fix(deps): update dependency @nestjs/microservices to v11 [security]#1122

Open

renovate[bot] wants to merge 1 commit intodevfrom

renovate/npm-nestjs-microservices-vulnerability

Contributor

renovate bot commented Apr 14, 2026

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
@nestjs/microservices (source)	`10.4.17` → `11.1.19`

GitHub Vulnerability Alerts

GHSA-hpwf-8g29-85qm

Impact

Attacker sends many small, valid JSON messages in one TCP frame
→ handleData() recurses once per message; buffer shrinks each call
→ maxBufferSize is never reached; call stack overflows instead
→ A ~47 KB payload is sufficient to trigger RangeError

Patches

Fixed in @nestjs/microservices@11.1.19

References

Discovered by https://github.com/hwpark6804-gif

Release Notes

nestjs/nest (@nestjs/microservices)

`v11.1.19`

`v11.1.18`

v11.1.18 (2026-04-03)

Bug fixes

microservices
- #16675 fix(microservices): preserve packet headers in nats serializer (@wwenrr)
core
- #16683 fix(core): prevent injector hang when design:paramtypes is missing (@Youmoo)
- #16637 fix(core): dependency injection edge case with moduleref.create (@JakobStaudinger)
- #16686 fix(core): sanitize sse message

Dependencies

core, platform-express, platform-fastify
- #16679 fix(deps): update dependency path-to-regexp to v8.4.2 (@renovate[bot])
platform-fastify
- #16623 fix(deps): update dependency fastify to v5.8.4 (@renovate[bot])
platform-ws
- #16618 chore(deps): bump ws from 8.19.0 to 8.20.0 (@dependabot[bot])
common
- #16619 chore(deps): bump file-type from 21.3.3 to 21.3.4 (@dependabot[bot])

Committers: 6

Ankit San (@ankitbelal)
Jakob Staudinger (@JakobStaudinger)
Kamil Mysliwiec (@kamilmysliwiec)
Krishna Chaitanya (@Krishnachaitanyakc)
MK (@wwenrr)
youmoo (@Youmoo)

`v11.1.17`

v11.1.17 (2026-03-16)

Enhancements

microservices
- #16218 feat(microservices): add redis driver identification (@vchomakov)

Bugs

platform-fastify
- auto-run middleware for HEAD requests as fastify redirects them to GET handlers (effectively skipping middleware execution) cbdf737 (@kamilmysliwiec)

Dependencies

common
- #16567 fix(deps): update dependency file-type to v21.3.2 (@renovate[bot])
platform-fastify
- #16533 fix(deps): update dependency fastify to v5.8.2 (@renovate[bot])

Committers: 3

Rohan Santhosh Kumar (@Rohan5commit)
Vasil Chomakov (@vchomakov)
Kamil Mysliwiec (@kamilmysliwiec)

`v11.1.16`

v11.1.16 (2026-03-05)

Bug fixes

microservices
- #16506 fix(microservices): fix double callback when isdisposed or err is truthy (@LhonRafaat)

Dependencies

platform-express
- #16507 fix(deps): update dependency multer to v2.1.1 (@renovate[bot])

Committers: 2

Lhon (@LhonRafaat)
Shahnoor Mujawar (@shahnoormujawar)

`v11.1.15`

What's Changed

fix(microservices): if indexOf return 0 will if will be falsy by @cuiweixie in #16401
fix(microservices): introuduce max pattern depth and object complexity by @kamilmysliwiec in #16402
chore(@nestjs/core): allow override for initializeWildcardHandlersIfE… by @StNekroman in #16468
chore(deps): update dependency @fastify/middie to v9.2.0 [security] by @renovate[bot] in #16472
fix(deps): update dependency multer to v2.1.0 [security] by @renovate[bot] in #16474

New Contributors

@cuiweixie made their first contribution in #16401
@StNekroman made their first contribution in #16468

Full Changelog: nestjs/nest@v11.1.14...v11.1.15

`v11.1.14`

v11.1.14 (2026-02-17)

Bug fixes

platform-fastify
- #16384 fix(fastify): fastify middleware bypass cve (@kamilmysliwiec)
common
- #16307 fix: logger print invalid context when no stack trace provided (@JulienDuf)

Enhancements

common
- #16314 fix(common): change requestOrigin type (@SpencerKaiser)

Committers: 5

Julien Dufresne (@JulienDuf)
Kamil Mysliwiec (@kamilmysliwiec)
Mykhailo Skrypsky (@mixator)
Spencer Kaiser (@SpencerKaiser)
조수민 (@suuuuuuminnnnnn)

`v11.1.13`

v11.1.13 (2026-02-03)

Bug fixes

common
- #16230 fix(common): Fix skipping maxArrayLength and maxStringLength option (@chojs23)

Enhancements

microservices
- #16286 feat(microservices): support per-handler qos in mqtt (@suuuuuuminnnnnn)
- #16262 Feat/microservices configurable max buffer size (@jobnow)
common
- #16202 fix(common): exclude built-in primitives from strip proto keys (@som14062005)

Dependencies

platform-fastify
- #16282 fix(deps): update dependency fastify to v5.7.4 (@renovate[bot])
platform-express
- #16241 fix(deps): update dependency cors to v2.8.6 (@renovate[bot])

Committers: 6

Lee Donghyun (@devizi0)
Mykhailo Skrypsky (@mixator)
Neo (@chojs23)
Praveen Somasundaram (@som14062005)
Ricardo Gomes (@jobnow)
조수민 (@suuuuuuminnnnnn)

`v11.1.12`

v11.1.12 (2026-01-15)

Bug fixes

common
- #16187 fix(common): regression in loading file-type under Windows OS (@iamkanguk97)

Dependencies

platform-ws
- #16161 chore(deps): bump ws from 8.18.3 to 8.19.0 (@dependabot[bot])
common
- #16155 fix(deps): update dependency file-type to v21.3.0 (@renovate[bot])
platform-fastify
- #16154 fix(deps): update dependency find-my-way to v9.4.0 (@renovate[bot])

Committers: 3

Antonio Tripodi (@Tony133)
KANGUK LEE (@iamkanguk97)
@miso-kyoungminkim

`v11.1.11`

v11.1.11 (2025-12-29)

Bug fixes

platform-fastify
- #16135 fix(platform-fastify): middie bypassing through decoded chars (@kamilmysliwiec)
core
- #16133 fix(core): add missing catch handler for forward-ref provider resolution (@coti-z)

Dependencies

platform-socket.io
- #16125 fix(deps): update dependency socket.io to v4.8.3 (@renovate[bot])
- #16114 chore(deps): bump socket.io from 4.8.1 to 4.8.2 (@dependabot[bot])
platform-fastify
- #16130 fix(deps): update dependency @fastify/static to v9 (@renovate[bot])
common
- #16127 chore(deps): bump file-type from 21.1.1 to 21.2.0 (@dependabot[bot])

Committers: 3

Himanshu Gupta (@manureja64)
Kamil Mysliwiec (@kamilmysliwiec)
coti (@coti-z)

`v11.1.10`

v11.1.10 (2025-12-22)

Bug fixes

core
- #16098 fix(core): instantiate nested transient providers in static context (@mag123c)
- #16005 fix(core): resolve all providers when using resolve() with each option (@malkovitc)
microservices
- #16072 fix(microservices): fix grpc stream method return type (@shash-hq)
common
- #16077 fix(common): resolve file-type path explicitly (@shash-hq)
- #16013 fix(common): Support fallbackToMimetype without buffer (@chenjieya)

Enhancements

common
- #16100 fix(common): improve error handling in FileTypeValidator (@malkovitc)
- #16060 feat(common): add message property to file type validator (@Jo-Minseok)
- #16079 fix: enhance ValidationPipe (@liu-jin-yi)
core
- #15721 feat(core): add Promise support for SSE handlers (@pythonjsgo)
microservices
- #15975 feat(microservices): add keepalive support for server side (@OlegStrokan)
common, core
- #15986 feat(core): add option for async logger compatibility (@mag123c)

Dependencies

platform-fastify
- #16041 fix(deps): update dependency @fastify/cors to v11.2.0 (@renovate[bot])
platform-express
- #16002 fix(deps): update dependency express to v5.2.1 (@renovate[bot])
common
- #15948 chore(deps): bump file-type from 21.1.0 to 21.1.1 (@dependabot[bot])

Committers: 11

Alexander (@pythonjsgo)
J_Coder (@Jo-Minseok)
Luke Son (@KAPUIST)
Oleh Strokan (@OlegStrokan)
Praveen Somasundaram (@som14062005)
Shashank (@shash-hq)
@chenjieya
@giorgikakauridze
@mag123c
chernomortsev evgeny (@malkovitc)
liu-jin-yi (@liu-jin-yi)

`v11.1.9`

v11.1.9 (2025-11-14)

Bug fixes

core
- #15865 fix(core): make get() throw for implicitly request-scoped trees (@JoeNutt)

Enhancements

common
- #15863 feat(common): add method options to @sse decorator (@TomerSteinberg)

Dependencies

platform-fastify
- #15899 chore(deps): bump fastify from 5.6.1 to 5.6.2 (@dependabot[bot])

Committers: 4

Rami (@JoeNutt)
Rhynel Algopera (@dev-rhynel)
Tomer Steinberg (@TomerSteinberg)
WuMingDao (@WuMingDao)

`v11.1.8`

v11.1.8 (2025-10-27)

Bug fixes

core
- #15815 fix(core): ensure nested transient provider isolation (@mag123c)
platform-fastify
- #15831 fix(fastify): Migrate fastify top-level options to routerOptions (@kim-sung-jee)

Committers: 2

JaeHo Jang (@mag123c)
Seongjee Kim (@kim-sung-jee)

`v11.1.7`

v11.1.7 (2025-10-21)

Bug fixes

microservices
- #15747 Fix/rmq microservice fanout bind (@slon2015)
platform-fastify
- #15732 fix: correct parameter type in RouteConstraints decorator (@thedv91)
core
- #15571 fix(core): skip lifecycle hooks for non-instantiated transient services (@mag123c)
common
- #15577 Add color allowance check to console logger options (@kerryChen95)

Enhancements

common, platform-socket.io, websockets
- #15543 feat(websockets): allow manual acknowledgement handling with @Ack() decorator (@kim-sung-jee)
common
- #15705 fix(core): resolve extras in configurable module builder async methods (@mag123c)
common, core
- #15503 feat(common): add force-console option to console logger (@mag123c)
core
- #15588 fix(core): improve dependency resolution error messages (@at7211)
microservices
- #15598 feat(errors): add InvalidTcpDataReceptionException for handling TCP receive errors (@ghyghoo8)

Dependencies

platform-fastify
- #15664 chore(deps): bump fastify to 5.6.1 (@dependabot[bot])
core, platform-express, platform-fastify
- #15622 fix(deps): update dependency path-to-regexp to v8.3.0 (@renovate[bot])
common
- #15566 chore(deps): bump load-esm from 1.0.2 to 1.0.3 (@dependabot[bot])

Committers: 9

Harry (@thedv91)
JaeHo Jang (@mag123c)
Jay-Chou (@at7211)
Kerry (@kerryChen95)
Micael Levi L. Cavalcante (@micalevisk)
Seongjee Kim (@kim-sung-jee)
SerafimGerasimov (@slon2015)
@Olexandr88
ghy (@ghyghoo8)

`v11.1.6`

v11.1.6 (2025-08-07)

Bug fixes

core
- #15504 fix(core): fix race condition in class dependency resolution from imported modules (@hajekjiri)
- #15469 fix(core): attach root inquirer for nested transient providers (@kamilmysliwiec)
microservices
- #15508 fix(microservices): report correct buffer length in exception (@kim-sung-jee)
- #15492 fix(microservices): fix kafka serilization of class instances (@LeonBiersch)

Dependencies

platform-fastify
- #15493 chore(deps): bump @fastify/cors from 11.0.1 to 11.1.0 (@dependabot[bot])

Committers: 6

Jiri Hajek (@hajekjiri)
Kamil Mysliwiec (@kamilmysliwiec)
Leon Biersch (@LeonBiersch)
Seongjee Kim (@kim-sung-jee)
@premierbell
pTr (@ptrgits)

`v11.1.5`

v11.1.5 (2025-07-18)

Dependencies

platform-express
- #15425 chore(deps): bump multer from 2.0.1 to 2.0.2 in /packages/platform-express (@dependabot[bot])

`v11.1.4`

v11.1.4 (2025-07-16)

Bug fixes

platform-fastify
- #15385 fix(testing): auto-init fastify adapter for middleware registration (@mag123c)
core, testing
- #15405 fix(core): fix race condition in class dependency resolution (@hajekjiri)
core
- #15333 fix(core): Make flattenRoutePath return a valid module (@gentunian)
microservices
- #15305 fix(microservices): Revisit RMQ pattern matching with wildcards (@getlarge)
- #15250 fix(constants): update RMQ_DEFAULT_QUEUE to an empty string (@EeeasyCode)

Enhancements

platform-fastify
- #14789 feat(fastify): add decorator for custom schema (@piotrfrankowski)
common, core, microservices, platform-express, platform-fastify, websockets
- #15386 feat: enhance introspection capabilities (@kamilmysliwiec)
core
- #15374 feat: supporting fine async storage control (@Farenheith)

Dependencies

platform-ws
- #15350 chore(deps): bump ws from 8.18.2 to 8.18.3 (@dependabot[bot])
platform-fastify
- #15278 chore(deps): bump fastify from 5.3.3 to 5.4.0 (@dependabot[bot])

Committers: 11

Alexey Filippov (@SocketSomeone)
EFIcats (@ext4cats)
Edouard Maleix (@getlarge)
JaeHo Jang (@mag123c)
Jiri Hajek (@hajekjiri)
Kamil Mysliwiec (@kamilmysliwiec)
Khan / 이창민 (@EeeasyCode)
Peter F. (@piotrfrankowski)
Sebastian (@gentunian)
Thiago Oliveira Santos (@Farenheith)
jochong (@jochongs)

`v11.1.3`

v11.1.3 (2025-06-06)

Bug fixes

core
- #15201 fix(core): gracefully shutdown the app when repl exits (@dzhlobo)

Enhancements

common
- #15209 feat: add string array type to disposition (@fjodor-rybakov)
common, core
- #15203 feat(core): defer initialization connected microservice (@isaryy)

Dependencies

platform-express
- #15232 chore(deps): bump multer from 2.0.0 to 2.0.1 (@dependabot[bot])

Committers: 3

Dmitry Zhlobo (@dzhlobo)
@fjodor-rybakov
@isaryy

`v11.1.2`

v11.1.2 (2025-05-26)

Bug fixes

microservices
- #15172 fix(microservices): support custom strategy in async usefactory config (@mag123c)
- #15166 fix(microservice): prevent error logs during redis client shutdown (@janroker)

Dependencies

common
- #15185 chore(deps): bump file-type from 20.5.0 to 21.0.0 (@dependabot[bot])
platform-express
- #15159 chore(deps): bump multer from 1.4.5-lts.2 to 2.0.0 (@dependabot[bot])

Committers: 2

JaeHo Jang (@mag123c)
Jan Roček (@janroker)

`v11.1.1`

v11.1.1 (2025-05-14)

Bug fixes

core
- #15056 fix(core): HTTP adapter error mapping (@maxbronnikov10)
microservices
- #15062 fix(microservices): ensure all redis and amqp client closes properly (@yatin166)
- #15032 fix(microservices): ensure all the amqp connections are closed properly (@yatin166)
- #15020 fix(microservices): ensure all redis connections are closed (@yatin166)
core, platform-fastify
- #15061 fix(core): bring back getHeader and appendHeader methods from AbstractHttpAdapter (@micalevisk)
platform-express
- #15010 feat: remove use of pipeline (@jmcdo29)

Enhancements

microservices
- #14606 feat(microservices): add specific transport id to microservices (@maxbronnikov10)
- #15057 feat(microservices): Allow custom exchangeType as string for plugin compatibility (@ChangmoKang)
- #15072 feat(microservices): Add exchange arguments to RabbitMQ (@gapon2401)

Dependencies

platform-fastify
- #15129 chore(deps): bump fastify from 5.3.2 to 5.3.3 (@dependabot[bot])
platform-ws
- #15068 chore(deps): bump ws from 8.18.1 to 8.18.2 (@dependabot[bot])
common
- #15029 chore(deps): bump file-type from 20.4.1 to 20.5.0 (@dependabot[bot])

Committers: 7

Antonio Tripodi (@Tony133)
Changmo Kang (Ryan) (@ChangmoKang)
Igor Gaponov (@gapon2401)
Jackie McDoniel (@jmcdo29)
Maxim Bronnikov (@maxbronnikov10)
Micael Levi L. Cavalcante (@micalevisk)
Yatin Gaikwad (@yatin166)

`v11.1.0`

v11.1.0 (2025-04-23)

Enhancements

microservices
- #14540 feat(microservices): add support for topic exchange (rabbitmq) (@kamilmysliwiec)

Committers: 1

Kamil Mysliwiec (@kamilmysliwiec)

`v11.0.21`

v11.0.21 (2025-04-23)

Enhancements

common
- #14995 feat(common): Add fallbackToMimetype support in FileTypeValidator (@mag123c)

Dependencies

platform-fastify
- #14989 fix(deps): update dependency fastify to v5.3.2 [security] (@renovate[bot])

Committers: 1

JaeHo Jang (@mag123c)

`v11.0.20`

What's Changed

refactor(common): Prevent JavaScript being wrapped in eval by @Borewit in #14974

New Contributors

@Borewit made their first contribution in #14974

Full Changelog: nestjs/nest@v11.0.19...v11.0.20

`v11.0.19`

`v11.0.18`

What's Changed

chore(common): temporarily move file-type to regular deps d9a69a3

Full Changelog: nestjs/nest@v11.0.17...v11.0.18

`v11.0.17`

`v11.0.16`

v11.0.16 (2025-04-11)

fix(common): use file-type to validate file mimetypes by @Chathula in #14881

`v11.0.15`

v11.0.15 (2025-04-10)

Bug fixes

platform-fastify
- #14935 fix(fastify): methods comparison (@johaven)

Committers: 1

Johan Legrand (@johaven)

`v11.0.14`

v11.0.14 (2025-04-09)

Bug fixes

platform-fastify
- #14511 fix(fastify): adds the non-standard http methods to the instance (@johaven)

Committers: 1

Johan Legrand (@johaven)

`v11.0.13`

v11.0.13 (2025-04-03)

Bug fixes

platform-fastify
- #14895 fix(fastify-adapter): global prefix exclusion path handling w/middleware (@KyleLilly)
microservices
- #14869 fix(microservices): do not re-create client connection once get client by service name (@mingo023)

Dependencies

platform-express
- #14883 fix(deps): update dependency express to v5.1.0 (@renovate[bot])
- #14817 fix(deps): update dependency multer to v1.4.5-lts.2 (@renovate[bot])
platform-fastify
- #14861 fix(deps): update dependency fastify to v5.2.2 (@renovate[bot])
- #14864 chore(deps): bump @fastify/cors from 11.0.0 to 11.0.1 (@dependabot[bot])

Committers: 2

Kyle Lilly (@KyleLilly)
Minh Ngo (@mingo023)

`v11.0.12`

v11.0.12 (2025-03-19)

Bug fixes

core
- #14803 fix(core): infinite loop on broken circular reference (@kamilmysliwiec)
- #14792 dependencies not resolving for request-scoped lazy providers (@anizozina)

Enhancements

core
- #14802 feat(core): add options to the legacy route converter (@kamilmysliwiec)

`v11.0.11`

v11.0.11 (2025-02-28)

Enhancements

platform-fastify
- #14677 perf: Switch deprecated parser querystring for fast-querystring (@smith558)

Dependencies

platform-fastify
- #14711 fix(deps): update dependency @fastify/cors to v11 (@renovate[bot])
platform-ws
- #14689 chore(deps): bump ws from 8.18.0 to 8.18.1 (@dependabot[bot])

Committers: 1

Stanislav (Stanley) Modrak (@smith558)

`v11.0.10`

v11.0.10 (2025-02-17)

Bug fixes

microservices
- #14605 fix(microservices): server send drops emitted value (@shprota)
platform-express
- #14640 fix(platform-express) respect custom parser middlewares in Express 5 (@luddwichr)

`v11.0.9`

v11.0.9 (2025-02-10)

Bug fixes

core
- #14597 perf(core): use topology tree for calculating distance (depth) (@kamilmysliwiec)
common
- #14579 fix(common): revert to original value (swc builders regression) (@kamilmysliwiec)

Committers: 2

Kamil Mysliwiec (@kamilmysliwiec)

`v11.0.8`

v11.0.8 (2025-02-06)

Bug fixes

common
- #14546 fix(common): addLeadingSlash optional group support (@dcharbonnier)
platform-express
- #14574 fix(platform-express) make check for existing middlewares work with Express 5 (@luddwichr)

Committers: 4

Ghassen Rjab (@GhassenRjab)
Shay Molcho (@shaymolcho)
@dcharbonnier
@luddwichr

`v11.0.7`

v11.0.7 (2025-01-31)

Bug fixes

core
- #14523 fix: middleware sort issues (@rbnayax)

Committers: 1

@rbnayax

`v11.0.6`

v11.0.6 (2025-01-27)

Bug fixes

core
- #14522 fix(core): allow optional named wildcard groups (@kamilmysliwiec)

Committers: 1

Kamil Mysliwiec (@kamilmysliwiec)

`v11.0.5`

v11.0.5 (2025-01-23)

Bug fixes

core
- #14495 fix(core): global module middleware should be executed first (@kamilmysliwiec)

Committers: 1

Kamil Mysliwiec (@kamilmysliwiec)

`v11.0.4`

`v11.0.3`

`v11.0.2`

`v11.0.1`

`v11.0.0`

v11.0.0 (2025-01-16)

Article: https://trilon.io/blog/announcing-nestjs-11-whats-new
Migration guide: https://docs.nestjs.com/migration-guide 👈 👈 👈

⚠️ Node v16 and v18 are no longer supported (>= v20 is required).

Features

common, core, microservices
- #14142 feat(microservices): add status, unwrap, on methods to microservice transporters (clients/servers) (@kamilmysliwiec)
- #14121 feat(common): add json logger, built-in logger improvements (@kamilmysliwiec)
common, core
- #13336 feat(core): introduce different module opaque key factories (improve bootstrap performance) (@kamilmysliwiec)
common, core, microservices, platform-express, platform-fastify, platform-socket.io, platform-ws, testing, websockets
- #14238 chore(deps): upgrade to express v5, fastify v5, add legacy route path converter to minimize breaking changes (@kamilmysliwiec)

Enhancements

common
- #14213 feat(common): add error messages for file validators (@mag123c)
- #14131 feat(common): allow passing number to http error createBody (@kamilmysliwiec)
- #14122 feat(common): add ParseDatePipe, add tsdoc to other pipes (@kamilmysliwiec)
- #12735 feat(common)!: type narrowing allowed injection tokens for @Inject() (@micalevisk)
- #12764 fix(common): apply options to plaintoclass in classserializerinterceptor (@kmw14641)
- #14126 fix(common): type narrowing context parameter on createParamDecorator's callback (@EeeasyCode)
- #13628 chore(class-transformer): plainToClass is deprectated and replaced with plainToInstance (@tomflorentin)
microservices
- #14200 feat(microservices): support nats queue per handler (@kamilmysliwiec)
- #13924 feat(microservices): add gracefull shutdown option for nats server (@alinowrouzii)
- #12622 feat: allow for microservice options to come from the di container (@jmcdo29)
- #14134 feat(microservices): add max tcp packet buffer length (@kamilmysliwiec)
- #12761 feat(microservices): ability to use a random port for the TCP server (@PieterScheffers)
websockets
- #14184 feat(websockets): include exception cause to associate error with req (@kamilmysliwiec)
common, core, microservices, websockets
- #14182 feat(common): introduce intrinsic exception (@kamilmysliwiec)
common, core, platform-fastify
- #13278 feat(core,common,platform-fastify): add webdav http methods support (@johaven)
platform-express
- #13407 feat: add multer error fieldname to the exception message (@mmgroner)
platform-ws
- #14127 feat(ws): introduce message parser for ws adapter (@CodyTseng)
platform-fastify
- #14115 chore(fastify): update fastify view options interface (@Tony133)
- #14116 refactor(fastify): update fastify static options interface (@Tony133)
common, core
- #14113 feat(core): allow overriding abortOnError for the select method (@kamilmysliwiec)

Bug fixes

core
- #14267 fix shutdown hooks order (@flovouin)
- #13388 correction of Reflector types (@AlexRMU)
- #14110 fix(core): Calculate module distance after bindGlobalScope (@wenlong-chen)
- #14111 fix(core): Order of module destroy should be the reverse of module init (@wenlong-chen)
- #14097 fix(core): revisit dependencies w/ possibly higher distance (@clkamp)
platform-fastify
- #13797 fix(fastify-adapter): middleware not executed when root path is excluded (@patrickacioli)
microservices
- #14129 fix: rabbitmq bindings and auto-generated queues (@EeeasyCode)
- #14112 fix(microservices): use instance refs for target handler callbacks (@kamilmysliwiec)
- #13468 fix(microservices): delete unnecessary call of grpcClient.start (@kamilmysliwiec)
common
- #14114 fix(common)!: drop broken support for promises on exports of modules (@micalevisk)

Other packages in the ecosystem

config (breaking changes)
- https://github.com/nestjs/config/releases/tag/4.0.0
cli
- https://github.com/nestjs/nest-cli/releases/tag/11.0.0
cache-manager (breaking changes)
- https://github.com/nestjs/cache-manager/releases/tag/3.0.0
cqrs
- https://github.com/nestjs/cqrs/releases/tag/11.0.0

Dependencies

Other
- #14205 chore(dev-deps): upgrade to eslint v9 (@kamilmysliwiec)
- #14428 fix(deps): update dependency mercurius to v16.0.1 (@renovate[bot])
- #14424 fix(deps): update dependency mongoose to v8.9.5 (@renovate[bot])
- #14410 fix(deps): update dependency @fastify/static to v8.0.4 (@renovate[bot])
- #14411 fix(deps): update dependency @fastify/view to v10.0.2 (@renovate[bot])
- #14403 chore(deps): update dependency nats to v2.29.1 (@renovate[bot])
- #14400 fix(deps): update dependency ansis to v3.8.1 (@renovate[bot])
- [#14337](https://redirect.github.com/nestjs

Configuration

📅 Schedule: (UTC)

Branch creation
- ""
Automerge
- At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.


          fix(deps): update dependency @nestjs/microservices to v11 [security]

de953f5

renovate bot requested a review from a team as a code owner

April 14, 2026 00:43

renovate bot added dependencies deps: javascript labels

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies deps: javascript