Bump multer, @nestjs/core and @nestjs/platform-express in /apps/api

[dependabot]

Bumps multer to 2.1.1 and updates ancestor dependencies multer, @nestjs/core and @nestjs/platform-express. These dependencies need to be updated together.

Updates multer from 2.0.2 to 2.1.1

Release notes

Sourced from multer's releases.

v2.1.1

Important

• Fix CVE-2026-3520 (GHSA-5528-5vmv-3xc2)

What's Changed

• chore: add node version to 25.x in CI by @​imangas in expressjs/multer#1372
• chore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.3 by @​dependabot[bot] in expressjs/multer#1378
• chore(deps): bump coverallsapp/github-action from 1.2.5 to 2.3.6 by @​dependabot[bot] in expressjs/multer#1377
• chore(deps): bump github/codeql-action from 3.24.7 to 4.32.4 by @​dependabot[bot] in expressjs/multer#1376
• chore(deps): bump actions/upload-artifact from 4.5.0 to 7.0.0 by @​dependabot[bot] in expressjs/multer#1375
• chore(deps): bump actions/checkout from 4.1.1 to 6.0.2 by @​dependabot[bot] in expressjs/multer#1374
• fix error/abort handling by @​ctcpip in expressjs/multer#1373
• 2.1.1 by @​UlisesGascon in expressjs/multer#1380

New Contributors

• @​imangas made their first contribution in expressjs/multer#1372
• @​dependabot[bot] made their first contribution in expressjs/multer#1378

Full Changelog: expressjs/multer@v2.1.0...v2.1.1

v2.1.0

Important

• Fix CVE-2026-2359 (GHSA-v52c-386h-88mc)
• Fix CVE-2026-3304 (GHSA-xf7r-hgr6-v32p)

What's Changed

• chore: add funding to package.json by @​bjohansebas in expressjs/multer#1346
• chore: drop mkdirp dependency by @​wojtekmaj in expressjs/multer#1350
• chore: drop object-assign dependency by @​wojtekmaj in expressjs/multer#1351
• chore: drop xtend dependency by @​wojtekmaj in expressjs/multer#1352
• chore(gitignore): ignore .nyc_output directory by @​ShubhamOulkar in expressjs/multer#1332
• Fix typo in README-vi.md regarding file upload by @​Kunniii in expressjs/multer#1366
• Fix typo in README-pt-br.md for array method by @​matheushbm192 in expressjs/multer#1367
• headers-support-utf8 by @​Doc999tor in expressjs/multer#1210
• Add Turkish translation (README-tr.md) by @​Sabandogan in expressjs/multer#1360
• Release: 2.1.0 by @​UlisesGascon in expressjs/multer#1371

New Contributors

• @​wojtekmaj made their first contribution in expressjs/multer#1350
• @​ShubhamOulkar made their first contribution in expressjs/multer#1332
• @​Kunniii made their first contribution in expressjs/multer#1366
• @​matheushbm192 made their first contribution in expressjs/multer#1367
• @​Doc999tor made their first contribution in expressjs/multer#1210
• @​Sabandogan made their first contribution in expressjs/multer#1360

Full Changelog: expressjs/multer@v2.0.2...v2.1.0

Changelog

Sourced from multer's changelog.

2.1.1

• Fix CVE-2026-3520 (GHSA-5528-5vmv-3xc2)
• fix error/abort handling

2.1.0

• Add defParamCharset option for UTF-8 filename support (#1210)
• Fix CVE-2026-2359 (GHSA-v52c-386h-88mc)
• Fix CVE-2026-3304 (GHSA-xf7r-hgr6-v32p)

Commits

• 368c8a1 2.1.1 (#1380)
• 7e66481 🐛 fix recursion issue
• 643571e ✅ add explicit test for client able to send body without abrupt disconnect
• e86fa52 fix error/abort handling
• ca37779 chore(deps): bump actions/checkout from 4.1.1 to 6.0.2 (#1374)
• 13088f4 chore(deps): bump actions/upload-artifact from 4.5.0 to 7.0.0 (#1375)
• bc6a1d1 chore(deps): bump github/codeql-action from 3.24.7 to 4.32.4 (#1376)
• c496e93 chore(deps): bump coverallsapp/github-action from 1.2.5 to 2.3.6 (#1377)
• fa173d3 chore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.3 (#1378)
• 17d7f51 chore: add node version to 25.x in CI
• Additional commits viewable in compare view

Updates @nestjs/core from 10.4.22 to 11.1.17

Release notes

Sourced from @​nestjs/core's releases.

v11.1.17 (2026-03-16)

Enhancements

• microservices
  • #16218 feat(microservices): add redis driver identification (@​vchomakov)

Bugs

• platform-fastify
  • auto-run middleware for HEAD requests as fastify redirects them to GET handlers (effectively skipping middleware execution) nestjs/nest@cbdf737 (@​kamilmysliwiec)

Dependencies

• common
  • #16567 fix(deps): update dependency file-type to v21.3.2 (@​renovate[bot])
• platform-fastify
  • #16533 fix(deps): update dependency fastify to v5.8.2 (@​renovate[bot])

Committers: 3

• Rohan Santhosh Kumar (@​Rohan5commit)
• Vasil Chomakov (@​vchomakov)
• Kamil Mysliwiec (@​kamilmysliwiec)

v11.1.16 (2026-03-05)

Bug fixes

• microservices
  • #16506 fix(microservices): fix double callback when isdisposed or err is truthy (@​LhonRafaat)

Dependencies

• platform-express
  • #16507 fix(deps): update dependency multer to v2.1.1 (@​renovate[bot])

Committers: 2

• Lhon (@​LhonRafaat)
• Shahnoor Mujawar (@​shahnoormujawar)

v11.1.15

What's Changed

• fix(microservices): if indexOf return 0 will if will be falsy by @​cuiweixie in nestjs/nest#16401
• fix(microservices): introuduce max pattern depth and object complexity by @​kamilmysliwiec in nestjs/nest#16402
• chore(@​nestjs/core): allow override for initializeWildcardHandlersIfE… by @​StNekroman in nestjs/nest#16468
• chore(deps): update dependency @​fastify/middie to v9.2.0 [security] by @​renovate[bot] in nestjs/nest#16472
• fix(deps): update dependency multer to v2.1.0 [security] by @​renovate[bot] in nestjs/nest#16474

New Contributors

• @​cuiweixie made their first contribution in nestjs/nest#16401
• @​StNekroman made their first contribution in nestjs/nest#16468

Full Changelog: nestjs/nest@v11.1.14...v11.1.15

v11.1.14 (2026-02-17)

... (truncated)

Commits

• 447a373 chore(release): publish v11.1.17 release
• cbdf737 feat(core): auto run get middleware for head requests
• 315e698 chore(release): publish v11.1.16 release
• c9268ff Merge pull request #16493 from shahnoormujawar/fix/unknown-dependencies-messa...
• 6add3d6 chore(release): publish v11.1.15 release
• e5fc974 fix(core): refine unknown dependencies message token display
• 5d31df7 chore(release): publish v11.1.14 release
• 8d1c16c chore: update readme
• e3a958a chore(release): publish v11.1.13 release
• db9494a perf(core): use set instead of array for module registry lookup
• Additional commits viewable in compare view

Updates @nestjs/platform-express from 10.4.22 to 11.1.17

Release notes

Sourced from @​nestjs/platform-express's releases.

v11.1.17 (2026-03-16)

Enhancements

• microservices
  • #16218 feat(microservices): add redis driver identification (@​vchomakov)

Bugs

• platform-fastify
  • auto-run middleware for HEAD requests as fastify redirects them to GET handlers (effectively skipping middleware execution) nestjs/nest@cbdf737 (@​kamilmysliwiec)

Dependencies

• common
  • #16567 fix(deps): update dependency file-type to v21.3.2 (@​renovate[bot])
• platform-fastify
  • #16533 fix(deps): update dependency fastify to v5.8.2 (@​renovate[bot])

Committers: 3

• Rohan Santhosh Kumar (@​Rohan5commit)
• Vasil Chomakov (@​vchomakov)
• Kamil Mysliwiec (@​kamilmysliwiec)

v11.1.16 (2026-03-05)

Bug fixes

• microservices
  • #16506 fix(microservices): fix double callback when isdisposed or err is truthy (@​LhonRafaat)

Dependencies

• platform-express
  • #16507 fix(deps): update dependency multer to v2.1.1 (@​renovate[bot])

Committers: 2

• Lhon (@​LhonRafaat)
• Shahnoor Mujawar (@​shahnoormujawar)

v11.1.15

What's Changed

• fix(microservices): if indexOf return 0 will if will be falsy by @​cuiweixie in nestjs/nest#16401
• fix(microservices): introuduce max pattern depth and object complexity by @​kamilmysliwiec in nestjs/nest#16402
• chore(@​nestjs/core): allow override for initializeWildcardHandlersIfE… by @​StNekroman in nestjs/nest#16468
• chore(deps): update dependency @​fastify/middie to v9.2.0 [security] by @​renovate[bot] in nestjs/nest#16472
• fix(deps): update dependency multer to v2.1.0 [security] by @​renovate[bot] in nestjs/nest#16474

New Contributors

• @​cuiweixie made their first contribution in nestjs/nest#16401
• @​StNekroman made their first contribution in nestjs/nest#16468

Full Changelog: nestjs/nest@v11.1.14...v11.1.15

v11.1.14 (2026-02-17)

... (truncated)

Commits

• 447a373 chore(release): publish v11.1.17 release
• 315e698 chore(release): publish v11.1.16 release
• 24956b5 fix(deps): update dependency multer to v2.1.1
• 6add3d6 chore(release): publish v11.1.15 release
• 1c09faf fix(deps): update dependency multer to v2.1.0 [security]
• 5d31df7 chore(release): publish v11.1.14 release
• 8d1c16c chore: update readme
• e3a958a chore(release): publish v11.1.13 release
• 58c761a fix(deps): update dependency cors to v2.8.6
• 96932ad chore(release): publish v11.1.12 release
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.