npm-backend: bump file-type and @nestjs/common in /sources/packages/backend by dependabot[bot] · Pull Request #5901 · bcgov/SIMS

dependabot · 2026-03-16T18:12:39Z

Bumps file-type to 21.3.2 and updates ancestor dependency @nestjs/common. These dependencies need to be updated together.

Updates file-type from 21.3.0 to 21.3.2

Release notes

Sourced from file-type's releases.

v21.3.2

Fix ZIP bomb in known-size ZIP probing (GHSA-j47w-4g3g-c36v) a155cd7

Fix bound recursive BOM and ID3 detection 370ed91

sindresorhus/file-type@v21.3.1...v21.3.2

v21.3.1

Fix infinite loop in ASF parser on malformed input (GHSA-5v7r-6r5c-r473) 319abf8

sindresorhus/file-type@v21.3.0...v21.3.1

Commits

e18028c 21.3.2
a155cd7 Fix ZIP bomb in known-size ZIP probing
6954817 Harden parser more
370ed91 Fix bound recursive BOM and ID3 detection
d2ecea1 Add a few more safeguards
41fcff5 Update readme
a8f6934 Fix CI
ad5857e 21.3.1
5d2fedf Harden parser
319abf8 Fix infinite loop in ASF parser on malformed input
Additional commits viewable in compare view

Updates @nestjs/common from 11.1.13 to 11.1.17

Release notes

Sourced from @nestjs/common's releases.

v11.1.17 (2026-03-16)

Enhancements

microservices

#16218 feat(microservices): add redis driver identification (@vchomakov)

Bugs

platform-fastify

auto-run middleware for HEAD requests as fastify redirects them to GET handlers (effectively skipping middleware execution) nestjs/nest@cbdf737 (@kamilmysliwiec)

Dependencies

common

#16567 fix(deps): update dependency file-type to v21.3.2 (@renovate[bot])

platform-fastify

#16533 fix(deps): update dependency fastify to v5.8.2 (@renovate[bot])

Committers: 3

Rohan Santhosh Kumar (@Rohan5commit)

Vasil Chomakov (@vchomakov)

Kamil Mysliwiec (@kamilmysliwiec)

v11.1.16 (2026-03-05)

Bug fixes

microservices

#16506 fix(microservices): fix double callback when isdisposed or err is truthy (@LhonRafaat)

Dependencies

platform-express

#16507 fix(deps): update dependency multer to v2.1.1 (@renovate[bot])

Committers: 2

Lhon (@LhonRafaat)

Shahnoor Mujawar (@shahnoormujawar)

v11.1.15

What's Changed

fix(microservices): if indexOf return 0 will if will be falsy by @cuiweixie in nestjs/nest#16401

fix(microservices): introuduce max pattern depth and object complexity by @kamilmysliwiec in nestjs/nest#16402

chore(@nestjs/core): allow override for initializeWildcardHandlersIfE… by @StNekroman in nestjs/nest#16468

chore(deps): update dependency @fastify/middie to v9.2.0 [security] by @renovate[bot] in nestjs/nest#16472

fix(deps): update dependency multer to v2.1.0 [security] by @renovate[bot] in nestjs/nest#16474

New Contributors

@cuiweixie made their first contribution in nestjs/nest#16401

@StNekroman made their first contribution in nestjs/nest#16468

Full Changelog: nestjs/nest@v11.1.14...v11.1.15

v11.1.14 (2026-02-17)

... (truncated)

Commits

447a373 chore(release): publish v11.1.17 release
99ed6e6 fix(deps): update dependency file-type to v21.3.2
268a283 fix(deps): update dependency file-type to v21.3.1
315e698 chore(release): publish v11.1.16 release
6add3d6 chore(release): publish v11.1.15 release
5d31df7 chore(release): publish v11.1.14 release
829d326 Merge pull request #16314 from SpencerKaiser/bugfix/cors-types
5058600 fix(common): change requestOrigin type
91212b2 fix: return type error
804d27b fix: invalid context when no stack trace is provided
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [file-type](https://github.com/sindresorhus/file-type) to 21.3.2 and updates ancestor dependency [@nestjs/common](https://github.com/nestjs/nest/tree/HEAD/packages/common). These dependencies need to be updated together. Updates `file-type` from 21.3.0 to 21.3.2 - [Release notes](https://github.com/sindresorhus/file-type/releases) - [Commits](sindresorhus/file-type@v21.3.0...v21.3.2) Updates `@nestjs/common` from 11.1.13 to 11.1.17 - [Release notes](https://github.com/nestjs/nest/releases) - [Commits](https://github.com/nestjs/nest/commits/v11.1.17/packages/common) --- updated-dependencies: - dependency-name: file-type dependency-version: 21.3.2 dependency-type: indirect - dependency-name: "@nestjs/common" dependency-version: 11.1.17 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>

sonarqubecloud · 2026-03-16T18:13:30Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

dependabot Bot added Backend Used by the dependabot pull requests to identify PRs related to the backend. Dependencies Pull requests that update a dependency file npm Used by the dependabot pull requests to identify PRs related to npm package upgrades. labels Mar 16, 2026

sh16011993 merged commit 5499945 into main Mar 16, 2026
8 checks passed

sh16011993 deleted the dependabot/npm_and_yarn/sources/packages/backend/multi-3b938b7446 branch March 16, 2026 18:26

sh16011993 temporarily deployed to DEV March 16, 2026 18:38 — with GitHub Actions Inactive

sh16011993 temporarily deployed to DEV March 16, 2026 18:39 — with GitHub Actions Inactive

sh16011993 temporarily deployed to DEV March 16, 2026 18:41 — with GitHub Actions Inactive

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

npm-backend: bump file-type and @nestjs/common in /sources/packages/backend#5901

npm-backend: bump file-type and @nestjs/common in /sources/packages/backend#5901
sh16011993 merged 1 commit intomainfrom
dependabot/npm_and_yarn/sources/packages/backend/multi-3b938b7446

dependabot Bot commented on behalf of github Mar 16, 2026

Uh oh!

sonarqubecloud Bot commented Mar 16, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github Mar 16, 2026

v21.3.2

v21.3.1

v11.1.17 (2026-03-16)

Enhancements

Bugs

Dependencies

Committers: 3

v11.1.16 (2026-03-05)

Bug fixes

Dependencies

Committers: 2

v11.1.15

What's Changed

New Contributors

v11.1.14 (2026-02-17)

Uh oh!

sonarqubecloud Bot commented Mar 16, 2026

Quality Gate passed

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant