Skip to content

chore(deps): bump the npm-dependencies group across 1 directory with 13 updates#328

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/apps/backend/npm-dependencies-e1bd2b65ed
Open

chore(deps): bump the npm-dependencies group across 1 directory with 13 updates#328
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/apps/backend/npm-dependencies-e1bd2b65ed

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 3, 2026
edited
Loading

Bumps the npm-dependencies group with 13 updates in the /apps/backend directory:

Package From To
@filoz/synapse-sdk 0.36.0 0.38.0
@nestjs/common 11.1.6 11.1.14
@nestjs/core 11.1.6 11.1.14
@nestjs/platform-express 11.1.6 11.1.14
axios 1.11.0 1.13.6
class-validator 0.14.2 0.15.1
filecoin-pin 0.15.1 0.17.0
pg 8.16.3 8.19.0
undici 7.16.0 7.22.0
viem 2.38.3 2.46.3
@nestjs/testing 11.1.6 11.1.14
supertest 7.1.4 7.2.2
@types/supertest 6.0.3 7.2.0

Updates @filoz/synapse-sdk from 0.36.0 to 0.38.0

Release notes

Sourced from @​filoz/synapse-sdk's releases.

synapse-sdk: v0.38.0

0.38.0 (2026-02-26)

Features

  • storage: extract provider selection to synapse-core and update docs for multi-copy (ae0eea9)
  • storage: multi-copy upload with store->pull->commit flow (cf6babd), closes #494

Chores

  • master: release synapse-core 0.2.2 (92fd0cb)
  • master: release synapse-sdk 0.37.2 (c4396e1)
  • master: release synapse-sdk 0.38.0 (be88413)

synapse-sdk: v0.37.1

0.37.1 (2026-02-25)

Features

Chores

  • update biome (#609) (fe2b365)
  • update msw package version to 2.12.10 in workspace and mock service worker files (#610) (c046b7a)

synapse-sdk: v0.37.0

0.37.0 (2026-02-11)

⚠ BREAKING CHANGES

  • change params to options object and remove withIpni (#601)
  • remove pdp classes and change upload input to File
  • transition from ethers to viem (#555)
  • replace getMaxProvingPeriod() and getChallengeWindow() with getPDPConfig() (#526)
  • use activePieceCount for accurate piece tracking (#517)
  • change to only export Synapse from the main entrypoint

refactor

  • replace getMaxProvingPeriod() and getChallengeWindow() with getPDPConfig() (#526) (a4956c7)

Features

... (truncated)

Commits
  • da3df7a chore(master): release synapse-sdk 0.38.0 (#635)
  • be88413 chore(master): release synapse-sdk 0.38.0
  • 7ce28a7 chore(master): release synapse-react 0.2.2 (#633)
  • e450592 chore(master): release synapse-core 0.2.2 (#634)
  • 92fd0cb chore(master): release synapse-core 0.2.2
  • 837a492 chore: one more behind
  • bd8596f chore: revert versions
  • e7a4695 chore: update versions
  • c4396e1 chore(master): release synapse-sdk 0.37.2
  • ae0eea9 feat(storage): extract provider selection to synapse-core and update docs for...
  • Additional commits viewable in compare view

Updates @nestjs/common from 11.1.6 to 11.1.14

Release notes

Sourced from @​nestjs/common's releases.

v11.1.14 (2026-02-17)

Bug fixes

Enhancements

Committers: 5

v11.1.13 (2026-02-03)

Bug fixes

  • common
    • #16230 fix(common): Fix skipping maxArrayLength and maxStringLength option (@​chojs23)

Enhancements

Dependencies

Committers: 6

v11.1.12 (2026-01-15)

Bug fixes

  • common

... (truncated)

Commits
  • 5d31df7 chore(release): publish v11.1.14 release
  • 829d326 Merge pull request #16314 from SpencerKaiser/bugfix/cors-types
  • 5058600 fix(common): change requestOrigin type
  • 91212b2 fix: return type error
  • 804d27b fix: invalid context when no stack trace is provided
  • 8d1c16c chore: update readme
  • e3a958a chore(release): publish v11.1.13 release
  • d88856c test(common): add unit tests for class serializer interceptor
  • a1f6162 Merge pull request #16202 from som14062005/fix/issue-16195
  • 8222634 refactor: move built-in types to module-level constant
  • Additional commits viewable in compare view

Updates @nestjs/core from 11.1.6 to 11.1.14

Release notes

Sourced from @​nestjs/core's releases.

v11.1.14 (2026-02-17)

Bug fixes

Enhancements

Committers: 5

v11.1.13 (2026-02-03)

Bug fixes

  • common
    • #16230 fix(common): Fix skipping maxArrayLength and maxStringLength option (@​chojs23)

Enhancements

Dependencies

Committers: 6

v11.1.12 (2026-01-15)

Bug fixes

  • common

... (truncated)

Commits
  • 5d31df7 chore(release): publish v11.1.14 release
  • 8d1c16c chore: update readme
  • e3a958a chore(release): publish v11.1.13 release
  • db9494a perf(core): use set instead of array for module registry lookup
  • 909b504 test(core): add unit tests for discovery service
  • 96932ad chore(release): publish v11.1.12 release
  • 4fdeb0b style: address lint issues
  • e5616c2 feat: apply instance decorator to all enhancers
  • 585f55f chore: revert lerna version
  • fef323b chore(release): publish v11.1.11 release
  • Additional commits viewable in compare view

Updates @nestjs/platform-express from 11.1.6 to 11.1.14

Release notes

Sourced from @​nestjs/platform-express's releases.

v11.1.14 (2026-02-17)

Bug fixes

Enhancements

Committers: 5

v11.1.13 (2026-02-03)

Bug fixes

  • common
    • #16230 fix(common): Fix skipping maxArrayLength and maxStringLength option (@​chojs23)

Enhancements

Dependencies

Committers: 6

v11.1.12 (2026-01-15)

Bug fixes

  • common

... (truncated)

Commits
  • 5d31df7 chore(release): publish v11.1.14 release
  • 8d1c16c chore: update readme
  • e3a958a chore(release): publish v11.1.13 release
  • 58c761a fix(deps): update dependency cors to v2.8.6
  • 96932ad chore(release): publish v11.1.12 release
  • 585f55f chore: revert lerna version
  • fef323b chore(release): publish v11.1.11 release
  • de5e026 chore(@​nestjs) publish v11.1.10 release
  • 8f0840a test(express): Add tests for getBodyParserOptions utility
  • 0c93692 chore: update prettier
  • Additional commits viewable in compare view

Updates axios from 1.11.0 to 1.13.6

Release notes

Sourced from axios's releases.

v1.13.6

This release focuses on platform compatibility, error handling improvements, and code quality maintenance.

⚠️ Important Changes

  • Breaking Changes: None identified in this release.
  • Action Required: Users targeting React Native should verify their integration, particularly if relying on specific Blob or FormData behaviours, as improvements have been made to support these objects.

🚀 New Features

  • React Native Blob Support: Axios now includes support for React Native Blob objects. Thanks to @​moh3n9595 for the initial implementation. (#5764)
  • Code Quality: Implemented prettier across the codebase and resolved associated formatting issues. (#7385)

🐛 Bug Fixes

  • Environment Compatibility:

    • Fixed module exports for React Native and Browserify environments. (#7386)
    • Added safe FormData detection for the WeChat Mini Program environment. (#7324)

  • Error Handling:

    • AxiosError.message is now correctly enumerable. (#7392)
    • AxiosError.from now correctly copies the status property from the source error, ensuring better error propagation. (#7403)

🔧 Maintenance & Chores

  • Dependencies: Updated the development_dependencies group (5 updates). (#7432)
  • Infrastructure: Migrated @​rollup/plugin-babel from v5.3.1 to v6.1.0. (#7424)
  • Documentation: Added missing JSDoc comments to utilities. (#7427)

🌟 New Contributors

We are thrilled to welcome our new contributors! Thank you for helping improve the project:

Full Changelog: v1.13.5...v1.13.6

v1.13.5

Release 1.13.5

Highlights

  • Security: Fixed a potential Denial of Service issue involving the __proto__ key in mergeConfig. (PR #7369)
  • Bug fix: Resolved an issue where AxiosError could be missing the status field on and after v1.13.3. (PR #7368)

Changes

Security

  • Fix Denial of Service via __proto__ key in mergeConfig. (PR #7369)

... (truncated)

Changelog

Sourced from axios's changelog.

Changelog

1.13.3 (2026-01-20)

Bug Fixes

  • http2: Use port 443 for HTTPS connections by default. (#7256) (d7e6065)
  • interceptor: handle the error in the same interceptor (#6269) (5945e40)
  • main field in package.json should correspond to cjs artifacts (#5756) (7373fbf)
  • package.json: add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (#5754) (b89217e)
  • silentJSONParsing=false should throw on invalid JSON (#7253) (#7257) (7d19335)
  • turn AxiosError into a native error (#5394) (#5558) (1c6a86d)
  • types: add handlers to AxiosInterceptorManager interface (#5551) (8d1271b)
  • types: restore AxiosError.cause type from unknown to Error (#7327) (d8233d9)
  • unclear error message is thrown when specifying an empty proxy authorization (#6314) (6ef867e)

Features

Reverts

  • Revert "fix: silentJSONParsing=false should throw on invalid JSON (#7253) (#7…" (#7298) (a4230f5), closes #7253 #7 #7298
  • deps: bump peter-evans/create-pull-request from 7 to 8 in the github-actions group (#7334) (2d6ad5e)

Contributors to this release

... (truncated)

Commits
  • 7108c88 chore(release): prepare release 1.13.6 (#7446)
  • 20a0ba3 refactor(deps): migrate @​rollup/plugin-babel from v5.3.1 to v6.1.0 (#7424)
  • 885b4af feat: support react native blob objects (#5764)
  • 00d97b9 docs(utils): add missing JSDoc comments (#7427)
  • 9712548 chore(deps-dev): bump the development_dependencies group across 1 directory w...
  • d51accb fix(core): copy status from source error in AxiosError.from (#7403)
  • 3e30bbf chore: fix publish to only run on v1 tags
  • 672491d fix: safe FormData detection for WeChat Mini Program (#7306) (#7324)
  • 822e3e4 fix: make AxiosError.message property enumerable (#7392)
  • ef3711d feat: implement prettier and fix all issues (#7385)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for axios since your current version.


Updates class-validator from 0.14.2 to 0.15.1

Release notes

Sourced from class-validator's releases.

v0.15.1

What's Changed

Full Changelog: typestack/class-validator@v0.15.0...v0.15.1

v0.15.0

What's Changed

New Contributors

Full Changelog: typestack/class-validator@v0.14.4...v0.15.0

v0.14.4

What's Changed

Full Changelog: typestack/class-validator@v0.14.3...v0.14.4

v0.14.3

What's Changed

New Contributors

Full Changelog: typestack/class-validator@v0.14.2...v0.14.3

Changelog

Sourced from class-validator's changelog.

0.15.1 (2026-02-26)

BREAKING CHANGES

  • Added options argument to IsIBAN validator (#2618), which breaks any existing usage of this decorator that pass an argument to the decorator, e.g. @IsIBAN({forbidUnknownValues: false})

Fixed

  • Updated lockfile to patch vulnerabilities (#2669)
  • Fixed a small grammatical error in the docs (#2596)

Added

  • Added validateIf option to all validators, providing a lot more flexibility in using conditional validation (#1579)
  • Added IsISO31661Numeric validator for country codes (#2657)
  • Added IsISO6391 validator for language codes (#2626)
  • Added more versions to IsUUID validator options. (#2647)

0.14.4 (2026-02-25)

  • Updated validator.js to 13.15.22 (#2649)

0.14.3 (2025-11-24)

Commits

Updates filecoin-pin from 0.15.1 to 0.17.0

Release notes

Sourced from filecoin-pin's releases.

v0.17.0

0.17.0 (2026-02-23)

Features

  • rm: add --all option to remove all pieces from DataSet (#320) (b27050c)

Bug Fixes

  • executeUpload and uploadToSynapse to use abortSignals (#332) (060257e)

Chores

  • deps-dev: bump @​biomejs/biome from 2.3.14 to 2.3.15 (#331) (6cb403e)
  • deps-dev: bump @​biomejs/biome from 2.3.15 to 2.4.2 (#336) (2119892)
  • deps-dev: bump @​biomejs/biome from 2.4.2 to 2.4.3 (#337) (a4b3730)
  • deps-dev: bump @​biomejs/biome from 2.4.3 to 2.4.4 (#338) (5926600)

v0.16.0

0.16.0 (2026-02-07)

Features

  • add --data-set and --new-data-set flags to add command (#296) (e03719b)
  • add provider command with info and ping subcommands (#295) (c52ebbf)

Bug Fixes

  • use namespace import for Sentry SDK v8+ ESM compatibility (#319) (320a461)

Chores

  • deps-dev: bump @​biomejs/biome from 2.3.13 to 2.3.14 (#318) (97f6f1b)
  • deps: bump @​clack/prompts from 0.11.0 to 1.0.0 (#315) (63b34e0)
Changelog

Sourced from filecoin-pin's changelog.

0.17.0 (2026-02-23)

Features

  • rm: add --all option to remove all pieces from DataSet (#320) (b27050c)

Bug Fixes

  • executeUpload and uploadToSynapse to use abortSignals (#332) (060257e)

Chores

  • deps-dev: bump @​biomejs/biome from 2.3.14 to 2.3.15 (#331) (6cb403e)
  • deps-dev: bump @​biomejs/biome from 2.3.15 to 2.4.2 (#336) (2119892)
  • deps-dev: bump @​biomejs/biome from 2.4.2 to 2.4.3 (#337) (a4b3730)
  • deps-dev: bump @​biomejs/biome from 2.4.3 to 2.4.4 (#338) (5926600)

0.16.0 (2026-02-07)

Features

  • add --data-set and --new-data-set flags to add command (#296) (e03719b)
  • add provider command with info and ping subcommands (#295) (c52ebbf)

Bug Fixes

  • use namespace import for Sentry SDK v8+ ESM compatibility (#319) (320a461)

Chores

  • deps-dev: bump @​biomejs/biome from 2.3.13 to 2.3.14 (#318) (97f6f1b)
  • deps: bump @​clack/prompts from 0.11.0 to 1.0.0 (#315) (63b34e0)
Commits
  • 2d8737f chore(master): release 0.17.0 (#334)
  • b27050c feat(rm): add --all option to remove all pieces from DataSet (#320)
  • 17220ce perf(storage): optimize dataset fetching with O(1) lookup (#322)
  • 060257e fix: executeUpload and uploadToSynapse to use abortSignals (#332)
  • 5926600 chore(deps-dev): bump @​biomejs/biome from 2.4.3 to 2.4.4 (#338)
  • a4b3730 chore(deps-dev): bump @​biomejs/biome from 2.4.2 to 2.4.3 (#337)
  • 2119892 chore(deps-dev): bump @​biomejs/biome from 2.3.15 to 2.4.2 (#336)
  • 6cb403e chore(deps-dev): bump @​biomejs/biome from 2.3.14 to 2.3.15 (#331)
  • 778928e chore(master): release 0.16.0 (#317)
  • f15bba4 ci: Update auto-label workflow to use pull_request_target (#323)
  • Additional commits viewable in compare view

Updates pg from 8.16.3 to 8.19.0

Changelog

Sourced from pg's changelog.

pg@8.19.0

pg@8.18.0

pg@8.17.0

  • Throw correct error if database URL parsing fails.

pg@8.16.0

pg@8.15.0

  • Add support for esm importing. CommonJS importing is still also supported.

pg@8.14.0

pg@8.13.0

pg@8.12.0

...

Description has been truncated

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 3, 2026
@FilOzzy FilOzzy added this to FOC Mar 3, 2026
@github-project-automation github-project-automation bot moved this to 📌 Triage in FOC Mar 3, 2026
@BigLep BigLep moved this from 📌 Triage to 🐱 Todo in FOC Mar 10, 2026
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/apps/backend/npm-dependencies-e1bd2b65ed branch from 873a848 to 99cd52c Compare March 10, 2026 17:17
@dependabot
chore(deps): bump the npm-dependencies group across 1 directory with …
cf12fb1 
…13 updates

Bumps the npm-dependencies group with 13 updates in the /apps/backend directory:

| Package | From | To |
| --- | --- | --- |
| [@filoz/synapse-sdk](https://github.com/FilOzone/synapse-sdk) | `0.36.0` | `0.38.0` |
| [@nestjs/common](https://github.com/nestjs/nest/tree/HEAD/packages/common) | `11.1.6` | `11.1.14` |
| [@nestjs/core](https://github.com/nestjs/nest/tree/HEAD/packages/core) | `11.1.6` | `11.1.14` |
| [@nestjs/platform-express](https://github.com/nestjs/nest/tree/HEAD/packages/platform-express) | `11.1.6` | `11.1.14` |
| [axios](https://github.com/axios/axios) | `1.11.0` | `1.13.6` |
| [class-validator](https://github.com/typestack/class-validator) | `0.14.2` | `0.15.1` |
| [filecoin-pin](https://github.com/filecoin-project/filecoin-pin) | `0.15.1` | `0.17.0` |
| [pg](https://github.com/brianc/node-postgres/tree/HEAD/packages/pg) | `8.16.3` | `8.19.0` |
| [undici](https://github.com/nodejs/undici) | `7.16.0` | `7.22.0` |
| [viem](https://github.com/wevm/viem) | `2.38.3` | `2.46.3` |
| [@nestjs/testing](https://github.com/nestjs/nest/tree/HEAD/packages/testing) | `11.1.6` | `11.1.14` |
| [supertest](https://github.com/ladjs/supertest) | `7.1.4` | `7.2.2` |
| [@types/supertest](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/supertest) | `6.0.3` | `7.2.0` |



Updates `@filoz/synapse-sdk` from 0.36.0 to 0.38.0
- [Release notes](https://github.com/FilOzone/synapse-sdk/releases)
- [Commits](FilOzone/synapse-sdk@synapse-sdk-v0.36.0...synapse-sdk-v0.38.0)

Updates `@nestjs/common` from 11.1.6 to 11.1.14
- [Release notes](https://github.com/nestjs/nest/releases)
- [Commits](https://github.com/nestjs/nest/commits/v11.1.14/packages/common)

Updates `@nestjs/core` from 11.1.6 to 11.1.14
- [Release notes](https://github.com/nestjs/nest/releases)
- [Commits](https://github.com/nestjs/nest/commits/v11.1.14/packages/core)

Updates `@nestjs/platform-express` from 11.1.6 to 11.1.14
- [Release notes](https://github.com/nestjs/nest/releases)
- [Commits](https://github.com/nestjs/nest/commits/v11.1.14/packages/platform-express)

Updates `axios` from 1.11.0 to 1.13.6
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.11.0...v1.13.6)

Updates `class-validator` from 0.14.2 to 0.15.1
- [Release notes](https://github.com/typestack/class-validator/releases)
- [Changelog](https://github.com/typestack/class-validator/blob/develop/CHANGELOG.md)
- [Commits](typestack/class-validator@v0.14.2...v0.15.1)

Updates `filecoin-pin` from 0.15.1 to 0.17.0
- [Release notes](https://github.com/filecoin-project/filecoin-pin/releases)
- [Changelog](https://github.com/filecoin-project/filecoin-pin/blob/master/CHANGELOG.md)
- [Commits](filecoin-project/filecoin-pin@v0.15.1...v0.17.0)

Updates `pg` from 8.16.3 to 8.19.0
- [Changelog](https://github.com/brianc/node-postgres/blob/master/CHANGELOG.md)
- [Commits](https://github.com/brianc/node-postgres/commits/pg@8.19.0/packages/pg)

Updates `undici` from 7.16.0 to 7.22.0
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v7.16.0...v7.22.0)

Updates `viem` from 2.38.3 to 2.46.3
- [Release notes](https://github.com/wevm/viem/releases)
- [Commits](https://github.com/wevm/viem/compare/viem@2.38.3...viem@2.46.3)

Updates `@nestjs/testing` from 11.1.6 to 11.1.14
- [Release notes](https://github.com/nestjs/nest/releases)
- [Commits](https://github.com/nestjs/nest/commits/v11.1.14/packages/testing)

Updates `supertest` from 7.1.4 to 7.2.2
- [Release notes](https://github.com/ladjs/supertest/releases)
- [Commits](forwardemail/supertest@v7.1.4...v7.2.2)

Updates `@types/supertest` from 6.0.3 to 7.2.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/supertest)

---
updated-dependencies:
- dependency-name: "@filoz/synapse-sdk"
  dependency-version: 0.38.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: "@nestjs/common"
  dependency-version: 11.1.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: "@nestjs/core"
  dependency-version: 11.1.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: "@nestjs/platform-express"
  dependency-version: 11.1.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: axios
  dependency-version: 1.13.6
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: class-validator
  dependency-version: 0.15.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: filecoin-pin
  dependency-version: 0.17.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: pg
  dependency-version: 8.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: undici
  dependency-version: 7.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: viem
  dependency-version: 2.46.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: "@nestjs/testing"
  dependency-version: 11.1.14
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: supertest
  dependency-version: 7.2.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: "@types/supertest"
  dependency-version: 7.2.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: npm-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/apps/backend/npm-dependencies-e1bd2b65ed branch from 99cd52c to cf12fb1 Compare March 17, 2026 17:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

FOC
Status: 🐱 Todo

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@BigLep @FilOzzy