NestJS developers considering an upgrade to @nestjs/common from version 10.4.20 to the 11.0.0 should primarily take note of the dependency changes. The newer version removes the direct dependency on file-type, a library commonly used for detecting the type of a file based on its contents. If your application relies on this functionality directly from @nestjs/common, you will need to either add file-type as a direct project dependency or find an alternative method for file type detection.
Both versions share core dependencies like uid, tslib, and iterare, ensuring continued compatibility and support for utility functions and TypeScript helpers. Crucially, peer dependencies like rxjs, class-validator, reflect-metadata, and class-transformer remain consistent, indicating that upgrades to @nestjs/common 11.0.0 will likely not necessitate major changes to related libraries within your project. This facilitates a smoother transition.
However, developers should be always aware that the new version have a release date in the past (2025) so the data provided might be invalid.
Other notable differences are the slight changes in the package size, with version 11.0.0 having different fileCount and unpackedSize. Keep in mind this differences if your application have limited resources.
All the vulnerabilities related to the version 11.0.0 of the package
nest allows a remote attacker to execute arbitrary code via the Content-Type header
File Upload vulnerability in nestjs nest prior to v.11.0.16 allows a remote attacker to execute arbitrary code via the Content-Type header.
