chore(deps): bump the dependencies group across 1 directory with 9 updates

[dependabot]

Bumps the dependencies group with 9 updates in the / directory:

Package	From	To
@nestjs/swagger	11.2.6	11.2.7
axios	1.14.0	1.15.0
dotenv	17.4.1	17.4.2
@nestjs/cli	11.0.18	11.0.19
eslint	9.39.2	9.39.4
globals	17.4.0	17.5.0
prettier	3.8.1	3.8.2
typedoc	0.28.18	0.28.19
typescript-eslint	8.58.0	8.58.1

Updates @nestjs/swagger from 11.2.6 to 11.2.7

Release notes

Sourced from @​nestjs/swagger's releases.

11.2.7

What's Changed

• fix(deps): update dependency lodash to v4.18.1 [security] by @​renovate[bot] in nestjs/swagger#3808
• fix(deps): update dependency @​nestjs/mapped-types to v2.1.1 by @​renovate[bot] in nestjs/swagger#3791
• fix(plugin): support TypeScript project references in ReadonlyVisitor by @​maruthang in nestjs/swagger#3804
• fix(plugin): skip auto-generated response decorator when Api*Response already present by @​maruthang in nestjs/swagger#3803
• fix(schema): handle const enum objects from SWC compiler metadata by @​maruthang in nestjs/swagger#3802
• fix(deps): update dependency path-to-regexp to v8.4.2 by @​renovate[bot] in nestjs/swagger#3815
• fix(swagger-explorer): prevent enum schema mutation across multiple document generations by @​maruthang in nestjs/swagger#3799
• fix(decorators): do not crash on Controller getter by @​robbtraister in nestjs/swagger#3788
• fix(plugin): handle non-ASCII characters in project paths by @​maruthang in nestjs/swagger#3786
• fix(explorer): pass version to operationIdFactory for all versioning types by @​maruthang in nestjs/swagger#3783
• chore(deps): update dependency class-validator to v0.15.1 by @​renovate[bot] in nestjs/swagger#3753
• fix(deps): update dependency swagger-ui-dist to v5.32.2 by @​renovate[bot] in nestjs/swagger#3738

New Contributors

• @​maruthang made their first contribution in nestjs/swagger#3804
• @​robbtraister made their first contribution in nestjs/swagger#3788

Full Changelog: nestjs/swagger@11.2.6...11.2.7

Commits

• 7924747 chore(): release v11.2.7
• 6c3416f Merge pull request #3738 from nestjs/renovate/swagger-ui-dist-5.x
• b225174 Merge pull request #3753 from nestjs/renovate/class-validator-0.x
• 69ca9ef Merge pull request #3737 from nestjs/renovate/cimg-node-24.x
• 456b98d chore(deps): update dependency class-validator to v0.15.1
• 454731d Merge pull request #3783 from maruthang/fix/operationid-version-all-types-3268
• f927e93 Merge pull request #3786 from maruthang/fix/non-ascii-path-plugin-3695
• 96f3d1a Merge pull request #3788 from robbtraister/bugfix/api-query-with-getter
• 849cdaf Merge pull request #3799 from maruthang/fix/issue-2182-enum-schema-multi-doc
• 7c421ab fix(deps): update dependency swagger-ui-dist to v5.32.2
• Additional commits viewable in compare view

Updates axios from 1.14.0 to 1.15.0

Release notes

Sourced from axios's releases.

v1.15.0

This release delivers two critical security patches, adds runtime support for Deno and Bun, and includes significant CI hardening, documentation improvements, and routine dependency updates.

⚠️ Important Changes

• Deprecation: url.parse() usage has been replaced to address Node.js deprecation warnings. If you are on a recent version of Node.js, this resolves console warnings you may have been seeing. (#10625)

🔒 Security Fixes

• Proxy Handling: Fixed a no_proxy hostname normalisation bypass that could lead to Server-Side Request Forgery (SSRF). (#10661)
• Header Injection: Fixed an unrestricted cloud metadata exfiltration vulnerability via a header injection chain. (#10660)

🚀 New Features

• Runtime Support: Added compatibility checks and documentation for Deno and Bun environments. (#10652, #10653)

🔧 Maintenance & Chores

• CI Security: Hardened workflow permissions to least privilege, added the zizmor security scanner, pinned action versions, and gated npm publishing with OIDC and environment protection. (#10618, #10619, #10627, #10637, #10666)
• Dependencies: Bumped serialize-javascript, handlebars, picomatch, vite, and denoland/setup-deno to latest versions. Added a 7-day Dependabot cooldown period. (#10574, #10572, #10568, #10663, #10664, #10665, #10669, #10670, #10616)
• Documentation: Unified docs, improved beforeRedirect credential leakage example, clarified withCredentials/withXSRFToken behaviour, HTTP/2 support notes, async/await timeout error handling, header case preservation, and various typo fixes. (#10649, #10624, #7452, #7471, #10654, #10644, #10589)
• Housekeeping: Removed stale files, regenerated lockfile, and updated sponsor scripts and blocks. (#10584, #10650, #10582, #10640, #10659, #10668)
• Tests: Added regression coverage for urlencoded Content-Type casing. (#10573)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve Axios:

• @​raashish1601 (#10573)
• @​Kilros0817 (#10625)
• @​ashstrc (#10624)
• @​Abhi3975 (#10589)
• @​theamodhshetty (#7452)

Changelog

Sourced from axios's changelog.

Changelog

1.13.3 (2026-01-20)

Bug Fixes

• http2: Use port 443 for HTTPS connections by default. (#7256) (d7e6065)
• interceptor: handle the error in the same interceptor (#6269) (5945e40)
• main field in package.json should correspond to cjs artifacts (#5756) (7373fbf)
• package.json: add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (#5754) (b89217e)
• silentJSONParsing=false should throw on invalid JSON (#7253) (#7257) (7d19335)
• turn AxiosError into a native error (#5394) (#5558) (1c6a86d)
• types: add handlers to AxiosInterceptorManager interface (#5551) (8d1271b)
• types: restore AxiosError.cause type from unknown to Error (#7327) (d8233d9)
• unclear error message is thrown when specifying an empty proxy authorization (#6314) (6ef867e)

Features

• add undefined as a value in AxiosRequestConfig (#5560) (095033c)
• add automatic minor and patch upgrades to dependabot (#6053) (65a7584)
• add Node.js coverage script using c8 (closes #7289) (#7294) (ec9d94e)
• added copilot instructions (3f83143)
• compatibility with frozen prototypes (#6265) (860e033)
• enhance pipeFileToResponse with error handling (#7169) (88d7884)
• types: Intellisense for string literals in a widened union (#6134) (f73474d), closes microsoft/TypeScript#33471

Reverts

• Revert "fix: silentJSONParsing=false should throw on invalid JSON (#7253) (#7…" (#7298) (a4230f5), closes #7253 #7 #7298
• deps: bump peter-evans/create-pull-request from 7 to 8 in the github-actions group (#7334) (2d6ad5e)

Contributors to this release

• Ashvin Tiwari
• Nikunj Mochi
• Anchal Singh
• jasonsaayman
• Julian Dax
• Akash Dhar Dubey
• Madhumita
• Tackoil
• Justin Dhillon
• Rudransh
• WuMingDao
• codenomnom
• Nandan Acharya
• Eric Dubé
• Tibor Pilz
• Gabriel Quaresma
• Turadg Aleahmad

... (truncated)

Commits

• 772a4e5 chore(release): prepare release 1.15.0 (#10671)
• 4b07137 chore(deps-dev): bump vite from 8.0.0 to 8.0.5 in /tests/smoke/esm (#10663)
• 51e57b3 chore(deps-dev): bump vite from 8.0.2 to 8.0.5 (#10664)
• fba1a77 chore(deps-dev): bump vite from 8.0.2 to 8.0.5 in /tests/module/esm (#10665)
• 0bf6e28 chore(deps): bump denoland/setup-deno in the github-actions group (#10669)
• 8107157 chore(deps-dev): bump the development_dependencies group with 4 updates (#10670)
• e66530e ci: require npm-publish environment for releases (#10666)
• 49f23cb chore(sponsor): update sponsor block (#10668)
• 3631854 fix: unrestricted cloud metadata exfiltration via header injection chain (#10...
• fb3befb fix: no_proxy hostname normalization bypass leads to ssrf (#10661)
• Additional commits viewable in compare view

Updates dotenv from 17.4.1 to 17.4.2

Changelog

Sourced from dotenv's changelog.

17.4.2 (2026-04-12)

Changed

• Improved skill files - tightened up details (#1009)

Commits

• f116f70 17.4.2
• 3a81612 fix visual order of faq
• 13f55a8 Merge branch 'skill'
• 4bbbf73 reorganize faq
• c3da64b Merge pull request #1009 from motdotla/skill
• 6f743b1 update source
• fc2c624 update skill
• 972315b Tighten up skill
• 2795fce reorganize faq
• d5495d4 adjust skill
• Additional commits viewable in compare view

Updates @nestjs/cli from 11.0.18 to 11.0.19

Release notes

Sourced from @​nestjs/cli's releases.

Release 11.0.19

What's Changed

• fix(types): correct Asset type definition from string literal to string union by @​yogeshwaran-c in nestjs/nest-cli#3323
• fix(generate): use selected project name for specFileSuffix lookup by @​yogeshwaran-c in nestjs/nest-cli#3325
• fix(info): add missing space in os version display by @​yogeshwaran-c in nestjs/nest-cli#3321
• fix(compiler): run tsconfig paths plugin before user plugins in tsc compiler by @​yogeshwaran-c in nestjs/nest-cli#3326
• fix(start): skip signal forwarding in watch mode by @​maruthang in nestjs/nest-cli#3338
• feat(compiler): resolve path aliases in declaration files by @​maruthang in nestjs/nest-cli#3344
• fix(deps): update angular-cli monorepo to v19.2.24 by @​renovate[bot] in nestjs/nest-cli#3337

Full Changelog: nestjs/nest-cli@11.0.18...11.0.19

Commits

• be77cf3 chore(): release v11.0.19
• 6118dc2 Merge pull request #3336 from nestjs/renovate/webpack-5.x
• 52cd494 Merge pull request #3337 from nestjs/renovate/angular-cli-monorepo
• 41127ce Merge pull request #3344 from maruthang/feat/issue-1749-dts-alias-resolution
• 436eecc Merge pull request #3338 from maruthang/fix/issue-3158-watch-mode-regression
• 73e1aeb feat(compiler): convert path aliases to relative paths in declaration files
• e4e3a2f fix(start): skip signal forwarding in watch mode (#3158)
• e66d3ac fix(deps): update angular-cli monorepo to v19.2.24
• 2a514cd fix(deps): update dependency webpack to v5.106.0
• c6dc876 Merge pull request #3328 from nestjs/renovate/typescript-eslint-monorepo
• Additional commits viewable in compare view

Updates eslint from 9.39.2 to 9.39.4

Release notes

Sourced from eslint's releases.

v9.39.4

Bug Fixes

• f18f6c8 fix: update dependency minimatch to ^3.1.5 (#20564) (Milos Djermanovic)
• a3c868f fix: update dependency @​eslint/eslintrc to ^3.3.4 (#20554) (Milos Djermanovic)
• 234d005 fix: minimatch security vulnerability patch for v9.x (#20549) (Andrej Beles)
• b1b37ee fix: update ajv to 6.14.0 to address security vulnerabilities (#20538) (루밀LuMir)

Documentation

• 4675152 docs: add deprecation notice partial (#20520) (Milos Djermanovic)

Chores

• b8b4eb1 chore: update dependencies for ESLint v9.39.4 (#20596) (Francesco Trotta)
• 71b2f6b chore: package.json update for @​eslint/js release (Jenkins)
• 1d16c2f ci: pin Node.js 25.6.1 (#20563) (Milos Djermanovic)

v9.39.3

Bug Fixes

• 791bf8d fix: restore TypeScript 4.0 compatibility in types (#20504) (sethamus)

Chores

• 8594a43 chore: upgrade @​eslint/js@​9.39.3 (#20529) (Milos Djermanovic)
• 9ceef92 chore: package.json update for @​eslint/js release (Jenkins)
• af498c6 chore: ignore /docs/v9.x in link checker (#20453) (Milos Djermanovic)

Commits

• f5770b0 9.39.4
• c30147a Build: changelog update for 9.39.4
• b8b4eb1 chore: update dependencies for ESLint v9.39.4 (#20596)
• 71b2f6b chore: package.json update for @​eslint/js release
• 4675152 docs: add deprecation notice partial (#20520)
• f18f6c8 fix: update dependency minimatch to ^3.1.5 (#20564)
• 1d16c2f ci: pin Node.js 25.6.1 (#20563)
• a3c868f fix: update dependency @​eslint/eslintrc to ^3.3.4 (#20554)
• 234d005 fix: minimatch security vulnerability patch for v9.x (#20549)
• b1b37ee fix: update ajv to 6.14.0 to address security vulnerabilities (#20538)
• Additional commits viewable in compare view

Updates globals from 17.4.0 to 17.5.0

Release notes

Sourced from globals's releases.

v17.5.0

• Update globals (2026-04-12) (#342) 5d84602

---

sindresorhus/globals@v17.4.0...v17.5.0

Commits

• b8170c8 17.5.0
• 5d84602 Update globals (2026-04-12) (#342)
• 1b727e5 Fix build script for ES globals (#341)
• See full diff in compare view

Updates prettier from 3.8.1 to 3.8.2

Release notes

Sourced from prettier's releases.

3.8.2

• Support Angular v21.2

🔗 Changelog

Changelog

Sourced from prettier's changelog.

3.8.2

diff

Angular: Support Angular v21.2 (#18722, #19034 by @​fisker)

Exhaustive typechecking with @default never;

<!-- Input -->
@switch (foo) {
  @case (1) {}
  @default never;
}
<!-- Prettier 3.8.1 -->
SyntaxError: Incomplete block "default never". If you meant to write the @ character, you should use the "&#64;" HTML entity instead. (3:3)
<!-- Prettier 3.8.2 -->
@​switch (foo) {
@​case (1) {}
@​default never;
}

arrow function and instanceof expressions.

<!-- Input -->
@let fn = (a) =>        a?    1:2;
{{ fn ( a         instanceof b)}}
<!-- Prettier 3.8.1 -->
@​let fn = (a) =>        a?    1:2;
{{ fn ( a         instanceof b)}}
<!-- Prettier 3.8.2 -->
@​let fn = (a) => (a ? 1 : 2);
{{ fn(a instanceof b) }}

Commits

• b31557c Release 3.8.2
• 96bbaed Support Angular v21.2 (#18722)
• 881360b Support default never in Angular v21.2 (#19034)
• 07d6724 Bump Prettier dependency to 3.8.1
• 8b4a53a Clean changelog_unreleased
• See full diff in compare view

Updates typedoc from 0.28.18 to 0.28.19

Release notes

Sourced from typedoc's releases.

v0.28.19

Features

• Added French translations for the TypeDoc interface and help descriptions.
• Added support for triple-slash comment style, which requires exactly three slashes in the comment, #3089.

Bug Fixes

• Corrected handling of icon caching for custom themes which use SVGs with a larger view box than TypeDoc's default theme.
• Fixed short summary comment handling on module pages when the project source files use Windows line endings, #3093.

Thanks!

• @​avivkeller
• @​hyosua
• @​marijnh
• @​Pistonight

Changelog

Sourced from typedoc's changelog.

v0.28.19 (2026-04-12)

Features

• Added French translations for the TypeDoc interface and help descriptions.
• Added support for triple-slash comment style, which requires exactly three slashes in the comment, #3089.

Bug Fixes

• Corrected handling of icon caching for custom themes which use SVGs with a larger view box than TypeDoc's default theme.
• Fixed short summary comment handling on module pages when the project source files use Windows line endings, #3093.

Thanks!

• @​avivkeller
• @​hyosua
• @​marijnh
• @​Pistonight

Commits

• 0135da0 Update changelog for release
• 68fa965 Bump version to 0.28.19
• cb13565 Update changelog, documentation
• acba2ae Fix Comment.getShortSummary with windows line endings
• a108643 feat(router): move anchor creation to seperate function (#3092)
• d743a1c Merge pull request #3091 from hyosua/feat/locales-fr
• 70a9b41 Update CHANGELOG and format French locales
• 4db90bc Add French translations for locales
• c8fb88f Attempt updating actions versions
• a58e6a9 Update deps
• Additional commits viewable in compare view

Updates typescript-eslint from 8.58.0 to 8.58.1

Release notes

Sourced from typescript-eslint's releases.

v8.58.1

8.58.1 (2026-04-08)

🩹 Fixes

• eslint-plugin: [no-unused-vars] fix false negative for type predicate parameter (#12004)

❤️ Thank You

• MinJae @​Ju-MINJAE

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from typescript-eslint's changelog.

8.58.1 (2026-04-08)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

• 5311ed3 chore(release): publish 8.58.1
• See full diff in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
eslint	[>= 10.a, < 11]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.