (types v11 vs lib v14) also makes the stub actively misleading.
• [info] package.json:1 Version skew: nodemailer@^9.0.0 is paired with @types/nodemailer@^8.0.0. The v8 types may not reflect v9's API surface, leading to inaccurate or missing typings. Bump @types/nodemailer to a v9-aligned release (or rely on bundled types if nodemailer ships them).
• [info] package.json:1 typeorm@^1.0.0 is an unusual major (TypeORM has long published under the 0.3.x line). Please confirm 1.0.0 is the intended package/version and not a mistaken bump or unexpected fork, since it's a core runtime dependency and a wrong resolution here would be hard to catch at runtime.
• [info] package.json:1 typescript@^6.0.3 is a major bump. Verify the toolchain supports it: typescript-eslint@^8.59.2 and ts-jest@^29.4.9 historically gate on supported TS ranges, and @nestjs/cli here bundles its own typescript@5.9.3. Worth a build + lint + test run to confirm no peer/compat breakage.