Skip to content

chore(deps): bump the npm-dependencies group across 1 directory with 23 updates#633

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/apps/backend/npm-dependencies-b6a935cf99
Open

chore(deps): bump the npm-dependencies group across 1 directory with 23 updates#633
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/apps/backend/npm-dependencies-b6a935cf99

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 30, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm-dependencies group with 23 updates in the /apps/backend directory:

Package From To
@clickhouse/client 1.18.2 1.22.0
@ipld/car 5.4.2 5.4.6
@ipld/dag-pb 4.1.5 4.1.7
@nestjs/common 11.1.13 11.1.27
@nestjs/config 4.0.3 4.0.4
@nestjs/core 11.1.13 11.1.27
@nestjs/platform-express 11.1.13 11.1.27
@nestjs/schedule 6.1.1 6.1.3
@nestjs/swagger 11.2.6 11.4.4
@nestjs/typeorm 11.0.0 11.0.3
@willsoto/nestjs-prometheus 6.0.2 6.1.0
axios 1.13.5 1.18.1
class-validator 0.14.3 0.15.1
filecoin-pin 1.0.1 1.1.1
helmet 8.1.0 8.2.0
joi 18.0.2 18.2.3
pg 8.18.0 8.22.0
pg-boss 12.11.1 12.23.0
viem 2.48.11 2.53.1
@nestjs/cli 11.0.16 11.0.23
@nestjs/schematics 11.0.9 11.1.0
@nestjs/testing 11.1.13 11.1.27
ts-loader 9.5.4 9.6.2

Updates @clickhouse/client from 1.18.2 to 1.22.0

Release notes

Sourced from @​clickhouse/client's releases.

1.22.0

New features

  • (Node.js) The compression.request / compression.response client options now accept an explicit codec via an object, in addition to the existing boolean: true keeps gzip (backwards compatible), and { codec: "zstd" } selects zstd. The object form is intentionally extensible for future codecs and codec-specific options. zstd typically yields a similar-or-better ratio than gzip at noticeably lower CPU cost (gzip/DEFLATE is comparatively CPU-heavy and decompressed single-threaded by the ClickHouse server), and it uses the built-in zlib zstd support, so it requires Node.js >= 22.15.0 (@clickhouse/client throws a clear error at client creation otherwise). Response decompression is driven by the server's actual Content-Encoding, so it degrades gracefully. The request object form also accepts an optional level ({ codec, level }) to set the codec-specific compression level (zlib level for gzip, zstd compression level for zstd); the response compression level is controlled by the server. Supported only by @clickhouse/client (Node.js); @clickhouse/client-web rejects the zstd codec at client creation.

  • (Node.js) Brotli ({ codec: "br" }) is now supported for compression.request / compression.response, alongside gzip and zstd. Unlike zstd, Brotli is available on every supported Node.js version (no minimum-version requirement). The compression.request option is a per-codec discriminated union, so each codec exposes its own tuning option: a level for gzip/zstd, a quality for Brotli ({ codec: "br", quality }). When omitted, Brotli defaults to quality 4 for request bodies, since zlib's brotli default of 11 (max) is far too slow for a streaming insert path. Response decompression follows the server's Content-Encoding. Supported only by @clickhouse/client (Node.js).

Internal changes (@clickhouse/client-common)

These only affect code that imports the low-level connection primitives from the deprecated @clickhouse/client-common package directly (e.g. a custom Connection implementation). The createClient compression option is unchanged and fully backwards compatible — if you only use @clickhouse/client or @clickhouse/client-web, you are not affected.

To carry the codec (and its optional compression level) instead of a bare on/off flag, the internal compression representation changed shape:

  • CompressionSettings.compress_request / decompress_response are no longer boolean. They are now a normalized codec object or undefined (disabled): { codec: "gzip" | "zstd"; level?: number } | { codec: "br"; quality?: number } for the request, { codec: "gzip" | "zstd" | "br" } for the response (response compression options are chosen by the server). getConnectionParams normalizes the public request option into this form (true{ codec: "gzip" }).
  • withCompressionHeaders now takes request_compression_codec / response_compression_codec (a CompressionMethod | undefined) instead of the boolean enable_request_compression / enable_response_compression; the codec value is also the Content-Encoding / Accept-Encoding it emits.
  • withHttpSettings now takes the response codec object ({ codec } | undefined) instead of a boolean.
  • New exported types: CompressionMethod, RequestCompression, ResponseCompression.

Why: a single boolean could not express which codec to use or its level, and a separate level field on CompressionSettings would have mixed a codec-specific option into the shared type. Discriminating by codec keeps each codec's options on the codec it belongs to.

Documentation

  • Added two tracer adapter recipes to docs/howto/tracing.md and examples/node/coding/otel_tracing.ts, demonstrating how common OpenTelemetry auto-instrumentation options compose as thin userland wrappers around the tracer API instead of being baked into the client: requireParentSpan (skip ClickHouse spans when there is no active parent span — e.g. background health checks) and suppressing the duplicate nested HTTP spans emitted by @opentelemetry/instrumentation-http (via suppressTracing from @opentelemetry/core).

#864: ClickHouse/clickhouse-js#864

1.21.0

New features

  • The tracer API (unreleased, introduced in #776) now follows the OpenTelemetry database semantic conventions and matches the attribute vocabulary of the Rust client (clickhouse-rs); see docs/howto/tracing.md for the documentation. In particular (#828):

    • Spans now carry db.system.name (instead of db.system), server.address + server.port (instead of a combined host:port), clickhouse.request.query_id / clickhouse.request.session_id (instead of clickhouse.query_id / clickhouse.session_id), clickhouse.response.format on query and clickhouse.request.format on insert (instead of clickhouse.format), and db.operation.name + db.collection.name on insert (instead of clickhouse.table).
    • The span status is left unset on success (per the OTEL spec recommendation for client spans, previously set to OK); on failure, the span gets the error.type attribute (the error class name) and, for server-side errors, clickhouse.error.code (the numeric ClickHouse error code).
    • Spans record response-side attributes: db.response.status_code (HTTP status) and, when the X-ClickHouse-Summary header is available, clickhouse.summary.* counters (read_rows, written_rows, etc.).
    • query() now emits two spans: clickhouse.query covers the HTTP request lifetime and ends as soon as the response headers are received; a child clickhouse.query.stream span is handed to the ResultSet and tracks the stream consumption, ending when the response is fully read, closed, or fails - with the final clickhouse.response.decoded_bytes and (for row-streaming) db.response.returned_rows metrics. This separation makes it easy to distinguish the original request duration from a stream that may never end (e.g. tailing a live table).
    • Fixed a span leak in the Web ResultSet.stream() path: if the underlying fetch response stream was aborted (e.g. due to a network error), the clickhouse.query.stream span was never ended. The TransformStream now handles both source-stream aborts and consumer-side cancellations via a cancel callback.
    • The insert span records clickhouse.request.sent_rows for array-based inserts.
  • Added a use_multipart_params_auto client option (default: false). When enabled, query() automatically sends query_params as multipart/form-data body parts (the same mechanism as use_multipart_params) once their URL-encoded length exceeds 4096 characters, avoiding HTTP 414/400 errors from HTTP intermediaries (nginx, AWS ALB, CloudFront) caused by over-long URLs - for example, a large IN list or a high-dimensional vector embedding. Smaller parameter payloads remain in the URL query string, so existing behavior is unchanged unless the threshold is crossed. use_multipart_params: true still forces multipart for all queries regardless of size. This does not change the server's per-value size limit, which is governed by http_max_field_value_size. Supported on both @clickhouse/client and @clickhouse/client-web, and overridable per request via use_multipart_params_auto on query(). Ported from clickhouse-connect#789. (#827)

const client = createClient({ use_multipart_params_auto: true });
await client.query({
query: "SELECT * FROM events WHERE id IN {ids:Array(UInt64)}",
// Sent in the URL when small, auto-promoted to the multipart body when large
query_params: { ids: veryLargeArrayOfIds },
});

... (truncated)

Changelog

Sourced from @​clickhouse/client's changelog.

1.22.0

New features

  • (Node.js) The compression.request / compression.response client options now accept an explicit codec via an object, in addition to the existing boolean: true keeps gzip (backwards compatible), and { codec: "zstd" } selects zstd. The object form is intentionally extensible for future codecs and codec-specific options. zstd typically yields a similar-or-better ratio than gzip at noticeably lower CPU cost (gzip/DEFLATE is comparatively CPU-heavy and decompressed single-threaded by the ClickHouse server), and it uses the built-in zlib zstd support, so it requires Node.js >= 22.15.0 (@clickhouse/client throws a clear error at client creation otherwise). Response decompression is driven by the server's actual Content-Encoding, so it degrades gracefully. The request object form also accepts an optional level ({ codec, level }) to set the codec-specific compression level (zlib level for gzip, zstd compression level for zstd); the response compression level is controlled by the server. Supported only by @clickhouse/client (Node.js); @clickhouse/client-web rejects the zstd codec at client creation.

  • (Node.js) Brotli ({ codec: "br" }) is now supported for compression.request / compression.response, alongside gzip and zstd. Unlike zstd, Brotli is available on every supported Node.js version (no minimum-version requirement). The compression.request option is a per-codec discriminated union, so each codec exposes its own tuning option: a level for gzip/zstd, a quality for Brotli ({ codec: "br", quality }). When omitted, Brotli defaults to quality 4 for request bodies, since zlib's brotli default of 11 (max) is far too slow for a streaming insert path. Response decompression follows the server's Content-Encoding. Supported only by @clickhouse/client (Node.js).

Internal changes (@clickhouse/client-common)

These only affect code that imports the low-level connection primitives from the deprecated @clickhouse/client-common package directly (e.g. a custom Connection implementation). The createClient compression option is unchanged and fully backwards compatible — if you only use @clickhouse/client or @clickhouse/client-web, you are not affected.

To carry the codec (and its optional compression level) instead of a bare on/off flag, the internal compression representation changed shape:

  • CompressionSettings.compress_request / decompress_response are no longer boolean. They are now a normalized codec object or undefined (disabled): { codec: "gzip" | "zstd"; level?: number } | { codec: "br"; quality?: number } for the request, { codec: "gzip" | "zstd" | "br" } for the response (response compression options are chosen by the server). getConnectionParams normalizes the public request option into this form (true{ codec: "gzip" }).
  • withCompressionHeaders now takes request_compression_codec / response_compression_codec (a CompressionMethod | undefined) instead of the boolean enable_request_compression / enable_response_compression; the codec value is also the Content-Encoding / Accept-Encoding it emits.
  • withHttpSettings now takes the response codec object ({ codec } | undefined) instead of a boolean.
  • New exported types: CompressionMethod, RequestCompression, ResponseCompression.

Why: a single boolean could not express which codec to use or its level, and a separate level field on CompressionSettings would have mixed a codec-specific option into the shared type. Discriminating by codec keeps each codec's options on the codec it belongs to.

Documentation

  • Added two tracer adapter recipes to docs/howto/tracing.md and examples/node/coding/otel_tracing.ts, demonstrating how common OpenTelemetry auto-instrumentation options compose as thin userland wrappers around the tracer API instead of being baked into the client: requireParentSpan (skip ClickHouse spans when there is no active parent span — e.g. background health checks) and suppressing the duplicate nested HTTP spans emitted by @opentelemetry/instrumentation-http (via suppressTracing from @opentelemetry/core).

1.21.0

New features

  • The tracer API (unreleased, introduced in #776) now follows the OpenTelemetry database semantic conventions and matches the attribute vocabulary of the Rust client (clickhouse-rs); see docs/howto/tracing.md for the documentation. In particular (#828):

    • Spans now carry db.system.name (instead of db.system), server.address + server.port (instead of a combined host:port), clickhouse.request.query_id / clickhouse.request.session_id (instead of clickhouse.query_id / clickhouse.session_id), clickhouse.response.format on query and clickhouse.request.format on insert (instead of clickhouse.format), and db.operation.name + db.collection.name on insert (instead of clickhouse.table).
    • The span status is left unset on success (per the OTEL spec recommendation for client spans, previously set to OK); on failure, the span gets the error.type attribute (the error class name) and, for server-side errors, clickhouse.error.code (the numeric ClickHouse error code).
    • Spans record response-side attributes: db.response.status_code (HTTP status) and, when the X-ClickHouse-Summary header is available, clickhouse.summary.* counters (read_rows, written_rows, etc.).
    • query() now emits two spans: clickhouse.query covers the HTTP request lifetime and ends as soon as the response headers are received; a child clickhouse.query.stream span is handed to the ResultSet and tracks the stream consumption, ending when the response is fully read, closed, or fails - with the final clickhouse.response.decoded_bytes and (for row-streaming) db.response.returned_rows metrics. This separation makes it easy to distinguish the original request duration from a stream that may never end (e.g. tailing a live table).
    • Fixed a span leak in the Web ResultSet.stream() path: if the underlying fetch response stream was aborted (e.g. due to a network error), the clickhouse.query.stream span was never ended. The TransformStream now handles both source-stream aborts and consumer-side cancellations via a cancel callback.
    • The insert span records clickhouse.request.sent_rows for array-based inserts.
  • Added a use_multipart_params_auto client option (default: false). When enabled, query() automatically sends query_params as multipart/form-data body parts (the same mechanism as use_multipart_params) once their URL-encoded length exceeds 4096 characters, avoiding HTTP 414/400 errors from HTTP intermediaries (nginx, AWS ALB, CloudFront) caused by over-long URLs - for example, a large IN list or a high-dimensional vector embedding. Smaller parameter payloads remain in the URL query string, so existing behavior is unchanged unless the threshold is crossed. use_multipart_params: true still forces multipart for all queries regardless of size. This does not change the server's per-value size limit, which is governed by http_max_field_value_size. Supported on both @clickhouse/client and @clickhouse/client-web, and overridable per request via use_multipart_params_auto on query(). Ported from clickhouse-connect#789. (#827)

const client = createClient({ use_multipart_params_auto: true });
await client.query({
query: "SELECT * FROM events WHERE id IN {ids:Array(UInt64)}",
// Sent in the URL when small, auto-promoted to the multipart body when large
query_params: { ids: veryLargeArrayOfIds },
});

  • Added a use_multipart_params client option (default: false). When enabled, query() sends query_params as multipart/form-data body parts (with the SQL moved into a query part) instead of URL query-string entries, avoiding HTTP 400 errors caused by over-long URLs when parameters contain large arrays (25K+ values). All other URL search params (database, query_id, settings, session_id, role) remain in the URL. Supported on both @clickhouse/client and @clickhouse/client-web, and overridable per request via use_multipart_params on query(). (#825)

... (truncated)

Commits
  • bb7d9d2 Merge pull request #862 from ClickHouse/main
  • 4a86c42 Bump undici from 8.4.1 to 8.5.0 (#858)
  • 56b48ee Bump the dev-dependencies group across 1 directory with 12 updates (#854)
  • 6a5d177 Investigating Codecov coverage upload problems (#860)
  • e000ada Add tracer adapter recipes (requireParentSpan, suppress nested HTTP spans) (#...
  • 45fdbee Follow-up to #849: simplify the unknown-encoding decompression test (#859)
  • 09be3c5 Brotli (br) compression codec and per-codec request compression options (#849)
  • e6c3113 Improving codecov upload process and reporting (#857)
  • dc4c322 Add OSS-dependent integration tests to guard breaking changes (#856)
  • a385828 Make Dependabot CI green by default by skipping secret-dependent jobs (#855)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​clickhouse/client since your current version.


Updates @ipld/car from 5.4.2 to 5.4.6

Release notes

Sourced from @​ipld/car's releases.

v5.4.6

5.4.6 (2026-05-12)

Trivial Changes

  • deps: bump @​ipld/dag-json from 10.2.9 to 11.0.0 in /examples (#184) (eefd849)

Dependencies

  • bump @​ipld/dag-cbor from 9.2.7 to 10.0.1 (#182) (a2ab328)

v5.4.5

5.4.5 (2026-05-11)

Trivial Changes

  • deps: bump multiformats from 13.4.2 to 14.0.0 in /examples (#181) (d3255f1)

Dependencies

  • bump multiformats from 13.4.2 to 14.0.0 (#180) (e1d683e)

v5.4.4

5.4.4 (2026-05-07)

Dependencies

  • dev: bump aegir from 47.2.0 to 48.0.1 (#179) (a3dca47)

v5.4.3

5.4.3 (2026-04-02)

Trivial Changes

  • deps: bump multiformats from 12.1.3 to 13.4.2 in /examples (#176) (2c87540)

Dependencies

Changelog

Sourced from @​ipld/car's changelog.

5.4.6 (2026-05-12)

Trivial Changes

  • deps: bump @​ipld/dag-json from 10.2.9 to 11.0.0 in /examples (#184) (eefd849)

Dependencies

  • bump @​ipld/dag-cbor from 9.2.7 to 10.0.1 (#182) (a2ab328)

5.4.5 (2026-05-11)

Trivial Changes

  • deps: bump multiformats from 13.4.2 to 14.0.0 in /examples (#181) (d3255f1)

Dependencies

  • bump multiformats from 13.4.2 to 14.0.0 (#180) (e1d683e)

5.4.4 (2026-05-07)

Dependencies

  • dev: bump aegir from 47.2.0 to 48.0.1 (#179) (a3dca47)

5.4.3 (2026-04-02)

Trivial Changes

  • deps: bump multiformats from 12.1.3 to 13.4.2 in /examples (#176) (2c87540)

Dependencies

Commits
  • 547e433 chore(release): 5.4.6 [skip ci]
  • a2ab328 deps: bump @​ipld/dag-cbor from 9.2.7 to 10.0.1 (#182)
  • eefd849 chore(deps): bump @​ipld/dag-json from 10.2.9 to 11.0.0 in /examples (#184)
  • 55f9112 chore(release): 5.4.5 [skip ci]
  • e1d683e deps: bump multiformats from 13.4.2 to 14.0.0 (#180)
  • d3255f1 chore(deps): bump multiformats from 13.4.2 to 14.0.0 in /examples (#181)
  • ed69005 chore(release): 5.4.4 [skip ci]
  • a3dca47 deps(dev): bump aegir from 47.2.0 to 48.0.1 (#179)
  • 13d6e56 chore(release): 5.4.3 [skip ci]
  • 40ddb9c deps: bump cborg from 4.5.8 to 5.0.0 (#178)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​ipld/car since your current version.


Updates @ipld/dag-pb from 4.1.5 to 4.1.7

Release notes

Sourced from @​ipld/dag-pb's releases.

v4.1.7

4.1.7 (2026-05-11)

Dependencies

  • bump multiformats from 13.4.2 to 14.0.0 (#109) (81887a9)

v4.1.6

4.1.6 (2026-05-07)

Dependencies

  • dev: bump aegir from 47.2.0 to 48.0.1 (#108) (d573d19)
Changelog

Sourced from @​ipld/dag-pb's changelog.

4.1.7 (2026-05-11)

Dependencies

  • bump multiformats from 13.4.2 to 14.0.0 (#109) (81887a9)

4.1.6 (2026-05-07)

Dependencies

  • dev: bump aegir from 47.2.0 to 48.0.1 (#108) (d573d19)
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​ipld/dag-pb since your current version.


Updates @nestjs/common from 11.1.13 to 11.1.27

Release notes

Sourced from @​nestjs/common's releases.

v11.1.27

What's Changed

Full Changelog: nestjs/nest@v11.1.26...v11.1.27

v11.1.26

What's Changed

Full Changelog: nestjs/nest@v11.1.25...v11.1.26

v11.1.25

What's Changed

New Contributors

Full Changelog: nestjs/nest@v11.1.24...v11.1.25

v11.1.24 (2026-05-25)

Bug fixes

Enhancements

Dependencies

Committers: 2

v11.1.23 (2026-05-21)

Bug fixes

  • core

... (truncated)

Commits
  • 660a124 chore(release): publish v11.1.27 release
  • aa5c4f1 chore: update readme and package.json
  • 9ff83d5 chore(release): publish v11.1.26 release
  • 02f8041 chore(release): publish v11.1.25 release
  • 1634915 test(common): Add unit tests for cli-colors utility
  • 380bf5c Merge pull request #17058 from Se3do/test/extend-metadata
  • af4542b test(common): Add unit tests for assignCustomParameterMetadata
  • b67aea1 test(common): Add unit tests for extendArrayMetadata
  • e1e4014 test(common): Tighten throw assertions in validateModuleKeys spec
  • 6b97771 test(common): Add unit tests for validateModuleKeys
  • Additional commits viewable in compare view

Updates @nestjs/config from 4.0.3 to 4.0.4

Release notes

Sourced from @​nestjs/config's releases.

Release 4.0.4

  • fix(deps): update dependency dotenv to v17.4.1 (6bc5737)
  • fix(deps): update dependency lodash to v4.18.1 [security] (f31ee98)
Commits
  • 3b5d592 chore(): release v4.0.4
  • 4fbcb03 Merge pull request #2263 from nestjs/renovate/dotenv-17.x
  • 33dae89 Merge pull request #2269 from nestjs/renovate/cimg-node-24.x
  • 0a727c3 Merge pull request #2313 from nestjs/renovate/npm-lodash-vulnerability
  • 6bc5737 fix(deps): update dependency dotenv to v17.4.1
  • f31ee98 fix(deps): update dependency lodash to v4.18.1 [security]
  • 059314c chore(deps): update dependency typescript-eslint to v8.58.1 (#2315)
  • 0f81e2d chore(deps): update dependency eslint to v10.2.0 (#2314)
  • e673ab2 chore(deps): update dependency @​types/node to v24.12.2 (#2311)
  • b1ede30 chore(deps): update nest monorepo to v11.1.18 (#2312)
  • Additional commits viewable in compare view

Updates @nestjs/core from 11.1.13 to 11.1.27

Release notes

Sourced from @​nestjs/core's releases.

v11.1.27

What's Changed

Full Changelog: nestjs/nest@v11.1.26...v11.1.27

v11.1.26

What's Changed

Full Changelog: nestjs/nest@v11.1.25...v11.1.26

v11.1.25

What's Changed

New Contributors

Full Changelog: nestjs/nest@v11.1.24...v11.1.25

v11.1.24 (2026-05-25)

Bug fixes

Enhancements

Dependencies

Committers: 2

v11.1.23 (2026-05-21)

Bug fixes

  • core

... (truncated)

Commits
  • 660a124 chore(release): publish v11.1.27 release
  • 5c5e9ba fix(core): sse async handlers teardown issue #17128
  • aa5c4f1 chore: update readme and package.json
  • 9ff83d5 chore(release): publish v11.1.26 release
  • 0f398fd test: fix broken unit test
  • d152eec fix(core): post sse endpoint empty response #17098
  • 02f8041 chore(release): publish v11.1.25 release
  • e2ad4e2 Update package.json
  • 396cf81 refactor(core): avoid duplicating sse intercept call
  • 55cd699 fix(core): preserve deferred SSE handlers
  • Additional commits viewable in compare view

Updates @nestjs/platform-express from 11.1.13 to 11.1.27

Release notes

Sourced from @​nestjs/platform-express's releases.

v11.1.27

What's Changed

Full Changelog: nestjs/nest@v11.1.26...v11.1.27

v11.1.26

What's Changed

Full Changelog: nestjs/nest@v11.1.25...v11.1.26

v11.1.25

What's Changed

New Contributors

Full Changelog: nestjs/nest@v11.1.24...v11.1.25

v11.1.24 (2026-05-25)

Bug fixes

Enhancements

Dependencies

Committers: 2

v11.1.23 (2026-05-21)

Bug fixes

  • core

... (truncated)

Commits
  • 660a124 chore(release): publish v11.1.27 release
  • aa5c4f1 chore: update readme and package.json
  • 9ff83d5 chore(release): publish v11.1.26 release
  • 02f8041 chore(release): publish v11.1.25 release
  • d8a0ab8 chore(release): publish v11.1.24 release
  • 2dccece chore: update readmes
  • b8be8c1 chore(release): publish v11.1.23 release
  • 801c46f chore(release): publish v11.1.22 release
  • 983dd52 chore(release): publish v11.1.21 release
  • a0b0139 chore: update readme
  • Additional commits viewable in compare view

Updates @nestjs/schedule from 6.1.1 to 6.1.3

Release notes

Sourced from @​nestjs/schedule's releases.

6.1.3

What's Changed

Full Changelog: nestjs/schedule@6.1.2...6.1.3

Release 6.1.2

  • Merge pull request #2247 from kyungseopk1m/feat/cron-initial-delay (a57ce2c)
  • chore(deps): update dependency prettier to v3.8.3 (#2248) (bb3490d)
  • feat(cron): add initialDelay option to defer first job execution (1c5677f)
  • Merge pull request #2245 from nestjs/renovate/nest-monorepo (59046bd)
  • Merge pull request #2246 from nestjs/renovate/oxlint-monorepo (be4eee3)
  • chore(deps): update dependency oxlint to v1.60.0 (32a9ce2)
  • chore(deps): update nest monorepo to v11.1.19 (7d3844f)
  • chore: migrate to oxlint, vitest, ts6 (29de71b)
  • chore(deps): update dependency globals to v17.5.0 (#2244) (6c62cca)
  • chore(deps): update dependency sinon to v21.1.2 (#2243) (ee3b31a)
  • chore(deps): update dependency sinon to v21.1.1 (#2241) (eba9799)
  • Merge pull request #2242 from nestjs/renovate/prettier-3.x (c3ad0f7)
  • chore(deps): update dependency prettier to v3.8.2 (798e2a9)
  • Merge pull request #2199 from nestjs/renovate/cimg-node-24.x (a05354a)
  • chore(deps): update dependency typescript-eslint to v8.58.1 (#2240) (0367ac1)
  • chore(deps): update dependency eslint to v10.2.0 (#2239) (fa93e06)
  • chore(deps): update nest monorepo to v11.1.18 (#2238) (8cd4c02)
  • chore(deps): update dependency @​types/node to v24.12.2 (#2237) (01482df)
  • chore(deps): update dependency @​types/sinon to v21.0.1 (#2236) (f05b5bd)
  • chore(deps): update dependency ts-jest to v29.4.9 (#2235) (af545e6)
  • chore(deps): update dependency typescript-eslint to v8.58.0 (#2233) (4dad22a)
  • chore(deps): update node.js to v24.14.1 (28db9bc)
  • chore(deps): update dependency eslint to v10.1.0 (#2232) (413f390)
  • chore(deps): update nest monorepo to v11.1.17 (#2230) (46c2bc5)
  • chore(deps): update dependency typescript-eslint to v8.57.1 (#2231) (8fd063b)
  • chore(deps): update dependency sinon to v21.0.3 (#2229) (1671ad9)
  • chore(deps): update commitlint monorepo to v20.5.0 (#2228) (2ecd2f1)
  • chore(deps): update dependency lint-staged to v16.4.0 (#2227) (aa0de01)
  • chore(deps): update commitlint monorepo to v20.4.4 (#2226) (75034fe)
  • chore(deps): update dependency lint-staged to v16.3.3 (#2225) (f1c7d31)
  • chore(deps): update dependency jest to v30.3.0 (#2224) (1a208d4)
  • chore(deps): update dependency typescript-eslint to v8.57.0 (#2223) (60dd2c9)
  • chore(deps): update dependency eslint to v10.0.3 (#2221) (791b6ba)
  • chore(deps): update dependency @​eslint/eslintrc to v3.3.5 (#2220) (0da1ca7)
  • chore(deps): update dependency @​types/node to v24.12.0 (#2219) (934a93e)
  • chore(deps): update nest monorepo to v11.1.16 (#2218) (5f44e9b)
  • chore(deps): update dependency sinon to v21.0.2 (#2217) (b807746)
  • chore(deps): update dependency lint-staged to v16.3.2 (#2216) (4ca32bd)
  • chore(deps): update commitlint monorepo to v20.4.3 (#2215) (d3ceb76)
  • chore(deps): update nest monorepo to v11.1.15 (#2214) (b084f...

    Description has been truncated

…23 updates

Bumps the npm-dependencies group with 23 updates in the /apps/backend directory:

| Package | From | To |
| --- | --- | --- |
| [@clickhouse/client](https://github.com/ClickHouse/clickhouse-js) | `1.18.2` | `1.22.0` |
| [@ipld/car](https://github.com/ipld/js-car) | `5.4.2` | `5.4.6` |
| [@ipld/dag-pb](https://github.com/ipld/js-dag-pb) | `4.1.5` | `4.1.7` |
| [@nestjs/common](https://github.com/nestjs/nest/tree/HEAD/packages/common) | `11.1.13` | `11.1.27` |
| [@nestjs/config](https://github.com/nestjs/config) | `4.0.3` | `4.0.4` |
| [@nestjs/core](https://github.com/nestjs/nest/tree/HEAD/packages/core) | `11.1.13` | `11.1.27` |
| [@nestjs/platform-express](https://github.com/nestjs/nest/tree/HEAD/packages/platform-express) | `11.1.13` | `11.1.27` |
| [@nestjs/schedule](https://github.com/nestjs/schedule) | `6.1.1` | `6.1.3` |
| [@nestjs/swagger](https://github.com/nestjs/swagger) | `11.2.6` | `11.4.4` |
| [@nestjs/typeorm](https://github.com/nestjs/typeorm) | `11.0.0` | `11.0.3` |
| [@willsoto/nestjs-prometheus](https://github.com/willsoto/nestjs-prometheus) | `6.0.2` | `6.1.0` |
| [axios](https://github.com/axios/axios) | `1.13.5` | `1.18.1` |
| [class-validator](https://github.com/typestack/class-validator) | `0.14.3` | `0.15.1` |
| [filecoin-pin](https://github.com/filecoin-project/filecoin-pin) | `1.0.1` | `1.1.1` |
| [helmet](https://github.com/helmetjs/helmet) | `8.1.0` | `8.2.0` |
| [joi](https://github.com/hapijs/joi) | `18.0.2` | `18.2.3` |
| [pg](https://github.com/brianc/node-postgres/tree/HEAD/packages/pg) | `8.18.0` | `8.22.0` |
| [pg-boss](https://github.com/timgit/pg-boss) | `12.11.1` | `12.23.0` |
| [viem](https://github.com/wevm/viem) | `2.48.11` | `2.53.1` |
| [@nestjs/cli](https://github.com/nestjs/nest-cli) | `11.0.16` | `11.0.23` |
| [@nestjs/schematics](https://github.com/nestjs/schematics) | `11.0.9` | `11.1.0` |
| [@nestjs/testing](https://github.com/nestjs/nest/tree/HEAD/packages/testing) | `11.1.13` | `11.1.27` |
| [ts-loader](https://github.com/TypeStrong/ts-loader) | `9.5.4` | `9.6.2` |



Updates `@clickhouse/client` from 1.18.2 to 1.22.0
- [Release notes](https://github.com/ClickHouse/clickhouse-js/releases)
- [Changelog](https://github.com/ClickHouse/clickhouse-js/blob/main/CHANGELOG.md)
- [Commits](ClickHouse/clickhouse-js@1.18.2...1.22.0)

Updates `@ipld/car` from 5.4.2 to 5.4.6
- [Release notes](https://github.com/ipld/js-car/releases)
- [Changelog](https://github.com/ipld/js-car/blob/master/CHANGELOG.md)
- [Commits](ipld/js-car@v5.4.2...v5.4.6)

Updates `@ipld/dag-pb` from 4.1.5 to 4.1.7
- [Release notes](https://github.com/ipld/js-dag-pb/releases)
- [Changelog](https://github.com/ipld/js-dag-pb/blob/master/CHANGELOG.md)
- [Commits](ipld/js-dag-pb@v4.1.5...v4.1.7)

Updates `@nestjs/common` from 11.1.13 to 11.1.27
- [Release notes](https://github.com/nestjs/nest/releases)
- [Commits](https://github.com/nestjs/nest/commits/v11.1.27/packages/common)

Updates `@nestjs/config` from 4.0.3 to 4.0.4
- [Release notes](https://github.com/nestjs/config/releases)
- [Commits](nestjs/config@4.0.3...4.0.4)

Updates `@nestjs/core` from 11.1.13 to 11.1.27
- [Release notes](https://github.com/nestjs/nest/releases)
- [Commits](https://github.com/nestjs/nest/commits/v11.1.27/packages/core)

Updates `@nestjs/platform-express` from 11.1.13 to 11.1.27
- [Release notes](https://github.com/nestjs/nest/releases)
- [Commits](https://github.com/nestjs/nest/commits/v11.1.27/packages/platform-express)

Updates `@nestjs/schedule` from 6.1.1 to 6.1.3
- [Release notes](https://github.com/nestjs/schedule/releases)
- [Commits](nestjs/schedule@6.1.1...6.1.3)

Updates `@nestjs/swagger` from 11.2.6 to 11.4.4
- [Release notes](https://github.com/nestjs/swagger/releases)
- [Commits](nestjs/swagger@11.2.6...11.4.4)

Updates `@nestjs/typeorm` from 11.0.0 to 11.0.3
- [Release notes](https://github.com/nestjs/typeorm/releases)
- [Commits](nestjs/typeorm@11.0.0...11.0.3)

Updates `@willsoto/nestjs-prometheus` from 6.0.2 to 6.1.0
- [Release notes](https://github.com/willsoto/nestjs-prometheus/releases)
- [Changelog](https://github.com/willsoto/nestjs-prometheus/blob/main/CHANGELOG.md)
- [Commits](willsoto/nestjs-prometheus@v6.0.2...v6.1.0)

Updates `axios` from 1.13.5 to 1.18.1
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.13.5...v1.18.1)

Updates `class-validator` from 0.14.3 to 0.15.1
- [Release notes](https://github.com/typestack/class-validator/releases)
- [Changelog](https://github.com/typestack/class-validator/blob/develop/CHANGELOG.md)
- [Commits](typestack/class-validator@v0.14.3...v0.15.1)

Updates `filecoin-pin` from 1.0.1 to 1.1.1
- [Release notes](https://github.com/filecoin-project/filecoin-pin/releases)
- [Changelog](https://github.com/filecoin-project/filecoin-pin/blob/master/CHANGELOG.md)
- [Commits](filecoin-project/filecoin-pin@v1.0.1...v1.1.1)

Updates `helmet` from 8.1.0 to 8.2.0
- [Changelog](https://github.com/helmetjs/helmet/blob/main/CHANGELOG.md)
- [Commits](helmetjs/helmet@v8.1.0...v8.2.0)

Updates `joi` from 18.0.2 to 18.2.3
- [Commits](hapijs/joi@v18.0.2...v18.2.3)

Updates `pg` from 8.18.0 to 8.22.0
- [Changelog](https://github.com/brianc/node-postgres/blob/master/CHANGELOG.md)
- [Commits](https://github.com/brianc/node-postgres/commits/pg@8.22.0/packages/pg)

Updates `pg-boss` from 12.11.1 to 12.23.0
- [Release notes](https://github.com/timgit/pg-boss/releases)
- [Commits](timgit/pg-boss@12.11.1...12.23.0)

Updates `viem` from 2.48.11 to 2.53.1
- [Release notes](https://github.com/wevm/viem/releases)
- [Commits](https://github.com/wevm/viem/compare/viem@2.48.11...viem@2.53.1)

Updates `@nestjs/cli` from 11.0.16 to 11.0.23
- [Release notes](https://github.com/nestjs/nest-cli/releases)
- [Commits](nestjs/nest-cli@11.0.16...11.0.23)

Updates `@nestjs/schematics` from 11.0.9 to 11.1.0
- [Release notes](https://github.com/nestjs/schematics/releases)
- [Commits](nestjs/schematics@11.0.9...11.1.0)

Updates `@nestjs/testing` from 11.1.13 to 11.1.27
- [Release notes](https://github.com/nestjs/nest/releases)
- [Commits](https://github.com/nestjs/nest/commits/v11.1.27/packages/testing)

Updates `ts-loader` from 9.5.4 to 9.6.2
- [Release notes](https://github.com/TypeStrong/ts-loader/releases)
- [Changelog](https://github.com/TypeStrong/ts-loader/blob/main/CHANGELOG.md)
- [Commits](TypeStrong/ts-loader@v9.5.4...v9.6.2)

---
updated-dependencies:
- dependency-name: "@clickhouse/client"
  dependency-version: 1.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: "@ipld/car"
  dependency-version: 5.4.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: "@ipld/dag-pb"
  dependency-version: 4.1.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: "@nestjs/common"
  dependency-version: 11.1.27
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: "@nestjs/config"
  dependency-version: 4.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: "@nestjs/core"
  dependency-version: 11.1.27
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: "@nestjs/platform-express"
  dependency-version: 11.1.27
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: "@nestjs/schedule"
  dependency-version: 6.1.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: "@nestjs/swagger"
  dependency-version: 11.4.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: "@nestjs/typeorm"
  dependency-version: 11.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: "@willsoto/nestjs-prometheus"
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: axios
  dependency-version: 1.18.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: class-validator
  dependency-version: 0.15.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: filecoin-pin
  dependency-version: 1.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: helmet
  dependency-version: 8.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: joi
  dependency-version: 18.2.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: pg
  dependency-version: 8.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: pg-boss
  dependency-version: 12.23.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: viem
  dependency-version: 2.53.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: "@nestjs/cli"
  dependency-version: 11.0.23
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: "@nestjs/schematics"
  dependency-version: 11.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: "@nestjs/testing"
  dependency-version: 11.1.27
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: ts-loader
  dependency-version: 9.6.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 30, 2026
@FilOzzy FilOzzy added this to FOC Jun 30, 2026
@github-project-automation github-project-automation Bot moved this to 📌 Triage in FOC Jun 30, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

Status: 📌 Triage

Development

Successfully merging this pull request may close these issues.

1 participant