chore(deps): bump the npm-dependencies group across 1 directory with 42 updates

[dependabot]

Bumps the npm-dependencies group with 42 updates in the / directory:

Package	From	To
@clickhouse/client	1.18.2	1.20.0
@filoz/synapse-core	0.3.3	0.6.0
@ipld/car	5.4.2	5.4.6
@ipld/dag-pb	4.1.5	4.1.7
@nestjs/common	11.1.13	11.1.24
@nestjs/config	4.0.3	4.0.4
@nestjs/core	11.1.13	11.1.24
@nestjs/platform-express	11.1.13	11.1.24
@nestjs/schedule	6.1.1	6.1.3
@nestjs/swagger	11.2.6	11.4.4
@nestjs/typeorm	11.0.0	11.0.1
@willsoto/nestjs-prometheus	6.0.2	6.1.0
axios	1.13.5	1.17.0
class-validator	0.14.3	0.15.1
filecoin-pin	0.21.0	0.22.3
helmet	8.1.0	8.2.0
joi	18.0.2	18.2.1
pg	8.18.0	8.21.0
pg-boss	12.11.1	12.18.2
viem	2.48.11	2.52.2
@nestjs/cli	11.0.16	11.0.21
@nestjs/schematics	11.0.9	11.1.0
@nestjs/testing	11.1.13	11.1.24
@types/node	25.2.3	25.9.2
ts-loader	9.5.4	9.6.0
assemblyscript	0.19.23	0.28.18
@radix-ui/react-slot	1.2.4	1.2.5
@radix-ui/react-switch	1.2.6	1.3.0
@tailwindcss/vite	4.2.4	4.3.0
date-fns	4.1.0	4.4.0
react	19.2.5	19.2.7
@types/react	19.2.14	19.2.17
react-dom	19.2.5	19.2.7
react-router-dom	7.13.0	7.17.0
recharts	3.7.0	3.8.1
tailwind-merge	3.5.0	3.6.0
tailwindcss	4.2.4	4.3.0
msw	2.12.10	2.14.6
@biomejs/biome	2.3.14	2.4.16
@swc/core	1.15.11	1.15.40
@vitest/coverage-v8	4.0.18	4.1.8
vitest	4.0.18	4.1.8

Updates @clickhouse/client from 1.18.2 to 1.20.0

Release notes

Sourced from @​clickhouse/client's releases.

1.20.0

Bug Fixes

• (Node.js only) Fixed a race condition in ResultSet.json() and ResultSet.stream() on JSONEachRow (and other streamable) result sets where calling json() on a fast/small response could throw Stream has been already consumed if the underlying stream ended between internal readableEnded checks. The consumption guard has been hardened: the stream is now shielded through a single consume() path that marks the result set as consumed in the appropriate branches, after format validation, so a successful json() call no longer races against the stream finishing. (#603) kudos to @​lord007tn and @​Onyx2406

#603: ClickHouse/clickhouse-js#603

1.19.0

Improvements

• Re-exported the ResponseHeaders type from @clickhouse/client and @clickhouse/client-web. Previously this type was only available from @clickhouse/client-common; it is now part of the public re-export surface of both flavored packages, alongside the other commonly used types. This is part of an ongoing effort to make @clickhouse/client-common an internal-only package so downstream consumers can depend solely on @clickhouse/client or @clickhouse/client-web. (#758)

#758: ClickHouse/clickhouse-js#758

Bug Fixes

• Enum type parsing now correctly unescapes backslash escape sequences in enum names. Previously, parseEnumType returned enum names with raw escape sequences (e.g., f\' instead of f'). Now it properly decodes escape sequences including \' (single quote), \\ (backslash), \n (newline), \t (tab), and \r (carriage return). This matches the behavior of ClickHouse string literals and ensures consistency with how the client encodes strings when sending data to the server. If you were relying on the previous incorrect behavior where backslash escape sequences were preserved in enum names, you will need to update your code to handle properly unescaped values.

Example:

// Before (incorrect):
parseEnumType({
  columnType: "Enum8('f\\'' = 1)",
  sourceType: "Enum8('f\\'' = 1)",
})
// returned: { values: { 1: "f\\'" } }  // with backslash
// After (correct):
parseEnumType({
columnType: "Enum8('f\'' = 1)",
sourceType: "Enum8('f\'' = 1)",
})
// returns: { values: { 1: "f'" } }     // unescaped

1.18.5

Improvements

• (Node.js only) Added max_response_headers_size client option that forwards the maxHeaderSize option to the underlying http(s).request call. This raises the per-request limit on the total size of HTTP response headers received from the server (Node.js default is ~16 KB). It is most useful when running long-running queries with send_progress_in_http_headers enabled — the X-ClickHouse-Progress headers accumulate over the lifetime of the request and can exceed the default limit, causing the request to fail with HPE_HEADER_OVERFLOW. Setting this option avoids the need to use the global --max-http-header-size Node.js CLI flag or the NODE_OPTIONS environment variable. Has no effect for the Web client (which uses fetch) and no effect when a custom http_agent is configured with a request implementation that does not honor the option.

const client = createClient({
  request_timeout: 400_000,
  max_response_headers_size: 1024 * 1024, // accept up to 1 MiB of response headers
  clickhouse_settings: {
    send_progress_in_http_headers: 1,
    http_headers_progress_interval_ms: '110000',
  },
})
</tr></table> 

... (truncated)

Changelog

Sourced from @​clickhouse/client's changelog.

1.20.0

Bug Fixes

• (Node.js only) Fixed a race condition in ResultSet.json() and ResultSet.stream() on JSONEachRow (and other streamable) result sets where calling json() on a fast/small response could throw Stream has been already consumed if the underlying stream ended between internal readableEnded checks. The consumption guard has been hardened: the stream is now shielded through a single consume() path that marks the result set as consumed in the appropriate branches, after format validation, so a successful json() call no longer races against the stream finishing. (#603)

#603: ClickHouse/clickhouse-js#603

1.19.0

Improvements

• Re-exported the ResponseHeaders type from @clickhouse/client and @clickhouse/client-web. Previously this type was only available from @clickhouse/client-common; it is now part of the public re-export surface of both flavored packages, alongside the other commonly used types. This is part of an ongoing effort to make @clickhouse/client-common an internal-only package so downstream consumers can depend solely on @clickhouse/client or @clickhouse/client-web. (#758)

#758: ClickHouse/clickhouse-js#758

Bug Fixes

• Enum type parsing now correctly unescapes backslash escape sequences in enum names. Previously, parseEnumType returned enum names with raw escape sequences (e.g., f\' instead of f'). Now it properly decodes escape sequences including \' (single quote), \\ (backslash), \n (newline), \t (tab), and \r (carriage return). This matches the behavior of ClickHouse string literals and ensures consistency with how the client encodes strings when sending data to the server. If you were relying on the previous incorrect behavior where backslash escape sequences were preserved in enum names, you will need to update your code to handle properly unescaped values.

Example:

// Before (incorrect):
parseEnumType({
  columnType: "Enum8('f\\'' = 1)",
  sourceType: "Enum8('f\\'' = 1)",
})
// returned: { values: { 1: "f\\'" } }  // with backslash
// After (correct):
parseEnumType({
columnType: "Enum8('f\'' = 1)",
sourceType: "Enum8('f\'' = 1)",
})
// returns: { values: { 1: "f'" } }     // unescaped

1.18.5

Improvements

• (Node.js only) Added max_response_headers_size client option that forwards the maxHeaderSize option to the underlying http(s).request call. This raises the per-request limit on the total size of HTTP response headers received from the server (Node.js default is ~16 KB). It is most useful when running long-running queries with send_progress_in_http_headers enabled — the X-ClickHouse-Progress headers accumulate over the lifetime of the request and can exceed the default limit, causing the request to fail with HPE_HEADER_OVERFLOW. Setting this option avoids the need to use the global --max-http-header-size Node.js CLI flag or the NODE_OPTIONS environment variable. Has no effect for the Web client (which uses fetch) and no effect when a custom http_agent is configured with a request implementation that does not honor the option.

const client = createClient({
  request_timeout: 400_000,
  max_response_headers_size: 1024 * 1024, // accept up to 1 MiB of response headers
  clickhouse_settings: {
    send_progress_in_http_headers: 1,
</tr></table> 

... (truncated)

Commits

• 97f135e Merge pull request #806 from ClickHouse/main
• 8b1d694 Split combined tests workflow into separate node and web workflows (#807)
• 7ae476f Clarify query() vs exec() in JSDocs (#804)
• 2c9823b Skills update 3 (#805)
• 8165ca9 Add QBit data type example with JSON formats (#781)
• 86c1762 Document UUID → UInt128 insert patterns with round-trip assertion (#780)
• 1e21970 Run unit tests under Bun, make MAX_STRING_LENGTH handling engine-agnostic, an...
• e217f80 Npm audit fix 1 (#796)
• 4ad8457 Add AI_POLICY.md (#786)
• 09e4b11 Update CHANGELOG.md (#792)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​clickhouse/client since your current version.

Updates @filoz/synapse-core from 0.3.3 to 0.6.0

Release notes

Sourced from @​filoz/synapse-core's releases.

synapse-core: v0.6.0

0.6.0 (2026-06-04)

⚠ BREAKING CHANGES

• typehash: DeleteDataSetPermission is replaced by TerminateServicePermission. Existing session keys must be re-minted; passing a stale session key to Synapse.create() fails because the default permission set no longer matches.
• piece: vendor PieceCID, redesign API (#795)

Features

• cap addPieces batches at 40, tighten piece metadata limits (#814) (06b4f65)
• piece: vendor PieceCID, redesign API (#795) (ec0c254)

Bug Fixes

• improve retry and poll logic (#813) (3eafe1f)
• remove left-over withIPNI metadata (#822) (2e40f83)
• session-key: name missing permissions in Synapse.create error (#805) (000d276)
• typehash: rename DeleteDataSet auth to TerminateService (#796) (3d1729d)

Chores

• deps: bump multiformats from 13.4.2 to 14.0.0 (#787) (54f2c92)
• devnet: add new db shape to devnet schema check (#821) (d80aad3)
• synapse-core: update filecoin-services ref to v1.2.1 (#812) (6e34ee9)
• updates deps and knip fixes (#810) (259cd5c)

synapse-core: v0.5.2

0.5.2 (2026-05-07)

Bug Fixes

• core: make streaming upload reachable in Node (#776) (3236a27)

synapse-core: v0.5.1

0.5.1 (2026-05-06)

Bug Fixes

• update README.md to provide an overview of the @​filoz/synapse-core package and its utilities (#773) (59e439c)

synapse-core: v0.5.0

0.5.0 (2026-05-05)

... (truncated)

Changelog

Sourced from @​filoz/synapse-core's changelog.

0.6.0 (2025-06-10)

Features

• utils: add Pandora storage provider admin portal [skip ci] (#79) (e6a79bc)

Bug Fixes

• remove 60s delay after createproofset and associated testing hack (353551a)

Trivial Changes

• docs: move ADMIN_SAFE_INTEGRATION_PLAN.md to utils (4167234)

0.5.0 (2025-06-09)

Features

• add minimum upload size validation and improve storage reliability (4270590)
• storage: add creation callbacks and remove out-of-scope methods (2de7f91)
• storage: implement download method and simplify DownloadOptions (05c1b79)
• storage: implement preflight checks and refactor allowance API (2746cba)
• storage: implement provider selection and proof set management (9faf04f)
• storage: implement upload method with UploadCallbacks (e289ae9)

Bug Fixes

• add hack to skip 60s delay in upload during tests (f4ade39)
• docs: update README examples for latest signatures (b574a90)
• pdp: restore correct upload protocol with check object (18618b2)
• semantic-release bug (bf340d8)

Trivial Changes

• remove example-usage.js in favour of new examples in utils/ (72dbe23)
• remove unused getters (1bed0db)
• use ethers.js utilities instead of hardcoded decimals (8895422)

0.4.0 (2025-06-09)

Features

• refactor SDK architecture for separation of concerns (9e0867b)

0.3.0 (2025-06-06)

Features

• pandora: implement getClientProofSets for client (bef0053)
• pdp: add comprehensive proof set discovery and status utilities (6f1da3e)

... (truncated)

Commits

• b0ffabe chore(release): 0.6.0 [skip ci]
• 4167234 chore(docs): move ADMIN_SAFE_INTEGRATION_PLAN.md to utils
• 353551a fix: remove 60s delay after createproofset and associated testing hack
• e6a79bc feat(utils): add Pandora storage provider admin portal [skip ci] (#79)
• 2482e2c chore(release): 0.5.0 [skip ci]
• bf340d8 fix: semantic-release bug
• f4ade39 fix: add hack to skip 60s delay in upload during tests
• 1bed0db chore: remove unused getters
• 72dbe23 chore: remove example-usage.js in favour of new examples in utils/
• 4270590 feat: add minimum upload size validation and improve storage reliability
• Additional commits viewable in compare view

Updates @ipld/car from 5.4.2 to 5.4.6

Release notes

Sourced from @​ipld/car's releases.

v5.4.6

5.4.6 (2026-05-12)

Trivial Changes

• deps: bump @​ipld/dag-json from 10.2.9 to 11.0.0 in /examples (#184) (eefd849)

Dependencies

• bump @​ipld/dag-cbor from 9.2.7 to 10.0.1 (#182) (a2ab328)

v5.4.5

5.4.5 (2026-05-11)

Trivial Changes

• deps: bump multiformats from 13.4.2 to 14.0.0 in /examples (#181) (d3255f1)

Dependencies

• bump multiformats from 13.4.2 to 14.0.0 (#180) (e1d683e)

v5.4.4

5.4.4 (2026-05-07)

Dependencies

• dev: bump aegir from 47.2.0 to 48.0.1 (#179) (a3dca47)

v5.4.3

5.4.3 (2026-04-02)

Trivial Changes

• deps: bump multiformats from 12.1.3 to 13.4.2 in /examples (#176) (2c87540)

Dependencies

• bump cborg from 4.5.8 to 5.0.0 (#178) (40ddb9c)

Changelog

Sourced from @​ipld/car's changelog.

5.4.6 (2026-05-12)

Trivial Changes

• deps: bump @​ipld/dag-json from 10.2.9 to 11.0.0 in /examples (#184) (eefd849)

Dependencies

• bump @​ipld/dag-cbor from 9.2.7 to 10.0.1 (#182) (a2ab328)

5.4.5 (2026-05-11)

Trivial Changes

• deps: bump multiformats from 13.4.2 to 14.0.0 in /examples (#181) (d3255f1)

Dependencies

• bump multiformats from 13.4.2 to 14.0.0 (#180) (e1d683e)

5.4.4 (2026-05-07)

Dependencies

• dev: bump aegir from 47.2.0 to 48.0.1 (#179) (a3dca47)

5.4.3 (2026-04-02)

Trivial Changes

• deps: bump multiformats from 12.1.3 to 13.4.2 in /examples (#176) (2c87540)

Dependencies

• bump cborg from 4.5.8 to 5.0.0 (#178) (40ddb9c)

Commits

• 547e433 chore(release): 5.4.6 [skip ci]
• a2ab328 deps: bump @​ipld/dag-cbor from 9.2.7 to 10.0.1 (#182)
• eefd849 chore(deps): bump @​ipld/dag-json from 10.2.9 to 11.0.0 in /examples (#184)
• 55f9112 chore(release): 5.4.5 [skip ci]
• e1d683e deps: bump multiformats from 13.4.2 to 14.0.0 (#180)
• d3255f1 chore(deps): bump multiformats from 13.4.2 to 14.0.0 in /examples (#181)
• ed69005 chore(release): 5.4.4 [skip ci]
• a3dca47 deps(dev): bump aegir from 47.2.0 to 48.0.1 (#179)
• 13d6e56 chore(release): 5.4.3 [skip ci]
• 40ddb9c deps: bump cborg from 4.5.8 to 5.0.0 (#178)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​ipld/car since your current version.

Updates @ipld/dag-pb from 4.1.5 to 4.1.7

Release notes

Sourced from @​ipld/dag-pb's releases.

v4.1.7

4.1.7 (2026-05-11)

Dependencies

• bump multiformats from 13.4.2 to 14.0.0 (#109) (81887a9)

v4.1.6

4.1.6 (2026-05-07)

Dependencies

• dev: bump aegir from 47.2.0 to 48.0.1 (#108) (d573d19)

Changelog

Sourced from @​ipld/dag-pb's changelog.

4.1.7 (2026-05-11)

Dependencies

• bump multiformats from 13.4.2 to 14.0.0 (#109) (81887a9)

4.1.6 (2026-05-07)

Dependencies

• dev: bump aegir from 47.2.0 to 48.0.1 (#108) (d573d19)

Commits

• 3b870f6 chore(release): 4.1.7 [skip ci]
• 81887a9 deps: bump multiformats from 13.4.2 to 14.0.0 (#109)
• a13ed0c chore(release): 4.1.6 [skip ci]
• d573d19 deps(dev): bump aegir from 47.2.0 to 48.0.1 (#108)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​ipld/dag-pb since your current version.

Updates @nestjs/common from 11.1.13 to 11.1.24

Release notes

Sourced from @​nestjs/common's releases.

v11.1.24 (2026-05-25)

Bug fixes

• core
  • #17009 fix(core): reset dependency-tree cache on metadata changes (@​puneetdixit200)

Enhancements

• core
  • #16997 feat(core): warn on late websocket adapter registration (@​hbinhng)

Dependencies

• platform-ws
  • #17011 chore(deps): bump ws from 8.20.1 to 8.21.0 (@​dependabot[bot])

Committers: 2

• Nguyễn Hải Bình (@​hbinhng)
• Puneet Dixit (@​puneetdixit200)

v11.1.23 (2026-05-21)

Bug fixes

• core
  • nestjs/nest#16998 fix snapshot: true eagerly instantiates Terminus transient indicators since 11.1.20

Committers: 1

• Kamil Mysliwiec (@​kamilmysliwiec)

v11.1.22 (2026-05-21)

Bug fixes

• core
  • #16993 fix(core): inflight request injection bug #16989 (@​kamilmysliwiec)

Enhancements

• core
  • #16967 fix(core): identify decorator type in invalid-class-module error (@​HarrierOnChain)

Committers: 2

• Harrier (@​HarrierOnChain)
• Kamil Mysliwiec (@​kamilmysliwiec)

v11.1.21 (2026-05-14)

Bug fixes

• core
  • #16948 fix(core): settle skipped provider initialization (@​yudin-s)

Committers: 1

• Serge Yudin (@​yudin-s)

... (truncated)

Commits

• d8a0ab8 chore(release): publish v11.1.24 release
• 2dccece chore: update readmes
• b8be8c1 chore(release): publish v11.1.23 release
• 801c46f chore(release): publish v11.1.22 release
• 983dd52 chore(release): publish v11.1.21 release
• a0b0139 chore: update readme
• 7caeb3f chore(release): publish v11.1.20 release
• f6a3c2f fix(docs): update some old links in docs
• 4b6420b Merge pull request #16902 from QusaiAlbonni/fix/filetype-validator-buffer-mes...
• 33515ed fix(common): improve missing buffer error message in file type validator
• Additional commits viewable in compare view

Updates @nestjs/config from 4.0.3 to 4.0.4

Release notes

Sourced from @​nestjs/config's releases.

Release 4.0.4

• fix(deps): update dependency dotenv to v17.4.1 (6bc5737)
• fix(deps): update dependency lodash to v4.18.1 [security] (f31ee98)

Commits

• 3b5d592 chore(): release v4.0.4
• 4fbcb03 Merge pull request #2263 from nestjs/renovate/dotenv-17.x
• 33dae89 Merge pull request #2269 from nestjs/renovate/cimg-node-24.x
• 0a727c3 Merge pull request #2313 from nestjs/renovate/npm-lodash-vulnerability
• 6bc5737 fix(deps): update dependency dotenv to v17.4.1
• f31ee98 fix(deps): update dependency lodash to v4.18.1 [security]
• 059314c chore(deps): update dependency typescript-eslint to v8.58.1 (#2315)
• 0f81e2d chore(deps): update dependency eslint to v10.2.0 (#2314)
• e673ab2 chore(deps): update dependency @​types/node to v24.12.2 (#2311)
• b1ede30 chore(deps): update nest monorepo to v11.1.18 (#2312)
• Additional commits viewable in compare view

Updates @nestjs/core from 11.1.13 to 11.1.24

Release notes

Sourced from @​nestjs/core's releases.

v11.1.24 (2026-05-25)

Bug fixes

• core
  • #17009 fix(core): reset dependency-tree cache on metadata changes (@​puneetdixit200)

Enhancements

• core
  • #16997 feat(core): warn on late websocket adapter registration (@​hbinhng)

Dependencies

• platform-ws
  • #17011 chore(deps): bump ws from 8.20.1 to 8.21.0 (@​dependabot[bot])

Committers: 2

• Nguyễn Hải Bình (@​hbinhng)
• Puneet Dixit (@​puneetdixit200)

v11.1.23 (2026-05-21)

Bug fixes

• core
  • nestjs/nest#16998 fix snapshot: true eagerly instantiates Terminus transient indicators since 11.1.20

Committers: 1

• Kamil Mysliwiec (@​kamilmysliwiec)

v11.1.22 (2026-05-21)

Bug fixes

• core
  • #16993 fix(core): inflight request injection bug #16989 (@​kamilmysliwiec)

Enhancements

• core
  • #16967 fix(core): identify decorator type in invalid-class-module error (@​HarrierOnChain)

Committers: 2

• Harrier (@​HarrierOnChain)
• Kamil Mysliwiec (@​kamilmysliwiec)

v11.1.21 (2026-05-14)

Bug fixes

• core
  • #16948 fix(core): settle skipped provider initialization (@​yudin-s)

Committers: 1

• Serge Yudin (@​yudin-s)

... (truncated)

Commits

• d8a0ab8 chore(release): publish v11.1.24 release
• 3ed595e fix(core): keep dependency parent registry internal
• 1b8c8b0 fix(core): propagate dependency tree cache resets
• 4c07009 fix(core): reset dependency tree cache on metadata changes
• ff95b3f Merge pull request #16997 from hbinhng/feat/warn-late-use-websocket-adapter
• 2dccece chore: update readmes
• b8be8c1 chore(release): publish v11.1.23 release
• 5de10df fix: should skip transient providers for snapshots
• d956db4 feat(core): warn on late websocket adapter registration
• 801c46f chore(release): publish v11.1.22 release
• Additional commits viewable in compare view

Updates @nestjs/platform-express from 11.1.13 to 11.1.24

Release notes

Sourced from @​nestjs/platform-express's releases.

v11.1.24 (2026-05-25)

Bug fixes

• core
  • #17009 fix(core): reset dependency-tree cache on metadata changes (@​puneetdixit200)

Enhancements

• core
  • #16997 feat(core): warn on late websocket adapter registration (@​hbinhng)

Dependencies

• platform-ws
  • #17011 chore(deps): bump ws from 8.20.1 to 8.21.0 (@​dependabot[bot])

Committers: 2

• Nguyễn Hải Bình (@​hbinhng)
• Puneet Dixit (@​puneetdixit200)

v11.1.23 (2026-05-21)

Bug fixes

• core
  • nestjs/nest#16998 fix snapshot: true eagerly instantiates Terminus transient indicators since 11.1.20

Committers: 1

• Kamil Mysliwiec (@​kamilmysliwiec)

v11.1.22 (2026-05-21)

Bug fixes

• core
  • #16993 fix(core): inflight request injection bug #16989 (@​kamilmysliwiec)

Enhancements

• core
  • #16967 fix(core): identify decorator type in invalid-class-module error (@​HarrierOnChain)

Committers: 2

• Harrier (@​HarrierOnChain)
• Kamil Mysliwiec (@​kamilmysliwiec)

v11.1.21 (2026-05-14)

Bug fixes

• core
  • #16948 fix(core): settle skipped provider initialization (@​yudin-s)

Committers: 1

• Serge Yudin (@​yudin-s)

... (truncated)

Commits

• d8a0ab8 chore(release): publish v11.1.24 release
• 2dccece chore: update readmes
• b8be8c1 chore(release): publish v11.1.23 release
• 801c46f chore(release): publish v11.1.22 release
• 983dd52 chore(release): publish v11.1.21 release
• a0b0139 chore: update readme
• 7caeb3f chore(release): publish v11.1.20 release
• f6a3c2f fix(docs): update some old links in docs
• 5e33ecf feat: add MulterOptions and MulterField interfaces for express platform confi...
• 6730995 chore(release): publish v11.1.19 release
• Additional commits viewable in compare view

Updates @nestjs/schedule from 6.1.1 to 6.1.3

Release notes

Sourced from @​nestjs/schedule's releases.

6.1.3

What's Changed

• feat(cron): add initialDelay option to defer first job execution by @​kyungseopk1m in nestjs/schedule#2251

Full Changelog: nestjs/schedule@6.1.2...6.1.3

Release 6.1.2

• Merge pull request #2247 from kyungseopk1m/feat/cron-initial-delay (a57ce2c)
• chore(deps): update dependency prettier to v3.8.3 (#2248) (bb3490d)
• feat(cron): add initialDelay option to defer first job execution (1c5677f)
• Merge pull request #2245 from nestjs/renovate/nest-monorepo (59046bd)
• Merge pull request #2246 from nestjs/renovate/oxlint-monorepo (be4eee3)
• chore(deps): update dependency oxlint to v1.60.0 (32a9ce2)
• chore(deps): update nest monorepo to v11.1.19 (7d3844f)
• chore: migrate to oxlint, vitest, ts6 (29de71b)
• chore(deps): update dependency globals to v17.5.0 (#2244) (6c62cca)
• chore(deps): update dependency sinon to v21.1.2 (#2243) (ee3b31a)
• chore(deps): update dependency sinon to v21.1.1 (#2241) (eba9799)
• Merge pull request #2242 from nestjs/renovate/prettier-3.x (c3ad0f7)
• chore(deps): update dependency prettier to v3.8.2 (798e2a9)
• Merge pull request #2199 from nestjs/renovate/cimg-node-24.x (a05354a)
• chore(deps): update dependency typescript-eslint to v8.58.1 (#2240) (0367ac1)
• chore(deps): update dependency eslint to v10.2.0 (#2239) (fa93e06)
• chore(deps): update nest monorepo to v11.1.18 (#2238) (8cd4c02)
• chore(deps): update dependency @​types/node to v24.12.2 (#2237) (01482df)
• chore(deps): update dependency @​types/sinon to v21.0.1 (#2236) (f05b5bd)
• chore(deps): update dependency ts-jest to v29.4.9 (#2235) (af545e6)
• chore(deps): update dependency typescript-eslint to v8.58.0 (#2233) (4dad22a)
• chore(deps): update node.js to v24.14.1 (28db9bc)
• chore(deps): update dependency eslint to v10.1.0 (#2232) (413f390)
• chore(deps): update nest monorepo to v11.1.17 (#2230) (46c2bc5)
• chore(deps): update dependency typescript-eslint to v8.57.1 (#2231) (8fd063b)
• chore(deps): update dependency sinon to v21.0.3 (#2229) (1671ad9)
• chore(deps): update commitlint monorepo to v20.5.0 (#2228) (2ecd2f1)
• chore(deps): update dependency lint-staged to v16.4.0 (#2227) (aa0de01)
• chore(deps): update commitlint monorepo to v20.4.4 (#2226) (75034fe)
• chore(deps): update dependency lint-staged to v16.3.3 (#2225) (f1c7d31)
• chore(deps): update dependency jest to v30.3.0 (#2224) (1a208d4)
• chore(deps): update dependency typescript-eslint to v8.57.0 (#2223) (60dd2c9)
• chore(deps): update dependency eslint to v10.0.3 (#2221) (791b6ba)
• chore(deps): update dependency @​eslint/eslintrc to v3.3.5 (#2220) (0da1ca7)
• chore(deps): update dependency @​types/node to v24.12.0 (#2219) (934a93e)
• chore(deps): update nest monorepo to v11.1.16 (#2218) (5f44e9b)
• chore(deps): update dependency sinon to v21.0.2 (#2217) (b807746)
• chore(deps): update dependency lint-staged to v16.3.2 (#2216) (4ca32bd)
• chore(deps): update commitlint monorepo to v20.4.3 (#2215) (d3ceb76)
• chore(deps): update nest monorepo to v11.1.15 (#2214) (b084ffc)
• chore(deps): update dependency lint-staged to v16.3.1 (#2213) (8a201b2)
• chore(deps): update dependency globals to v17.4.0 (#2212) (6f61793)
• chore(deps): update dependency lint-staged to v16.3.0 (#2211) (aa9213a)

... (truncated)

Commits

• 059f196 Merge pull request #2249 from nestjs/renovate/release-it-20.x
• 557730e Merge pull request #2251 from kyungseopk1m/feat/cron-initial-delay-v2
• 14f5b80 feat(cron): add initialDelay option to defer first job execution
• 536367d chore(deps): update dependency release-it to v20
• 57e2861 Merge pull request #2250 from nestjs/revert-2247-feat/cron-initial-delay
• e08f457 Revert "feat(cron): add initialDelay option to defer first job execution"

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​nestjs/​schematics@​11.1.0
	@​radix-ui/​react-slot@​1.2.3 ⏵ 1.2.5	+1		+1
	@​radix-ui/​react-switch@​1.3.0
	filecoin-pin@​0.22.3
	@​types/​react@​19.2.17
	@​vitest/​coverage-v8@​4.1.8
	@​willsoto/​nestjs-prometheus@​6.1.0
	@​types/​node@​25.9.2
	@​filoz/​synapse-core@​0.6.0
	@​nestjs/​typeorm@​11.0.1
	class-validator@​0.15.1
	@​nestjs/​cli@​11.0.21
	@​nestjs/​schedule@​6.1.3
	@​nestjs/​config@​4.0.4
	helmet@​8.2.0
	@​nestjs/​swagger@​11.4.4
	date-fns@​4.4.0
	@​tailwindcss/​vite@​4.3.0
	assemblyscript@​0.28.18
	@​ipld/​dag-pb@​4.1.7
	@​swc/​core@​1.15.40
	@​nestjs/​core@​11.1.24
	@​ipld/​car@​5.4.6
	@​nestjs/​common@​11.1.24
	@​nestjs/​testing@​11.1.24
	axios@​1.17.0
	@​nestjs/​platform-express@​11.1.24
	@​biomejs/​biome@​2.4.16
	@​clickhouse/​client@​1.20.0

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm @mswjs/interceptors is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pnpm-lock.yaml → npm/@mswjs/interceptors@0.41.9 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@mswjs/interceptors@0.41.9. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm date-fns is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: apps/web/package.json → npm/date-fns@4.4.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/date-fns@4.4.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm immer is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pnpm-lock.yaml → npm/immer@11.1.8 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/immer@11.1.8. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report