fix: upgrade nestjs dependencies to upgrade multer transitive import

[mabdullahabaid]

Resolves Dependabot Alert 549 and Dependabot Alert 550.

[cubic-dev-ai]

No issues found across 2 files

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​nestjs/​core@​11.1.9 ⏵ 11.1.15				+2
	@​nestjs/​common@​11.1.9 ⏵ 11.1.15				+5
	@​nestjs/​testing@​11.1.9 ⏵ 11.1.15				+5
	@​nestjs/​platform-express@​11.1.9 ⏵ 11.1.15	+2			+6

View full report

[greptile-apps]

Greptile Summary

This PR upgrades @nestjs/common, @nestjs/core, @nestjs/platform-express, and @nestjs/testing from 11.1.9 to 11.1.15 in order to transitively pull in multer 2.1.0, which resolves Dependabot security alerts 549 and 550. The upgrade is confined to the twenty-server package and brings in several other minor version bumps across the transitive dependency graph (express, cors, body-parser, file-type, token-types, etc.).

• @nestjs/platform-express 11.1.15 now depends on multer 2.1.0 (was 2.0.2), which removes the vulnerable mkdirp, object-assign, and xtend transitive packages from multer's direct dependencies.
• @nestjs/common 11.1.15 pulls in file-type 21.3.0, which in turn drops the fflate dependency via @tokenizer/inflate 0.4.1.
• All four NestJS packages are updated consistently and their peer-dependency constraints (^11.0.0) are still satisfied by the rest of the NestJS ecosystem in this repo.
• The yarn.lock checksums are all updated correctly and the dependency graph is internally consistent.

Confidence Score: 5/5

• This PR is safe to merge — it is a targeted security dependency upgrade with no application logic changes.
• All changes are confined to dependency version pins and the generated lock file. The version bumps are patch/minor releases within the same major version (11.x), peer-dependency constraints remain satisfied, and the multer upgrade directly addresses the stated CVEs. No application code was modified.
• No files require special attention.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A["@nestjs/platform-express\n11.1.9 → 11.1.15"] --> B["multer\n2.0.2 → 2.1.0 ✅"]
    A --> C["express\n5.1.0 → 5.2.1"]
    A --> D["cors\n2.8.5 → 2.8.6"]
    C --> E["body-parser\n2.2.1 → 2.2.2"]
    E --> F["qs\n6.14.0 → 6.14.1+"]
    G["@nestjs/common\n11.1.9 → 11.1.15"] --> H["file-type\n21.1.0 → 21.3.0"]
    H --> I["@tokenizer/inflate\n0.3.1 → 0.4.1\n(drops fflate dep)"]
    H --> J["token-types\n6.1.1 → 6.1.2"]
    J --> K["@borewit/text-codec\n0.1.1 → 0.2.1"]
    B -- "Resolves" --> L["Dependabot Alert 549\nDependabot Alert 550"]
    style L fill:#d4edda,stroke:#28a745
    style B fill:#d4edda,stroke:#28a745

Loading

_{Last reviewed commit: 9996b5a}

[FelixMalfait]

🚀 Preview Environment Ready!

Your preview environment is available at: http://bore.pub:27747

This environment will automatically shut down after 5 hours.

[twenty-eng-sync]

Hey @mabdullahabaid! After you've done the QA of your Pull Request, you can mark it as done here. Thank you!