SWI-3723 [Snyk] Security upgrade @nestjs/platform-express from 8.4.7 to 11.1.16

[bwappsec]

Snyk has created this PR to fix 3 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• samples/client/petstore/typescript-nestjs-v8-provided-in-root/builds/default/package.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Uncontrolled Recursion SNYK-JS-MULTER-15417528	125
	Missing Release of Resource after Effective Lifetime SNYK-JS-MULTER-15365916	124
	Incomplete Cleanup SNYK-JS-MULTER-15365918	124

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[bwappsec]

This is a major upgrade from version 8.x to 11.x, introducing significant breaking changes across multiple versions. Developer action is required to ensure compatibility.

Key Breaking Changes:

• Node.js Version: Support for Node.js versions 10, 12, 16, and 18 has been dropped across these major releases. NestJS v10 requires Node.js v16+, and v11 drops support for v16 and v18.
• Express v5 Integration (v11): NestJS v11 uses Express v5 by default, which introduces breaking changes to the route matching algorithm. For example, wildcard routes (*) must now be named (e.g., '/users/*splat').
• CacheModule Changes (v10 & v11):
  • In v10, CacheModule was extracted from @nestjs/common into a separate @nestjs/cache-manager package. Imports must be updated.
  • In v11, the underlying caching library was updated, which may change how cached data is structured and stored.
• TypeScript Version: As of v10, CLI plugins (e.g., for Swagger) require TypeScript v4.8 or higher.
• Removed Deprecations: All APIs deprecated in v8 were removed in subsequent versions.

Recommendation:
This upgrade requires careful planning and testing. Developers must:

1. Ensure the runtime environment uses a supported Node.js version.
2. Review and update all route definitions, especially those using wildcards, to be compatible with Express v5.
3. Update code to import CacheModule from @nestjs/cache-manager and verify caching behavior.
4. Address any usage of APIs that were deprecated in v8.

Source: NestJS Migration Guides

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[bwappsec]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.