chore(deps): bump the dependencies group with 6 updates

[dependabot]

Bumps the dependencies group with 6 updates:

Package	From	To
@nestjs/common	11.1.12	11.1.13
@nestjs/core	11.1.12	11.1.13
@nestjs/platform-express	11.1.12	11.1.13
@nestjs/swagger	11.2.5	11.2.6
axios	1.13.4	1.13.5
dotenv	17.2.3	17.2.4

Updates @nestjs/common from 11.1.12 to 11.1.13

Release notes

Sourced from @​nestjs/common's releases.

v11.1.13 (2026-02-03)

Bug fixes

• common
  • #16230 fix(common): Fix skipping maxArrayLength and maxStringLength option (@​chojs23)

Enhancements

• microservices
  • #16286 feat(microservices): support per-handler qos in mqtt (@​suuuuuuminnnnnn)
  • #16262 Feat/microservices configurable max buffer size (@​jobnow)
• common
  • #16202 fix(common): exclude built-in primitives from strip proto keys (@​som14062005)

Dependencies

• platform-fastify
  • #16282 fix(deps): update dependency fastify to v5.7.4 (@​renovate[bot])
• platform-express
  • #16241 fix(deps): update dependency cors to v2.8.6 (@​renovate[bot])

Committers: 6

• Lee Donghyun (@​devizi0)
• Mykhailo Skrypsky (@​mixator)
• Neo (@​chojs23)
• Praveen Somasundaram (@​som14062005)
• Ricardo Gomes (@​jobnow)
• 조수민 (@​suuuuuuminnnnnn)

Commits

• e3a958a chore(release): publish v11.1.13 release
• d88856c test(common): add unit tests for class serializer interceptor
• a1f6162 Merge pull request #16202 from som14062005/fix/issue-16195
• 8222634 refactor: move built-in types to module-level constant
• 979a8e2 fix(common): Fix skipping maxArrayLength and maxStringLength option
• 8fb17f5 fix(common): exclude built-in primitives from strip proto keys
• 16296b9 fix(common): exclude built-in primitives from strip proto keys
• See full diff in compare view

Updates @nestjs/core from 11.1.12 to 11.1.13

Release notes

Sourced from @​nestjs/core's releases.

v11.1.13 (2026-02-03)

Bug fixes

• common
  • #16230 fix(common): Fix skipping maxArrayLength and maxStringLength option (@​chojs23)

Enhancements

• microservices
  • #16286 feat(microservices): support per-handler qos in mqtt (@​suuuuuuminnnnnn)
  • #16262 Feat/microservices configurable max buffer size (@​jobnow)
• common
  • #16202 fix(common): exclude built-in primitives from strip proto keys (@​som14062005)

Dependencies

• platform-fastify
  • #16282 fix(deps): update dependency fastify to v5.7.4 (@​renovate[bot])
• platform-express
  • #16241 fix(deps): update dependency cors to v2.8.6 (@​renovate[bot])

Committers: 6

• Lee Donghyun (@​devizi0)
• Mykhailo Skrypsky (@​mixator)
• Neo (@​chojs23)
• Praveen Somasundaram (@​som14062005)
• Ricardo Gomes (@​jobnow)
• 조수민 (@​suuuuuuminnnnnn)

Commits

• e3a958a chore(release): publish v11.1.13 release
• db9494a perf(core): use set instead of array for module registry lookup
• 909b504 test(core): add unit tests for discovery service
• See full diff in compare view

Updates @nestjs/platform-express from 11.1.12 to 11.1.13

Release notes

Sourced from @​nestjs/platform-express's releases.

v11.1.13 (2026-02-03)

Bug fixes

• common
  • #16230 fix(common): Fix skipping maxArrayLength and maxStringLength option (@​chojs23)

Enhancements

• microservices
  • #16286 feat(microservices): support per-handler qos in mqtt (@​suuuuuuminnnnnn)
  • #16262 Feat/microservices configurable max buffer size (@​jobnow)
• common
  • #16202 fix(common): exclude built-in primitives from strip proto keys (@​som14062005)

Dependencies

• platform-fastify
  • #16282 fix(deps): update dependency fastify to v5.7.4 (@​renovate[bot])
• platform-express
  • #16241 fix(deps): update dependency cors to v2.8.6 (@​renovate[bot])

Committers: 6

• Lee Donghyun (@​devizi0)
• Mykhailo Skrypsky (@​mixator)
• Neo (@​chojs23)
• Praveen Somasundaram (@​som14062005)
• Ricardo Gomes (@​jobnow)
• 조수민 (@​suuuuuuminnnnnn)

Commits

• e3a958a chore(release): publish v11.1.13 release
• 58c761a fix(deps): update dependency cors to v2.8.6
• See full diff in compare view

Updates @nestjs/swagger from 11.2.5 to 11.2.6

Release notes

Sourced from @​nestjs/swagger's releases.

11.2.6

What's Changed

• feat: support adding custom fields on the servers[*] entry by @​micalevisk in nestjs/swagger#3715
• fix(decorator) add string literal types to ApiQueryOptions for autoco… by @​wanderer-s in nestjs/swagger#3707
• feat: add type definition for format option in @​ApiProperty decorator by @​ismaildasci in nestjs/swagger#3697
• fix(deps): update dependency lodash to v4.17.23 [security] by @​renovate[bot] in nestjs/swagger#3705

New Contributors

• @​wanderer-s made their first contribution in nestjs/swagger#3707
• @​ismaildasci made their first contribution in nestjs/swagger#3697

Full Changelog: nestjs/swagger@11.2.5...11.2.6

Commits

• 3281744 chore(): release v11.2.6
• bca62d9 Merge pull request #3705 from nestjs/renovate/npm-lodash-vulnerability
• b06e08a Merge pull request #3697 from ismaildasci/feat/add-format-type-definition
• 0eeb8af Merge pull request #3707 from wanderer-s/fix/api_query_type
• 4869d1b Merge pull request #3715 from micalevisk/feat/add-server-custom-fields
• 8c64c72 chore(deps): update nest monorepo to v11.1.13 (#3722)
• 128aac4 chore(deps): update dependency @​types/node to v24.10.10 (#3721)
• 61fec42 chore(deps): update dependency fastify to v5.7.4 (#3720)
• d453a02 chore(deps): update commitlint monorepo to v20.4.1 (#3718)
• 1447671 fix(deps): update dependency lodash to v4.17.23 [security]
• Additional commits viewable in compare view

Updates axios from 1.13.4 to 1.13.5

Release notes

Sourced from axios's releases.

v1.13.5

Release 1.13.5

Highlights

• Security: Fixed a potential Denial of Service issue involving the __proto__ key in mergeConfig. (PR #7369)
• Bug fix: Resolved an issue where AxiosError could be missing the status field on and after v1.13.3. (PR #7368)

Changes

Security

• Fix Denial of Service via __proto__ key in mergeConfig. (PR #7369)

Fixes

• Fix/5657. (PR #7313)
• Ensure status is present in AxiosError on and after v1.13.3. (PR #7368)

Features / Improvements

• Add input validation to isAbsoluteURL. (PR #7326)
• Refactor: bump minor package versions. (PR #7356)

Documentation

• Clarify object-check comment. (PR #7323)
• Fix deprecated Buffer constructor usage and README formatting. (PR #7371)

CI / Maintenance

• Chore: fix issues with YAML. (PR #7355)
• CI: update workflow YAMLs. (PR #7372)
• CI: fix run condition. (PR #7373)
• Dev deps: bump karma-sourcemap-loader from 0.3.8 to 0.4.0. (PR #7360)
• Chore(release): prepare release 1.13.5. (PR #7379)

New Contributors

• @​sachin11063 (first contribution — PR #7323)
• @​asmitha-16 (first contribution — PR #7326)

Full Changelog: axios/axios@v1.13.4...v1.13.5

Commits

• 29f7542 chore(release): prepare release 1.13.5 (#7379)
• 431c3a3 ci: fix run condition (#7373)
• 9ff3a78 ci: update ymls (#7372)
• 265b712 docs: fix deprecated Buffer constructor and formatting issues in README (#7371)
• 475e75a feat: add input validation to isAbsoluteURL (#7326)
• 28c7215 fix: Denial of Service via proto Key in mergeConfig (#7369)
• 04cf019 docs: clarify object check comment (#7323)
• 696fa75 fix: status is missing in AxiosError on and after v1.13.3 (#7368)
• 569f028 fix: added a option to choose between legacy and the new request/response int...
• 44b7c9f chore(deps-dev): bump karma-sourcemap-loader (#7360)
• Additional commits viewable in compare view

Updates dotenv from 17.2.3 to 17.2.4

Changelog

Sourced from dotenv's changelog.

17.2.4 (2026-02-05)

Changed

• Make DotenvPopulateInput accept NodeJS.ProcessEnv type (#915)

• Give back to dotenv by checking out my newest project vestauth. It is auth for agents. Thank you for using my software.

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.