SWI-3723 [Snyk] Security upgrade @nestjs/platform-express from 6.11.11 to 11.1.16

[bwappsec]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• samples/client/petstore/typescript-nestjs-v6-provided-in-root/builds/default/package.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Uncontrolled Recursion SNYK-JS-MULTER-15417528	124

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[bwappsec]

This is a major upgrade from version 6 to 11, introducing numerous significant breaking changes that require mandatory code modifications, environment updates, and careful testing. A direct upgrade is not recommended without a thorough migration plan.

Key Breaking Changes & Required Actions:

• Node.js Runtime: Support for Node.js v12 was dropped in NestJS v10. You must be on Node.js v16 or higher to use the target version.

• Express v5 Integration (from v11): The underlying Express framework has been upgraded to v5, which changes how routes are matched.

  • Action Required: Routes using unnamed wildcards (*) must be updated to use named parameters (e.g., app/users/* becomes app/users/*splat).
  • The optional character (?) in routes is no longer supported.

• Module Relocations: Several core modules have been moved to standalone packages. You will need to update your package dependencies and imports.

  • HttpModule and HttpService must now be imported from @nestjs/axios instead of @nestjs/common.
  • CacheModule was moved from @nestjs/common to @nestjs/cache-manager in v10.

• Cache Module Overhaul (from v11): The CacheModule was updated to use cache-manager v6, which introduces a new configuration structure based on Keyv for defining cache stores.

• Configuration Precedence (from v11): The order in which ConfigService#get reads variables has changed, which could alter how your application is configured if you rely on environment variable overrides.

• Lifecycle Hook Order (from v11): The execution order of termination lifecycle hooks like OnModuleDestroy and OnApplicationShutdown has been reversed, which could impact resource cleanup logic.

Recommendation: This upgrade spans five major versions and introduces substantial breaking changes. Treat this as a major migration project. We recommend upgrading incrementally (e.g., 6 -> 7, 7 -> 8, etc.) and consulting the official NestJS migration guides for each version to address all changes systematically.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[bwappsec]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.