chore(deps): bump the npm-dependencies group across 1 directory with 8 updates

[dependabot]

Bumps the npm-dependencies group with 8 updates in the /apps/backend directory:

Package	From	To
@filoz/synapse-sdk	0.36.0	0.37.0
@nestjs/common	11.1.6	11.1.14
@nestjs/core	11.1.6	11.1.14
@nestjs/platform-express	11.1.6	11.1.14
filecoin-pin	0.15.1	0.16.0
undici	7.16.0	7.22.0
viem	2.38.3	2.46.2
@nestjs/testing	11.1.6	11.1.14

Updates @filoz/synapse-sdk from 0.36.0 to 0.37.0

Release notes

Sourced from @​filoz/synapse-sdk's releases.

synapse-sdk: v0.37.0

0.37.0 (2026-02-11)

⚠ BREAKING CHANGES

• change params to options object and remove withIpni (#601)
• remove pdp classes and change upload input to File
• transition from ethers to viem (#555)
• replace getMaxProvingPeriod() and getChallengeWindow() with getPDPConfig() (#526)
• use activePieceCount for accurate piece tracking (#517)
• change to only export Synapse from the main entrypoint

refactor

• replace getMaxProvingPeriod() and getChallengeWindow() with getPDPConfig() (#526) (a4956c7)

Features

• Add API for querying remaining egress (#430) (c40d6b8)
• add devnet support (#527) (773551b)
• change params to options object and remove withIpni (#601) (0d529e2)
• change to only export Synapse from the main entrypoint (4c0cc47), closes #232
• Endorsements Service (#553) (fba3280)
• examples/cli: add get-sp-peer-ids command (#546) (8aafdf1)
• move ethers to peer dependencies (242a2c1)
• remove pdp classes and change upload input to File (32700c2)
• storage: rename "pieces" callbacks, add piece info & dataSetId (#439) (f1bd585)
• transition from ethers to viem (#555) (3741241)
• use activePieceCount for accurate piece tracking (#517) (59fd863)

Bug Fixes

• cache clientDataSetId in StorageContext (#489) (ec1345a)
• change FilBeam URL to stats.filbeam.com (#539) (87ac7a8)
• createStorageContext without getClientDataSetsWithDetails (#438) (76e2439)
• expose getScheduledRemovals on storageContext (#490) (6a3b5cc)
• remove settlement fee (#502) (8c7537e), closes #243
• remove telemetry (#562) (128037e)
• resolveByProviderId doesnt use getClientDataSetsWithDetails (1049c05)
• revert back uploads to uint8array and stream (67a17ee)
• simplify upload input to Blob (908c042)
• treat status code 202 for findPiece as a retry (6b9e03f)
• warm-storage: check metadata withCDN key in addition to cdnRailId for CDN status (#505) (db234e5)

Chores

... (truncated)

Commits

• 2524aeb chore(master): release synapse-sdk 0.37.0 (#481)
• 0902a01 chore(master): release synapse-core 0.2.0 (#482)
• 0d529e2 feat!: change params to options object and remove withIpni (#601)
• 67a17ee fix: revert back uploads to uint8array and stream
• d7b9661 fix: namespace upload types
• 9b3f73f fix: move default nonces to the sign functions
• 908c042 fix: simplify upload input to Blob
• 78cfd25 chore: skip size limit test in StorageService due to browser limitations
• ac0e76e chore: linter
• 8061afb chore: update docs and export missing types
• Additional commits viewable in compare view

Updates @nestjs/common from 11.1.6 to 11.1.14

Release notes

Sourced from @​nestjs/common's releases.

v11.1.14 (2026-02-17)

Bug fixes

• platform-fastify
  • #16384 fix(fastify): fastify middleware bypass cve (@​kamilmysliwiec)
• common
  • #16307 fix: logger print invalid context when no stack trace provided (@​JulienDuf)

Enhancements

• common
  • #16314 fix(common): change requestOrigin type (@​SpencerKaiser)

Committers: 5

• Julien Dufresne (@​JulienDuf)
• Kamil Mysliwiec (@​kamilmysliwiec)
• Mykhailo Skrypsky (@​mixator)
• Spencer Kaiser (@​SpencerKaiser)
• 조수민 (@​suuuuuuminnnnnn)

v11.1.13 (2026-02-03)

Bug fixes

• common
  • #16230 fix(common): Fix skipping maxArrayLength and maxStringLength option (@​chojs23)

Enhancements

• microservices
  • #16286 feat(microservices): support per-handler qos in mqtt (@​suuuuuuminnnnnn)
  • #16262 Feat/microservices configurable max buffer size (@​jobnow)
• common
  • #16202 fix(common): exclude built-in primitives from strip proto keys (@​som14062005)

Dependencies

• platform-fastify
  • #16282 fix(deps): update dependency fastify to v5.7.4 (@​renovate[bot])
• platform-express
  • #16241 fix(deps): update dependency cors to v2.8.6 (@​renovate[bot])

Committers: 6

• Lee Donghyun (@​devizi0)
• Mykhailo Skrypsky (@​mixator)
• Neo (@​chojs23)
• Praveen Somasundaram (@​som14062005)
• Ricardo Gomes (@​jobnow)
• 조수민 (@​suuuuuuminnnnnn)

v11.1.12 (2026-01-15)

Bug fixes

• common

... (truncated)

Commits

• 5d31df7 chore(release): publish v11.1.14 release
• 829d326 Merge pull request #16314 from SpencerKaiser/bugfix/cors-types
• 5058600 fix(common): change requestOrigin type
• 91212b2 fix: return type error
• 804d27b fix: invalid context when no stack trace is provided
• 8d1c16c chore: update readme
• e3a958a chore(release): publish v11.1.13 release
• d88856c test(common): add unit tests for class serializer interceptor
• a1f6162 Merge pull request #16202 from som14062005/fix/issue-16195
• 8222634 refactor: move built-in types to module-level constant
• Additional commits viewable in compare view

Updates @nestjs/core from 11.1.6 to 11.1.14

Release notes

Sourced from @​nestjs/core's releases.

v11.1.14 (2026-02-17)

Bug fixes

• platform-fastify
  • #16384 fix(fastify): fastify middleware bypass cve (@​kamilmysliwiec)
• common
  • #16307 fix: logger print invalid context when no stack trace provided (@​JulienDuf)

Enhancements

• common
  • #16314 fix(common): change requestOrigin type (@​SpencerKaiser)

Committers: 5

• Julien Dufresne (@​JulienDuf)
• Kamil Mysliwiec (@​kamilmysliwiec)
• Mykhailo Skrypsky (@​mixator)
• Spencer Kaiser (@​SpencerKaiser)
• 조수민 (@​suuuuuuminnnnnn)

v11.1.13 (2026-02-03)

Bug fixes

• common
  • #16230 fix(common): Fix skipping maxArrayLength and maxStringLength option (@​chojs23)

Enhancements

• microservices
  • #16286 feat(microservices): support per-handler qos in mqtt (@​suuuuuuminnnnnn)
  • #16262 Feat/microservices configurable max buffer size (@​jobnow)
• common
  • #16202 fix(common): exclude built-in primitives from strip proto keys (@​som14062005)

Dependencies

• platform-fastify
  • #16282 fix(deps): update dependency fastify to v5.7.4 (@​renovate[bot])
• platform-express
  • #16241 fix(deps): update dependency cors to v2.8.6 (@​renovate[bot])

Committers: 6

• Lee Donghyun (@​devizi0)
• Mykhailo Skrypsky (@​mixator)
• Neo (@​chojs23)
• Praveen Somasundaram (@​som14062005)
• Ricardo Gomes (@​jobnow)
• 조수민 (@​suuuuuuminnnnnn)

v11.1.12 (2026-01-15)

Bug fixes

• common

... (truncated)

Commits

• 5d31df7 chore(release): publish v11.1.14 release
• 8d1c16c chore: update readme
• e3a958a chore(release): publish v11.1.13 release
• db9494a perf(core): use set instead of array for module registry lookup
• 909b504 test(core): add unit tests for discovery service
• 96932ad chore(release): publish v11.1.12 release
• 4fdeb0b style: address lint issues
• e5616c2 feat: apply instance decorator to all enhancers
• 585f55f chore: revert lerna version
• fef323b chore(release): publish v11.1.11 release
• Additional commits viewable in compare view

Updates @nestjs/platform-express from 11.1.6 to 11.1.14

Release notes

Sourced from @​nestjs/platform-express's releases.

v11.1.14 (2026-02-17)

Bug fixes

• platform-fastify
  • #16384 fix(fastify): fastify middleware bypass cve (@​kamilmysliwiec)
• common
  • #16307 fix: logger print invalid context when no stack trace provided (@​JulienDuf)

Enhancements

• common
  • #16314 fix(common): change requestOrigin type (@​SpencerKaiser)

Committers: 5

• Julien Dufresne (@​JulienDuf)
• Kamil Mysliwiec (@​kamilmysliwiec)
• Mykhailo Skrypsky (@​mixator)
• Spencer Kaiser (@​SpencerKaiser)
• 조수민 (@​suuuuuuminnnnnn)

v11.1.13 (2026-02-03)

Bug fixes

• common
  • #16230 fix(common): Fix skipping maxArrayLength and maxStringLength option (@​chojs23)

Enhancements

• microservices
  • #16286 feat(microservices): support per-handler qos in mqtt (@​suuuuuuminnnnnn)
  • #16262 Feat/microservices configurable max buffer size (@​jobnow)
• common
  • #16202 fix(common): exclude built-in primitives from strip proto keys (@​som14062005)

Dependencies

• platform-fastify
  • #16282 fix(deps): update dependency fastify to v5.7.4 (@​renovate[bot])
• platform-express
  • #16241 fix(deps): update dependency cors to v2.8.6 (@​renovate[bot])

Committers: 6

• Lee Donghyun (@​devizi0)
• Mykhailo Skrypsky (@​mixator)
• Neo (@​chojs23)
• Praveen Somasundaram (@​som14062005)
• Ricardo Gomes (@​jobnow)
• 조수민 (@​suuuuuuminnnnnn)

v11.1.12 (2026-01-15)

Bug fixes

• common

... (truncated)

Commits

• 5d31df7 chore(release): publish v11.1.14 release
• 8d1c16c chore: update readme
• e3a958a chore(release): publish v11.1.13 release
• 58c761a fix(deps): update dependency cors to v2.8.6
• 96932ad chore(release): publish v11.1.12 release
• 585f55f chore: revert lerna version
• fef323b chore(release): publish v11.1.11 release
• de5e026 chore(@​nestjs) publish v11.1.10 release
• 8f0840a test(express): Add tests for getBodyParserOptions utility
• 0c93692 chore: update prettier
• Additional commits viewable in compare view

Updates filecoin-pin from 0.15.1 to 0.16.0

Release notes

Sourced from filecoin-pin's releases.

v0.16.0

0.16.0 (2026-02-07)

Features

• add --data-set and --new-data-set flags to add command (#296) (e03719b)
• add provider command with info and ping subcommands (#295) (c52ebbf)

Bug Fixes

• use namespace import for Sentry SDK v8+ ESM compatibility (#319) (320a461)

Chores

• deps-dev: bump @​biomejs/biome from 2.3.13 to 2.3.14 (#318) (97f6f1b)
• deps: bump @​clack/prompts from 0.11.0 to 1.0.0 (#315) (63b34e0)

Changelog

Sourced from filecoin-pin's changelog.

0.16.0 (2026-02-07)

Features

• add --data-set and --new-data-set flags to add command (#296) (e03719b)
• add provider command with info and ping subcommands (#295) (c52ebbf)

Bug Fixes

• use namespace import for Sentry SDK v8+ ESM compatibility (#319) (320a461)

Chores

• deps-dev: bump @​biomejs/biome from 2.3.13 to 2.3.14 (#318) (97f6f1b)
• deps: bump @​clack/prompts from 0.11.0 to 1.0.0 (#315) (63b34e0)

Commits

• 778928e chore(master): release 0.16.0 (#317)
• f15bba4 ci: Update auto-label workflow to use pull_request_target (#323)
• 97f6f1b chore(deps-dev): bump @​biomejs/biome from 2.3.13 to 2.3.14 (#318)
• 63b34e0 chore(deps): bump @​clack/prompts from 0.11.0 to 1.0.0 (#315)
• 320a461 fix: use namespace import for Sentry SDK v8+ ESM compatibility (#319)
• e03719b feat: add --data-set and --new-data-set flags to add command (#296)
• c52ebbf feat: add provider command with info and ping subcommands (#295)
• See full diff in compare view

Updates undici from 7.16.0 to 7.22.0

Release notes

Sourced from undici's releases.

v7.22.0

What's Changed

• docs: fix syntax highlighting in WebSocket.md by @​styfle in nodejs/undici#4814
• fix: use OR operator in includesCredentials per WHATWG URL Standard by @​jackhax in nodejs/undici#4816
• feat(dispatcher/env-http-proxy-agent): strip leading dot and asterisk by @​SuperOleg39 in nodejs/undici#4676
• fix: route WebSocket upgrades through onRequestUpgrade by @​mcollina in nodejs/undici#4787
• build(deps-dev): bump esbuild from 0.25.12 to 0.27.3 by @​dependabot[bot] in nodejs/undici#4821
• fix(deduplicate): do not deduplicate non-safe methods by default by @​mcollina in nodejs/undici#4818
• feat: Support async cache stores in revalidation by @​marcopiraccini in nodejs/undici#4826

New Contributors

• @​jackhax made their first contribution in nodejs/undici#4816
• @​marcopiraccini made their first contribution in nodejs/undici#4826

Full Changelog: nodejs/undici@v7.21.0...v7.22.0

v7.21.0

What's Changed

• build(deps): bump actions/setup-node from 6.0.0 to 6.2.0 by @​dependabot[bot] in nodejs/undici#4796
• test: restore global dispatcher after fetch tests by @​mcollina in nodejs/undici#4790
• Add missing close method to WebSocketStream interface by @​piotr-cz in nodejs/undici#4802
• fix: error stream instead of canceling by @​KhafraDev in nodejs/undici#4804
• Fix clientTtl cleanup race in Agent by @​mcollina in nodejs/undici#4807
• feat(#4230): Implement pingInterval for dispatching PING frames by @​metcoder95 in nodejs/undici#4296
• fix: handle undefined __filename in bundled environments by @​mcollina in nodejs/undici#4812
• fix: set finalizer only for fetch responses by @​tsctx in nodejs/undici#4803

New Contributors

• @​piotr-cz made their first contribution in nodejs/undici#4802

Full Changelog: nodejs/undici@v7.20.0...v7.21.0

v7.20.0

What's Changed

• fix: preserve fetch stack traces by @​mcollina in nodejs/undici#4778
• Fix error handling in MockPool example by @​dave-kennedy in nodejs/undici#4781
• feat: expose statusText in request() ResponseData by @​domenic in nodejs/undici#4784
• test: reduce retry-after invalid date flake by @​mcollina in nodejs/undici#4788
• extractBody fixes by @​KhafraDev in nodejs/undici#4791
• fix: MockAgent delayed response with AbortSignal (#4693) by @​mcollina in nodejs/undici#4772
• fix: onParserTimeout potentially accessing undefined by @​vbfox in nodejs/undici#4758

New Contributors

• @​dave-kennedy made their first contribution in nodejs/undici#4781
• @​vbfox made their first contribution in nodejs/undici#4758

Full Changelog: nodejs/undici@v7.19.2...v7.20.0

v7.19.2

What's Changed

... (truncated)

Commits

• 0a23610 Bumped v7.22.0 (#4829)
• f3c5c61 feat: Support async cache stores in revalidation (#4826)
• 9b78a44 fix(deduplicate): avoid deduping methods not in methods option (#4818)
• 0ce57ba build(deps-dev): bump esbuild from 0.25.12 to 0.27.3 (#4821)
• 2453caf fix: route websocket upgrades through new handler API (#4787)
• 4658cdf feat(dispatcher/env-http-proxy-agent): strip leading dot and asterisk (#4676)
• a821c56 fix: use OR operator in includesCredentials per WHATWG URL Standard (#4816)
• b3326b5 docs: fix syntax highlighting in WebSocket.md (#4814)
• 393c0da Bumped v7.21.0 (#4813)
• 47f9b96 fix: set finalizer only for fetch responses (#4803)
• Additional commits viewable in compare view

Updates viem from 2.38.3 to 2.46.2

Release notes

Sourced from viem's releases.

viem@2.46.2

Patch Changes

• 1a10fb7812cc13bd72495552c4a590aa5ce8cf15 Thanks @​jxom! - viem/tempo: Removed fee payer magic in favor of pure support for 0x78-prefixed fee payer envelopes.

viem@2.46.1

Patch Changes

• 44cbba75ab219c4e297f6cfd21c04f47548585e2 Thanks @​jxom! - Removed Ekta chain.

viem@2.46.0

Minor Changes

• #4304 b6b50d40fb6bbadc851377b74b2dd4da584958b0 Thanks @​jxom! - Breaking (viem/tempo): Renamed nonceKey: 'random' to nonceKey: 'expiring' to align with TIP-1009 terminology.

  TIP-1009 defines "expiring nonces" as time-based replay protection using validBefore timestamps. The name 'expiring' better describes the mechanism than 'random'.

  await sendTransaction(client, {
    account,
  - nonceKey: 'random',
  + nonceKey: 'expiring',
    to: '0x...',
  })

viem@2.45.3

Patch Changes

• #4329 d12bb351c0b8c973b995583695606f9d083af1bb Thanks @​sakulstra! - Added multicall batching support for getBalance via multicall3's getEthBalance. When the client has batch.multicall enabled, getBalance calls are now batched via eth_call instead of making individual eth_getBalance RPC calls.

• #4333 71a324d6b98332f4f98e10c9de4d61287de8534a Thanks @​kiyoakii! - Added blockCreated field to MegaETH Mainnet and Testnet multicall3 contract definitions.

• #4330 aab32a4a5eb3df06cdf8eab5d6f91259d438590b Thanks @​boredland! - Added blockCreated field to zkSync multicall3 contract.

viem@2.45.2

Patch Changes

• #4300 cc60e25ca55c022a56ed9e991ec23cb615593da6 Thanks @​LXPDevs! - Added LuxePorts chain.

• #4306 e3901661ba0442d6ae66c4d702396e8ee247d03f Thanks @​izharan-fireblocks! - Added WalletConnectSessionSettlementError as a non-retryable transport error.

• #4301 662215f12310c3c2b17424093d3f4922693432f2 Thanks @​xGreen-project! - Added XGR Mainnet chain.

• #4315 56d0920fd654ab93e89fff77769b0c982b8928d5 Thanks @​jxom! - Fixed sendCallsSync to respect client-level action overrides (e.g. smart account clients).

• #4294 8c3fa2684820c80e8908cc799fd47815594e4871 Thanks @​Oighty! - Added Citrea Mainnet chain support.

• #4321 059274e18c19270e7f7e98f0b087e7986d5a6dd7 Thanks @​highonrice! - Updated the native currency of Stable Mainnet.

... (truncated)

Commits

• c677096 chore: lockfile
• 2490fca chore: audit
• 719aa1d chore: pin tempo
• ef25164 chore: version package (#4347)
• 1a10fb7 feat(tempo): rm fee payer magic for 0x78-prefixed envelopes
• 72fbfc3 chore: version package (#4341)
• 44cbba7 chore: rm ekta
• 05f8817 fix: incorrect documentation for sendTransactionSync return type (#4339)
• 93981f7 chore: version package (#4338)
• 2a28a31 chore: up snap
• Additional commits viewable in compare view

Updates @nestjs/testing from 11.1.6 to 11.1.14

Release notes

Sourced from @​nestjs/testing's releases.

v11.1.14 (2026-02-17)

Bug fixes

• platform-fastify
  • #16384 fix(fastify): fastify middleware bypass cve (@​kamilmysliwiec)
• common
  • #16307 fix: logger print invalid context when no stack trace provided (@​JulienDuf)

Enhancements

• common
  • #16314 fix(common): change requestOrigin type (@​SpencerKaiser)

Committers: 5

• Julien Dufresne (@​JulienDuf)
• Kamil Mysliwiec (@​kamilmysliwiec)
• Mykhailo Skrypsky (@​mixator)
• Spencer Kaiser (@​SpencerKaiser)
• 조수민 (@​suuuuuuminnnnnn)

v11.1.13 (2026-02-03)

Bug fixes

• common
  • #16230 fix(common): Fix skipping maxArrayLength and maxStringLength option (@​chojs23)

Enhancements

• microservices
  • #16286 feat(microservices): support per-handler qos in mqtt (@​suuuuuuminnnnnn)
  • #16262 Feat/microservices configurable max buffer size (@​jobnow)
• common
  • #16202 fix(common): exclude built-in primitives from strip proto keys (@​som14062005)

Dependencies

• platform-fastify
  • #16282 fix(deps): update dependency fastify to v5.7.4 (@​renovate[bot])
• platform-express
  • #16241 fix(deps): update dependency cors to v2.8.6 (@​renovate[bot])

Committers: 6

• Lee Donghyun (@​devizi0)
• Mykhailo Skrypsky (@​mixator)
• Neo (@​chojs23)
• Praveen Somasundaram (@​som14062005)
• Ricardo Gomes (@​jobnow)
• 조수민 (@​suuuuuuminnnnnn)

v11.1.12 (2026-01-15)

Bug fixes

• common

... (truncated)

Commits

• 5d31df7 chore(release): publish v11.1.14 release
• 8d1c16c chore: update readme
• e3a958a chore(release): publish v11.1.13 release
• 96932ad chore(release): publish v11.1.12 release
• 585f55f chore: revert lerna version
• fef323b chore(release): publish v11.1.11 release
• de5e026 chore(@​nestjs) publish v11.1.10 release
• 5045fea chore: update eslint monorepo
• 64c8552 chore(@​nestjs) publish v11.1.9 release
• 68cd545 chore(@​nestjs) publish v11.1.8 release
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions