chore(deps-dev): bump the dev-dependencies group across 1 directory with 7 updates

[dependabot]

Bumps the dev-dependencies group with 7 updates in the /backend directory:

Package	From	To
@nestjs/testing	10.4.20	11.1.14
@types/express	4.17.25	5.0.6
cross-env	7.0.3	10.1.0
jest	29.7.0	30.2.0
@types/jest	29.5.14	30.0.0
supertest	6.3.4	7.2.2
@types/supertest	6.0.3	7.2.0

Updates @nestjs/testing from 10.4.20 to 11.1.14

Release notes

Sourced from @​nestjs/testing's releases.

v11.1.14 (2026-02-17)

Bug fixes

• platform-fastify
  • #16384 fix(fastify): fastify middleware bypass cve (@​kamilmysliwiec)
• common
  • #16307 fix: logger print invalid context when no stack trace provided (@​JulienDuf)

Enhancements

• common
  • #16314 fix(common): change requestOrigin type (@​SpencerKaiser)

Committers: 5

• Julien Dufresne (@​JulienDuf)
• Kamil Mysliwiec (@​kamilmysliwiec)
• Mykhailo Skrypsky (@​mixator)
• Spencer Kaiser (@​SpencerKaiser)
• 조수민 (@​suuuuuuminnnnnn)

v11.1.13 (2026-02-03)

Bug fixes

• common
  • #16230 fix(common): Fix skipping maxArrayLength and maxStringLength option (@​chojs23)

Enhancements

• microservices
  • #16286 feat(microservices): support per-handler qos in mqtt (@​suuuuuuminnnnnn)
  • #16262 Feat/microservices configurable max buffer size (@​jobnow)
• common
  • #16202 fix(common): exclude built-in primitives from strip proto keys (@​som14062005)

Dependencies

• platform-fastify
  • #16282 fix(deps): update dependency fastify to v5.7.4 (@​renovate[bot])
• platform-express
  • #16241 fix(deps): update dependency cors to v2.8.6 (@​renovate[bot])

Committers: 6

• Lee Donghyun (@​devizi0)
• Mykhailo Skrypsky (@​mixator)
• Neo (@​chojs23)
• Praveen Somasundaram (@​som14062005)
• Ricardo Gomes (@​jobnow)
• 조수민 (@​suuuuuuminnnnnn)

v11.1.12 (2026-01-15)

Bug fixes

• common

... (truncated)

Commits

• 5d31df7 chore(release): publish v11.1.14 release
• 8d1c16c chore: update readme
• e3a958a chore(release): publish v11.1.13 release
• 96932ad chore(release): publish v11.1.12 release
• 585f55f chore: revert lerna version
• fef323b chore(release): publish v11.1.11 release
• de5e026 chore(@​nestjs) publish v11.1.10 release
• 5045fea chore: update eslint monorepo
• 64c8552 chore(@​nestjs) publish v11.1.9 release
• 68cd545 chore(@​nestjs) publish v11.1.8 release
• Additional commits viewable in compare view

Updates @types/express from 4.17.25 to 5.0.6

Commits

• See full diff in compare view

Updates cross-env from 7.0.3 to 10.1.0

Release notes

Sourced from cross-env's releases.

v10.1.0

10.1.0 (2025-09-29)

Features

• add support for default value syntax (152ae6a)

For example:

"dev:server": "cross-env wrangler dev --port ${PORT:-8787}",

If PORT is already set, use that value, otherwise fallback to 8787.

Learn more about Shell Parameter Expansion

v10.0.0

10.0.0 (2025-07-25)

TL;DR: You should probably not have to change anything if:

• You're using a modern maintained version of Node.js (v20+ is tested)
• You're only using the CLI (most of you are as that's the intended purpose)

In this release (which should have been v8 except I had some issues with automated releases 🙈), I've updated all the things and modernized the package. This happened in #261

Was this needed? Not really, but I just thought it'd be fun to modernize this package.

Here's the highlights of what was done.

• Replace Jest with Vitest for testing
• Convert all source files from .js to .ts with proper TypeScript types
• Use zshy for ESM-only builds (removes CJS support)
• Adopt @​epic-web/config for TypeScript, ESLint, and Prettier
• Update to Node.js >=20 requirement
• Remove kcd-scripts dependency
• Add comprehensive e2e tests with GitHub Actions matrix testing
• Update GitHub workflow with caching and cross-platform testing
• Modernize documentation and remove outdated sections
• Update all dependencies to latest versions
• Add proper TypeScript declarations and exports

The tool maintains its original functionality while being completely modernized with the latest tooling and best practices

BREAKING CHANGES

• This is a major rewrite that changes the module format from CommonJS to ESM-only. The package now requires Node.js >=20 and only exports ESM modules (not relevant in most cases).

Commits

• 152ae6a feat: add support ofr default value syntax
• bd70d1a chore: upgrade zshy
• 8e0b190 chore(ci): get coverage
• 8635e80 fix(release): manually release a major version
• 3a58f22 chore: fix npmrc registry
• b70bfff chore(ci): add names to steps and workflows
• cc5759d fix(release): manually release a major version
• 080a859 chore: remove publish script
• 31e5bc7 chore(ci): restore built files
• 81e9c34 chore(ci): add back semantic-release
• Additional commits viewable in compare view

Updates jest from 29.7.0 to 30.2.0

Release notes

Sourced from jest's releases.

30.2.0

Chore & Maintenance

• [*] Update example repo for testing React Native projects (#15832)
• [*] Update jest-watch-typeahead to v3 (#15830)

Features

• [jest-environment-jsdom-abstract] Add support for JSDOM v27 (#15834)

Fixes

• [babel-jest] Export the TransformerConfig interface (#15820)
• [jest-config] Fix jest.config.ts with TS loader specified in docblock pragma (#15839)

30.1.3

Fixes

• Fix unstable_mockModule with node: prefixed core modules.

30.1.2

Fixes

• [jest-snapshot-utils] Correct snapshot header regexp to work with newline across OSes (#15803)

30.1.1

Fixes

• [jest-snapshot-utils] Fix deprecated goo.gl snapshot warning not handling Windows end-of-line sequences (#15800)

30.1.0

Features

• [jest-leak-detector] Configurable GC aggressiveness regarding to V8 heap snapshot generation (#15793)
• [jest-runtime] Reduce redundant ReferenceError messages
• [jest-core] Include test modules that failed to load when --onlyFailures is active

Fixes

• `[jest-snapshot-utils] Fix deprecated goo.gl snapshot guide link not getting replaced with fully canonical URL (#15787)
• [jest-circus] Fix it.concurrent not working with describe.skip (#15765)
• [jest-snapshot] Fix mangled inline snapshot updates when used with Prettier 3 and CRLF line endings
• [jest-runtime] Importing from @jest/globals in more than one file no longer breaks relative paths (#15772)

Chore

• [expect] Update docblock for toContain() to display info on substring check (#15789)

30.0.2

What's Changed

... (truncated)

Changelog

Sourced from jest's changelog.

30.2.0

Chore & Maintenance

• [*] Update example repo for testing React Native projects (#15832)
• [*] Update jest-watch-typeahead to v3 (#15830)

Features

• [jest-environment-jsdom-abstract] Add support for JSDOM v27 (#15834)

Fixes

• [jest-matcher-utils] Fix infinite recursion with self-referential getters in deepCyclicCopyReplaceable (#15831)
• [babel-jest] Export the TransformerConfig interface (#15820)
• [jest-config] Fix jest.config.ts with TS loader specified in docblock pragma (#15839)

30.1.3

Fixes

• Fix unstable_mockModule with node: prefixed core modules.

30.1.2

Fixes

• [jest-snapshot-utils] Correct snapshot header regexp to work with newline across OSes (#15803)

30.1.1

Fixes

• [jest-snapshot-utils] Fix deprecated goo.gl snapshot warning not handling Windows end-of-line sequences (#15800)
• [jest-snapshot-utils] Improve messaging about goo.gl snapshot link change (#15821)

30.1.0

Features

• [jest-leak-detector] Configurable GC aggressiveness regarding to V8 heap snapshot generation (#15793)
• [jest-runtime] Reduce redundant ReferenceError messages
• [jest-core] Include test modules that failed to load when --onlyFailures is active

Fixes

• [jest-snapshot-utils] Fix deprecated goo.gl snapshot guide link not getting replaced with fully canonical URL (#15787)
• [jest-circus] Fix it.concurrent not working with describe.skip (#15765)
• [jest-snapshot] Fix mangled inline snapshot updates when used with Prettier 3 and CRLF line endings
• [jest-runtime] Importing from @jest/globals in more than one file no longer breaks relative paths (#15772)

... (truncated)

Commits

• 855864e v30.2.0
• da9b532 v30.1.3
• ebfa31c v30.1.2
• d347c0f v30.1.1
• 4d5f41d v30.1.0
• 22236cf v30.0.5
• f4296d2 v30.0.4
• d4a6c94 v30.0.3
• 393acbf v30.0.2
• 5ce865b v30.0.1
• Additional commits viewable in compare view

Updates @types/jest from 29.5.14 to 30.0.0

Commits

• See full diff in compare view

Updates supertest from 6.3.4 to 7.2.2

Release notes

Sourced from supertest's releases.

v7.2.2

• fix: replace 'should' dependency with native assertions in cookies module 1954bcf

---

forwardemail/supertest@v7.2.1...v7.2.2

v7.2.1

• fix: correct case-sensitive require path for assertion module d4f04fb

---

forwardemail/supertest@v7.2.0...v7.2.1

v7.2.0

• fix: fixed package lock c4b08a6
• fix: drop v14 and v16 from tests d084ce2
• Merge pull request #872 from forwardemail/dependabot/npm_and_yarn/js-yaml-3.14.2 61f3ddf
• Merge pull request #873 from forwardemail/dependabot/npm_and_yarn/multi-6d05d0e569 bd2fe45
• chore(deps): bump qs, body-parser and express 07bf4fb
• Merge pull request #866 from SchroederSteffen/use-lowercase-header-name 0666797
• Merge pull request #868 from dmurvihill/cookie-assertions 953eca7
• chore(deps-dev): bump js-yaml from 3.14.1 to 3.14.2 81ab94c
• Merge pull request #870 from kudlav/patch-1 14d905d
• Update links to documentation in README f508b30
• feat(cookies): add cookie assertions 4f89680
• chore(readme): use lower-case header name 1e642b0

---

forwardemail/supertest@v7.1.4...v7.2.0

v7.1.4

• chore: bump deps 6021ec8
• Merge pull request #865 from forwardemail/dependabot/npm_and_yarn/form-data-4.0.4 ceca508
• chore(deps): bump form-data from 4.0.3 to 4.0.4 b1fb983

---

forwardemail/supertest@v7.1.3...v7.1.4

v7.1.3

• fix: revert automatic server closing (per #651) b6fd281
• fix: rename ci file 75bcbc9

---

forwardemail/supertest@v7.1.2...v7.1.3

v7.1.2

... (truncated)

Commits

• d799751 7.2.2
• 1954bcf fix: replace 'should' dependency with native assertions in cookies module
• 8fb7453 7.2.1
• d4f04fb fix: correct case-sensitive require path for assertion module
• b8f0a43 7.2.0
• c4b08a6 fix: fixed package lock
• d084ce2 fix: drop v14 and v16 from tests
• 61f3ddf Merge pull request #872 from forwardemail/dependabot/npm_and_yarn/js-yaml-3.14.2
• bd2fe45 Merge pull request #873 from forwardemail/dependabot/npm_and_yarn/multi-6d05d...
• 07bf4fb chore(deps): bump qs, body-parser and express
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by titanism, a new releaser for supertest since your current version.

Updates @types/supertest from 6.0.3 to 7.2.0

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions