chore(deps): bump the npm-version-updates group across 1 directory with 20 updates

[dependabot]

Bumps the npm-version-updates group with 19 updates in the / directory:

Package	From	To
@auth/core	0.40.0	0.41.1
@mridang/nestjs-auth	1.3.0	1.4.0
@nestjs/common	11.1.6	11.1.9
@nestjs/core	11.1.6	11.1.9
@nestjs/platform-express	11.1.6	11.1.9
dotenv	16.6.1	17.2.3
express-handlebars	8.0.1	8.0.4
openid-client	6.6.3	6.8.1
@eslint/js	9.30.0	9.39.1
@nestjs/testing	11.1.6	11.1.9
@tsconfig/node20	20.1.6	20.1.8
@types/cookie-parser	1.4.9	1.4.10
@types/express	5.0.3	5.0.5
@types/node	24.0.7	24.10.1
@typescript-eslint/eslint-plugin	8.35.0	8.47.0
eslint	9.30.0	9.39.1
globals	16.2.0	16.5.0
knip	5.66.2	5.70.1
typescript	5.8.3	5.9.3

Updates @auth/core from 0.40.0 to 0.41.1

Release notes

Sourced from @​auth/core's releases.

@​auth/core@​0.41.1

Bugfixes

• security issue from nodemailer (#13305)

Other

• update links for Credentials-based Authentication (#13258)

@​auth/core@​0.41.0

Features

• providers: support custom baseURL for Gitlab (#13260) (745751e9)

Other

• fix build
• adjust default fusionauth provider details (#10868)

Commits

• 089f0e3 chore(release): bump package version(s) [skip ci]
• 2824fa1 feat: add next 16 support (#13298)
• 8f3b2c7 fix: security issue from nodemailer (#13305)
• 240e343 docs: update the Prisma ORM page to use Prisma Postgres (#13299)
• 0bcd32d chore(drizzle): migrate sqliteTable to array API (#13280)
• 90188fa ci: enable merge queue (#13288)
• 8d02b3d docs: remove carbon developer ads widget from docs sidebar (#13286)
• c8cd9b1 chore: remove unused script (#13279)
• 3a7c669 docs: update links for Credentials-based Authentication (#13258)
• e9e2b50 chore(release): bump package version(s) [skip ci]
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by bekacru, a new releaser for @​auth/core since your current version.

Updates @mridang/nestjs-auth from 1.3.0 to 1.4.0

Release notes

Sourced from @​mridang/nestjs-auth's releases.

v1.4.0

1.4.0 (2025-10-29)

Bug Fixes

• convert Buffer to Uint8Array for Web API Request compatibility (acb40bf)

Features

• node: upgrade runtime to Node.js 22 (#17) (3efb32e)

Commits

• 4044563 chore(release): 1.4.0 [skip ci]
• acb40bf fix: convert Buffer to Uint8Array for Web API Request compatibility
• 8197860 chore(ci): bump mridang/action-semantic-release to v2
• 3efb32e feat(node): upgrade runtime to Node.js 22 (#17)
• ad3e2ac chore(deps): bump the npm-security-updates group across 1 directory with 1 up...
• af89e10 chore(deps): bump the actions-version-updates group across 1 directory with 3...
• e2b37de chore(deps): bump the actions-version-updates group across 1 directory with 3...
• 66ed90b Apply Prettier formatting
• 74a29c4 chore: reformatted the codebase
• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​mridang/nestjs-auth since your current version.

Updates @nestjs/common from 11.1.6 to 11.1.9

Release notes

Sourced from @​nestjs/common's releases.

v11.1.9 (2025-11-14)

Bug fixes

• core
  • #15865 fix(core): make get() throw for implicitly request-scoped trees (@​JoeNutt)

Enhancements

• common
  • #15863 feat(common): add method options to @​sse decorator (@​TomerSteinberg)

Dependencies

• platform-fastify
  • #15899 chore(deps): bump fastify from 5.6.1 to 5.6.2 (@​dependabot[bot])

Committers: 4

• Rami (@​JoeNutt)
• Rhynel Algopera (@​dev-rhynel)
• Tomer Steinberg (@​TomerSteinberg)
• WuMingDao (@​WuMingDao)

v11.1.8 (2025-10-27)

Bug fixes

• core
  • #15815 fix(core): ensure nested transient provider isolation (@​mag123c)
• platform-fastify
  • #15831 fix(fastify): Migrate fastify top-level options to routerOptions (@​kim-sung-jee)

Committers: 2

• JaeHo Jang (@​mag123c)
• Seongjee Kim (@​kim-sung-jee)

v11.1.7 (2025-10-21)

Bug fixes

• microservices
  • #15747 Fix/rmq microservice fanout bind (@​slon2015)
• platform-fastify
  • #15732 fix: correct parameter type in RouteConstraints decorator (@​thedv91)
• core
  • #15571 fix(core): skip lifecycle hooks for non-instantiated transient services (@​mag123c)
• common
  • #15577 Add color allowance check to console logger options (@​kerryChen95)

Enhancements

• common, platform-socket.io, websockets
  • #15543 feat(websockets): allow manual acknowledgement handling with @​Ack() decorator (@​kim-sung-jee)
• common
  • #15705 fix(core): resolve extras in configurable module builder async methods (@​mag123c)
• common, core

... (truncated)

Commits

• 64c8552 chore(@​nestjs) publish v11.1.9 release
• 26f8f5a Merge pull request #15863 from TomerSteinberg/TomerSteinberg-feat/sse-method-...
• 4c268d7 chore(deps): bump file-type from 21.0.0 to 21.1.0
• fcfea5e feat(common): add method options to @​sse decorator
• 68cd545 chore(@​nestjs) publish v11.1.8 release
• ee1b347 chore(@​nestjs) publish v11.1.7 release
• 33d6cb5 chore: update readme
• 6f35185 Merge pull request #15543 from kim-sung-jee/feature/websockets-manual-ack
• cbf82f6 fix(common): resolve extras in configurable module builder async methods
• 5586038 Merge pull request #15503 from mag123c/feat/add-forceconsole-option-to-logger
• Additional commits viewable in compare view

Updates @nestjs/core from 11.1.6 to 11.1.9

Release notes

Sourced from @​nestjs/core's releases.

v11.1.9 (2025-11-14)

Bug fixes

• core
  • #15865 fix(core): make get() throw for implicitly request-scoped trees (@​JoeNutt)

Enhancements

• common
  • #15863 feat(common): add method options to @​sse decorator (@​TomerSteinberg)

Dependencies

• platform-fastify
  • #15899 chore(deps): bump fastify from 5.6.1 to 5.6.2 (@​dependabot[bot])

Committers: 4

• Rami (@​JoeNutt)
• Rhynel Algopera (@​dev-rhynel)
• Tomer Steinberg (@​TomerSteinberg)
• WuMingDao (@​WuMingDao)

v11.1.8 (2025-10-27)

Bug fixes

• core
  • #15815 fix(core): ensure nested transient provider isolation (@​mag123c)
• platform-fastify
  • #15831 fix(fastify): Migrate fastify top-level options to routerOptions (@​kim-sung-jee)

Committers: 2

• JaeHo Jang (@​mag123c)
• Seongjee Kim (@​kim-sung-jee)

v11.1.7 (2025-10-21)

Bug fixes

• microservices
  • #15747 Fix/rmq microservice fanout bind (@​slon2015)
• platform-fastify
  • #15732 fix: correct parameter type in RouteConstraints decorator (@​thedv91)
• core
  • #15571 fix(core): skip lifecycle hooks for non-instantiated transient services (@​mag123c)
• common
  • #15577 Add color allowance check to console logger options (@​kerryChen95)

Enhancements

• common, platform-socket.io, websockets
  • #15543 feat(websockets): allow manual acknowledgement handling with @​Ack() decorator (@​kim-sung-jee)
• common
  • #15705 fix(core): resolve extras in configurable module builder async methods (@​mag123c)
• common, core

... (truncated)

Commits

• 64c8552 chore(@​nestjs) publish v11.1.9 release
• cc50925 fix(core): make get() throw for implicitly request-scoped trees
• 68cd545 chore(@​nestjs) publish v11.1.8 release
• 334012e Merge pull request #15815 from mag123c/fix/transient-nested-dependency-isolation
• 4ffe045 fix(core): ensure nested transient provider isolation
• ee1b347 chore(@​nestjs) publish v11.1.7 release
• 33d6cb5 chore: update readme
• 82b4f07 Merge pull request #15622 from nestjs/renovate/path-to-regexp-8.x
• 5586038 Merge pull request #15503 from mag123c/feat/add-forceconsole-option-to-logger
• fada0a7 Merge pull request #15588 from at7211/feat/enhance-dependency-error-messages
• Additional commits viewable in compare view

Updates @nestjs/platform-express from 11.1.6 to 11.1.9

Release notes

Sourced from @​nestjs/platform-express's releases.

v11.1.9 (2025-11-14)

Bug fixes

• core
  • #15865 fix(core): make get() throw for implicitly request-scoped trees (@​JoeNutt)

Enhancements

• common
  • #15863 feat(common): add method options to @​sse decorator (@​TomerSteinberg)

Dependencies

• platform-fastify
  • #15899 chore(deps): bump fastify from 5.6.1 to 5.6.2 (@​dependabot[bot])

Committers: 4

• Rami (@​JoeNutt)
• Rhynel Algopera (@​dev-rhynel)
• Tomer Steinberg (@​TomerSteinberg)
• WuMingDao (@​WuMingDao)

v11.1.8 (2025-10-27)

Bug fixes

• core
  • #15815 fix(core): ensure nested transient provider isolation (@​mag123c)
• platform-fastify
  • #15831 fix(fastify): Migrate fastify top-level options to routerOptions (@​kim-sung-jee)

Committers: 2

• JaeHo Jang (@​mag123c)
• Seongjee Kim (@​kim-sung-jee)

v11.1.7 (2025-10-21)

Bug fixes

• microservices
  • #15747 Fix/rmq microservice fanout bind (@​slon2015)
• platform-fastify
  • #15732 fix: correct parameter type in RouteConstraints decorator (@​thedv91)
• core
  • #15571 fix(core): skip lifecycle hooks for non-instantiated transient services (@​mag123c)
• common
  • #15577 Add color allowance check to console logger options (@​kerryChen95)

Enhancements

• common, platform-socket.io, websockets
  • #15543 feat(websockets): allow manual acknowledgement handling with @​Ack() decorator (@​kim-sung-jee)
• common
  • #15705 fix(core): resolve extras in configurable module builder async methods (@​mag123c)
• common, core

... (truncated)

Commits

• 64c8552 chore(@​nestjs) publish v11.1.9 release
• 68cd545 chore(@​nestjs) publish v11.1.8 release
• ee1b347 chore(@​nestjs) publish v11.1.7 release
• 33d6cb5 chore: update readme
• fc72d1e fix(deps): update dependency path-to-regexp to v8.3.0
• See full diff in compare view

Updates dotenv from 16.6.1 to 17.2.3

Changelog

Sourced from dotenv's changelog.

17.2.3 (2025-09-29)

Changed

• Fixed typescript error definition (#912)

17.2.2 (2025-09-02)

Added

• 🙏 A big thank you to new sponsor Tuple.app - the premier screen sharing app for developers on macOS and Windows. Go check them out. It's wonderful and generous of them to give back to open source by sponsoring dotenv. Give them some love back.

17.2.1 (2025-07-24)

Changed

• Fix clickable tip links by removing parentheses (#897)

17.2.0 (2025-07-09)

Added

• Optionally specify DOTENV_CONFIG_QUIET=true in your environment or .env file to quiet the runtime log (#889)
• Just like dotenv any DOTENV_CONFIG_ environment variables take precedence over any code set options like ({quiet: false})

# .env
DOTENV_CONFIG_QUIET=true
HELLO="World"

// index.js
require('dotenv').config()
console.log(`Hello ${process.env.HELLO}`)

$ node index.js
Hello World
or
$ DOTENV_CONFIG_QUIET=true node index.js

17.1.0 (2025-07-07)

Added

• Add additional security and configuration tips to the runtime log (#884)
• Dim the tips text from the main injection information text

... (truncated)

Commits

• affe113 17.2.3
• db1ff1f changelog 🪵
• 7063f16 Merge pull request #913 from motdotla/new-tips
• 0bbe72c test against expected tips
• 017951b only run .js tests
• 39eda1f add space back
• fcc030e update tips
• b6c7a0d updated tips - as Dotenvx Radar has been renamed Dotenvx Ops
• b3c8b16 remove unnecessary call to npx
• d6e4c17 Merge pull request #912 from adjerbetian/fix/typescript-error-definition
• Additional commits viewable in compare view

Updates express-handlebars from 8.0.1 to 8.0.4

Release notes

Sourced from express-handlebars's releases.

v8.0.4

8.0.4 (2025-11-19)

Bug Fixes

• deps: update dependency glob to v12 (#1133) (020f6db)

v8.0.3

8.0.3 (2025-04-23)

Bug Fixes

• deps: update dependency glob to ^11.0.2 (#982) (def7c02)

v8.0.2

8.0.2 (2025-04-17)

Bug Fixes

• deps: update dependency glob to ^11.0.1 (#928) (b4b9cd3)

Changelog

Sourced from express-handlebars's changelog.

8.0.4 (2025-11-19)

Bug Fixes

• deps: update dependency glob to v12 (#1133) (020f6db)

8.0.3 (2025-04-23)

Bug Fixes

• deps: update dependency glob to ^11.0.2 (#982) (def7c02)

8.0.2 (2025-04-17)

Bug Fixes

• deps: update dependency glob to ^11.0.1 (#928) (b4b9cd3)

Commits

• 67d53e0 chore(release): 8.0.4 [skip ci]
• 020f6db fix(deps): update dependency glob to v12 (#1133)
• efd3aab chore(deps): bump glob from 11.0.3 to 11.1.0 (#1129)
• 75d809e chore(deps): update devdependency typescript-eslint to ^8.47.0 (#1131)
• 8284e01 chore(deps): update devdependency @​semantic-release/npm to ^13.1.2 (#1127)
• 49a13d2 chore(deps): update devdependency typescript-eslint to ^8.46.4 (#1126)
• d60d2a8 chore(deps): update devdependency @​semantic-release/github to ^12.0.2 (#1125)
• 3235e32 chore(deps): update devdependency semantic-release to ^25.0.2 (#1124)
• e5ea2b3 chore(deps): update eslint monorepo to ^9.39.1 (#1123)
• f511c74 chore(deps): update devdependency typescript-eslint to ^8.46.3 (#1122)
• Additional commits viewable in compare view

Updates openid-client from 6.6.3 to 6.8.1

Release notes

Sourced from openid-client's releases.

v6.8.1

Refactor

• workaround dpop nonce caching caveats with customFetch (a9eb50f)

v6.8.0

Features

• respect retry-after in CIBA and Device Authorization Grant polling (6ce3411)

Documentation

• remove mention of Edge Runtime from the readme (2e41ad5)

v6.7.1

Fixes

• passport: include req.host from express@5 for ease of use in express@4 (81f6c12)

v6.7.0

Features

• support for the ML-DSA Algorithm Identifiers (9543da5)

v6.6.4

Fixes

• recognize N_A in the token exchange grant (770b177)

Changelog

Sourced from openid-client's changelog.

6.8.1 (2025-09-27)

Refactor

• workaround dpop nonce caching caveats with customFetch (a9eb50f)

6.8.0 (2025-09-11)

Features

• respect retry-after in CIBA and Device Authorization Grant polling (6ce3411)

Documentation

• remove mention of Edge Runtime from the readme (2e41ad5)

6.7.1 (2025-08-29)

Fixes

• passport: include req.host from express@5 for ease of use in express@4 (81f6c12)

6.7.0 (2025-08-27)

Features

• support for the ML-DSA Algorithm Identifiers (9543da5)

6.6.4 (2025-08-12)

Fixes

• recognize N_A in the token exchange grant (770b177)

Commits

• 00990b9 chore(release): 6.8.1
• a9eb50f refactor: workaround dpop nonce caching caveats with customFetch
• 60d7639 chore: bump packages
• ba4040c chore: cleanup after release
• 9d70a05 chore(release): 6.8.0
• 6ce3411 feat: respect retry-after in CIBA and Device Authorization Grant polling
• d26f7a3 chore: bump oidc-provider
• c98e068 chore: bump typedoc and typescript
• 2e41ad5 docs: remove mention of Edge Runtime from the readme
• 3e11c6c chore: cleanup after release
• Additional commits viewable in compare view

Updates @eslint/js from 9.30.0 to 9.39.1

Release notes

Sourced from @​eslint/js's releases.

v9.39.1

Bug Fixes

• 650753e fix: Only pass node to JS lang visitor methods (#20283) (Nicholas C. Zakas)

Documentation

• 51b51f4 docs: add a section on when to use extends vs cascading (#20268) (Tanuj Kanti)
• b44d426 docs: Update README (GitHub Actions Bot)

Chores

• 92db329 chore: update @eslint/js version to 9.39.1 (#20284) (Francesco Trotta)
• c7ebefc chore: package.json update for @​eslint/js release (Jenkins)
• 61778f6 chore: update eslint-config-eslint dependency @​eslint/js to ^9.39.0 (#20275) (renovate[bot])
• d9ca2fc ci: Add rangeStrategy to eslint group in renovate config (#20266) (唯然)
• 009e507 test: fix version tests for ESLint v10 (#20274) (Milos Djermanovic)

v9.39.0

Features

• cc57d87 feat: update error loc to key in no-dupe-class-members (#20259) (Tanuj Kanti)
• 126552f feat: update error location in for-direction and no-dupe-args (#20258) (Tanuj Kanti)
• 167d097 feat: update complexity rule to highlight only static block header (#20245) (jaymarvelz)

Bug Fixes

• 15f5c7c fix: forward traversal step.args to visitors (#20253) (jaymarvelz)
• 5a1a534 fix: allow JSDoc comments in object-shorthand rule (#20167) (Nitin Kumar)
• e86b813 fix: Use more types from @​eslint/core (#20257) (Nicholas C. Zakas)
• 927272d fix: correct Scope typings (#20198) (jaymarvelz)
• 37f76d9 fix: use AST.Program type for Program node (#20244) (Francesco Trotta)
• ae07f0b fix: unify timing report for concurrent linting (#20188) (jaymarvelz)
• b165d47 fix: correct Rule typings (#20199) (jaymarvelz)
• fb97cda fix: improve error message for missing fix function in suggestions (#20218) (jaymarvelz)

Documentation

• d3e81e3 docs: Always recommend to include a files property (#20158) (Percy Ma)
• 0f0385f docs: use consistent naming recommendation (#20250) (Alex M. Spieslechner)
• a3b1456 docs: Update README (GitHub Actions Bot)
• cf5f2dd docs: fix correct tag of no-useless-constructor (#20255) (Tanuj Kanti)
• 10b995c docs: add TS options and examples for nofunc in no-use-before-define (#20249) (Tanuj Kanti)
• 2584187 docs: remove repetitive word in comment (#20242) (reddaisyy)
• 637216b docs: update CLI flags migration instructions (#20238) (jaymarvelz)
• e7cda3b docs: Update README (GitHub Actions Bot)
• 7b9446f docs: handle empty flags sections on the feature flags page (#20222) (sethamus)

Chores

• dfe3c1b chore: update @eslint/js version to 9.39.0 (#20270) (Francesco Trotta)
• 2375a6d chore: package.json update for @​eslint/js release (Jenkins)
• a1f4e52 chore: update @eslint dependencies (#20265) (Francesco Trotta)
• c7d3229 chore: update dependency @​eslint/core to ^0.17.0 (#20256) (renovate[bot])
• 27549bc chore: update fuzz testing to not error if code sample minimizer fails (#20252) (Milos Djermanovic)
• a1370ee ci: bump actions/setup-node from 5 to 6 (#20230) (dependabot[bot])
• 9e7fad4 chore: add script to auto-generate eslint:recommended configuration (#20208) (唯然)

... (truncated)

Commits

• c7ebefc chore: package.json update for @​eslint/js release
• 2375a6d chore: package.json update for @​eslint/js release
• 9e7fad4 chore: add script to auto-generate eslint:recommended configuration (#20208)
• 25d0e33 chore: package.json update for @​eslint/js release
• abee4ca chore: package.json update for @​eslint/js release
• 90a71bf docs: update README files to add badge and instructions (#20115)
• 488cba6 chore: package.json update for @​eslint/js release
• 1c0d850 fix: update eslint-all.js to use Object.freeze for rules object (#20116)
• af2a087 chore: package.json update for @​eslint/js release
• 84ffb96 chore: update @eslint-community/eslint-utils (#20069)
• Additional commits viewable in compare view

Updates @nestjs/testing from 11.1.6 to 11.1.9

Release notes

Sourced from @​nestjs/testing's releases.

v11.1.9 (2025-11-14)

Bug fixes

• core
  • #15865 fix(core): make get() throw for implicitly request-scoped trees (@​JoeNutt)

Enhancements

• common
  • #15863 feat(common): add method options to @​sse decorator (@​TomerSteinberg)

Dependencies

• platform-fastify
  • #15899 chore(deps): bump fastify from 5.6.1 to 5.6.2 (@​dependabot[bot])

Committers: 4

• Rami (@​JoeNutt)
• Rhynel Algopera (@​dev-rhynel)
• Tomer Steinberg (@​TomerSteinberg)
• WuMingDao (@​WuMingDao)

v11.1.8 (2025-10-27)

Bug fixes

• core
  • #15815 fix(core): ensure nested transient provider isolation (@​mag123c)
• platform-fastify
  • #15831 fix(fastify): Migrate fastify top-level options to routerOptions (@​kim-sung-jee)

Committers: 2

• JaeHo Jang (@​mag123c)
• Seongjee Kim (@​kim-sung-jee)

v11.1.7 (2025-10-21)

Bug fixes

• microservices
  • #15747 Fix/rmq microservice fanout bind (@​slon2015)
• platform-fastify
  • #15732 fix: correct parameter type in RouteConstraints decorator (@​thedv91)
• core
  • #15571 fix(core): skip lifecycle hooks for non-instantiated transient services (@​mag123c)
• common
  • #15577 Add color allowance check to console logger options (@​kerryChen95)

Enhancements

• common, platform-socket.io, websockets
  • #15543 feat(websockets): allow manual acknowledgement handling with @​Ack() decorator (@​kim-sung-jee)
• common
  • #15705 fix(core): resolve extras in configurable module builder async methods (@​mag123c)
• common, core

... (truncated)

Commits

• 64c8552 chore(@​nestjs) publish v11.1.9 release
• 68cd545 chore(@​nestjs) publish v11.1.8 release
• ee1b347 chore(@​nestjs) publish v11.1.7 release
• 33d6cb5 chore: update readme
• See full diff in compare view

Updates @tsconfig/node20 from 20.1.6 to 20.1.8

Commits

• See full diff in compare view

Updates @types/cookie-parser from 1.4.9 to 1.4.10

Commits

• See full diff in compare view

Updates @types/express from 5.0.3 to 5.0.5

Commits

• See full diff in compare view

Updates @types/node from 24.0.7 to 24.10.1

Commits

• See full diff in compare view

Updates @typescript-eslint/eslint-plugin from 8.35.0 to 8.47.0

Release notes

Sourced from @​typescript-eslint/eslint-plugin's releases.

v8.47.0

8.47.0 (2025-11-17)

🚀 Features

• eslint-plugin: [no-unused-private-class-members] new extension rule (#10913)

❤️ Thank You

• Brad Zacher @​bradzacher

You can read about our versioning strategy and releases on our website.

v8.46.4

8.46.4 (2025-11-10)

🩹 Fixes

• eslint-plugin: [no-deprecated] fix double-report on computed literal identifiers (#11006, #10958)
• eslint-plugin: handle override modifier in promise-function-async fixer (#11730)
• parser: error when both projectService and project are set (#11333)

❤️ Thank You

• Evgeny Stepanovych @​undsoft
• Kentaro Suzuki @​sushichan044
• Maria Solano @​MariaSolOs

You can read about our versioning strategy and releases on our website.

v8.46.3

8.46.3 (2025-11-03)

🩹 Fixes

• eslint-plugin: [no-misused-promises] expand union type to retrieve target property (#11706)
• eslint-plugin: [no-duplicate-enum-values] support signed numbers (#11722, #11723)

❤️ Thank You

• ...

  Description has been truncated