Bump @nestjs/platform-fastify from 10.4.6 to 11.1.14

[dependabot]

Bumps @nestjs/platform-fastify from 10.4.6 to 11.1.14.

Release notes

Sourced from @​nestjs/platform-fastify's releases.

v11.1.14 (2026-02-17)

Bug fixes

• platform-fastify
  • #16384 fix(fastify): fastify middleware bypass cve (@​kamilmysliwiec)
• common
  • #16307 fix: logger print invalid context when no stack trace provided (@​JulienDuf)

Enhancements

• common
  • #16314 fix(common): change requestOrigin type (@​SpencerKaiser)

Committers: 5

• Julien Dufresne (@​JulienDuf)
• Kamil Mysliwiec (@​kamilmysliwiec)
• Mykhailo Skrypsky (@​mixator)
• Spencer Kaiser (@​SpencerKaiser)
• 조수민 (@​suuuuuuminnnnnn)

v11.1.13 (2026-02-03)

Bug fixes

• common
  • #16230 fix(common): Fix skipping maxArrayLength and maxStringLength option (@​chojs23)

Enhancements

• microservices
  • #16286 feat(microservices): support per-handler qos in mqtt (@​suuuuuuminnnnnn)
  • #16262 Feat/microservices configurable max buffer size (@​jobnow)
• common
  • #16202 fix(common): exclude built-in primitives from strip proto keys (@​som14062005)

Dependencies

• platform-fastify
  • #16282 fix(deps): update dependency fastify to v5.7.4 (@​renovate[bot])
• platform-express
  • #16241 fix(deps): update dependency cors to v2.8.6 (@​renovate[bot])

Committers: 6

• Lee Donghyun (@​devizi0)
• Mykhailo Skrypsky (@​mixator)
• Neo (@​chojs23)
• Praveen Somasundaram (@​som14062005)
• Ricardo Gomes (@​jobnow)
• 조수민 (@​suuuuuuminnnnnn)

v11.1.12 (2026-01-15)

Bug fixes

• common

... (truncated)

Commits

• 5d31df7 chore(release): publish v11.1.14 release
• d74e9a8 fix(fastify): fastify middleware bypass cve
• 8d1c16c chore: update readme
• e3a958a chore(release): publish v11.1.13 release
• fba0de7 fix(deps): update dependency fastify to v5.7.4
• e2ef54b fix(deps): update dependency fastify to v5.7.2
• 4fa9409 fix(deps): update dependency fastify to v5.7.1
• ffddbfe chore(deps): bump fastify from 5.6.2 to 5.7.0
• 96932ad chore(release): publish v11.1.12 release
• 73f71c4 fix(deps): update dependency find-my-way to v9.4.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

---

Summary by cubic

Upgrade @nestjs/platform-fastify to 11.1.14 to adopt Fastify v5 and include a fix for a Fastify middleware bypass CVE. This brings Nest v11 peer requirements and updates routing, CORS, form parsing, and logging internals.

• Dependencies

  • Uses Fastify 5.7.4, find-my-way 9.x, path-to-regexp 8.x.
  • Updates @fastify/cors 11.2.0, @fastify/formbody 8.0.2, fastify-plugin 5.1.0, light-my-request 6.6.0, pino 10.x, tslib 2.8.1.

• Migration

  • Requires Node.js 20+.
  • Upgrade @nestjs/common and @nestjs/core to ^11 and align other Nest packages to v11.
  • If used, bump @fastify/static to ^8 || ^9 and @fastify/view to ^10 || ^11.
  • Verify custom Fastify plugins against v5 and re-check CORS/form parsing behavior.
  • Review logging setup for pino 10 changes.

^{Written for commit b2e4750. Summary will update on new commits.}

[cubic-dev-ai]

1 issue found across 2 files

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="package.json">

<violation number="1" location="package.json:30">
P1: This bumps `@nestjs/platform-fastify` to v11 while `@nestjs/common`/`@nestjs/core` remain on v10, introducing a Nest major-version mismatch and peer-dependency incompatibility.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[cubic-dev-ai]

P1: This bumps @nestjs/platform-fastify to v11 while @nestjs/common/@nestjs/core remain on v10, introducing a Nest major-version mismatch and peer-dependency incompatibility.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At package.json, line 30:

<comment>This bumps `@nestjs/platform-fastify` to v11 while `@nestjs/common`/`@nestjs/core` remain on v10, introducing a Nest major-version mismatch and peer-dependency incompatibility.</comment>

<file context>
@@ -27,7 +27,7 @@
     "@nestjs/passport": "^10.0.3",
     "@nestjs/platform-express": "^10.0.0",
-    "@nestjs/platform-fastify": "^10.4.6",
+    "@nestjs/platform-fastify": "^11.1.14",
     "@nestjs/platform-socket.io": "^10.4.15",
     "@nestjs/typeorm": "^10.0.2",
</file context>

Suggested change

	"@nestjs/platform-fastify": "^11.1.14",
	"@nestjs/platform-fastify": "^10.4.22",