feat: Bump dependencies

[TriPSs]

Summary by CodeRabbit

• Chores
  • Upgraded many dependencies across framework, ORM/ODM, GraphQL, linting, and build/tooling; added/synchronized dev tools for compatibility and stability.
• Features / Behavior
  • Refined "fetch all with negative limit" paging: when limit = -1 and offset = 0, both limit and offset are omitted to enable full-fetch behavior.
• Tests
  • Made test cleanup more explicit and added conditional DB-specific test suites for Postgres/MySQL.
• Documentation
  • Minor comment punctuation and wording refinements.

[coderabbitai]

Walkthrough

Updated dependency versions across the repo and tooling. Small runtime changes: TypeORM query service selects aliased ids for distinct updateMany, paging logic now omits offset when fetching all with negative limit and zero offset, tests use deleteAll() and added DB-specific guarded e2e tests. No public API signature changes. (≤50 words)

Changes

Cohort / File(s)	Summary
Dependency version bumps package.json	Many dependencies and devDependencies updated or added (NestJS, GraphQL/Apollo, ORMs: mongoose/sequelize/typeorm, DB drivers, Docusaurus, eslint/prettier/ts tooling, etc.). Versions and resolutions adjusted.
TypeORM query service tweak packages/query-typeorm/src/services/typeorm-query.service.ts	Replaced addSelect with an explicit select that aliases the id (e.g., id AS id) when deriving distinct ids for updateMany; comment punctuation refined. No API signature changes.
Paging logic adjustments packages/query-graphql/src/types/connection/.../limit-offset.pager-strategy.ts packages/query-graphql/src/types/connection/offset/pager/pager.ts	When enableFetchAllWithNegative is true and paging.limit === -1, code now deletes paging.limit; additionally, if paging.offset === 0 it also deletes paging.offset, altering the constructed paging object for "fetch all" with zero offset. Minor comment tweaks.
Test fixture deletion change packages/query-graphql/__tests__/integration/federation-n1/fixtures/test-data.ts	Replaced repository delete({}) calls with deleteAll() for TodoItem and TodoList to clear test data before seeding.
E2E test DB-specific guards examples/fetch-all-with-negative/e2e/todo-offset-fetch-all-enable.resolver.spec.ts	Wrapped offset-paging tests in describeIf guards for Postgres and MySQL to run DB-specific expectations; minor whitespace adjustments.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant Client
  participant OffsetPager
  participant QueryBuilder

  Note over OffsetPager: New handling for enableFetchAllWithNegative

  Client->>OffsetPager: createQuery(paging)
  alt enableFetchAllWithNegative && paging.limit == -1
    OffsetPager->>OffsetPager: delete paging.limit
    opt paging.offset == 0
      OffsetPager->>OffsetPager: delete paging.offset
    end
  end
  OffsetPager->>QueryBuilder: build query with resulting paging
  QueryBuilder-->>Client: return query/results

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

I hop through package vines and bumps,
nibbling versions, smoothing lumps.
I prune a select, tuck offset away,
sweep tests clean for a brighter day.
🥕 — a rabbit cheering the merge

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title “feat: Bump dependencies” accurately and concisely describes the primary purpose of the pull request, which is to update numerous package versions across the project. It directly reflects the broad dependency upgrades detailed in the diff without introducing extraneous information or ambiguity. The phrasing is clear and specific enough for teammates reviewing the history to understand the main change at a glance.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feature/update-deps

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[nx-cloud]

View your CI Pipeline Execution ↗ for commit 9fc783f

Command	Status	Duration	Result
nx run-many --target=e2e --all	✅ Succeeded	2m 3s	View ↗
nx run-many --target=test --all	✅ Succeeded	1m 32s	View ↗
nx run-many --target=build --all	✅ Succeeded	51s	View ↗
nx run-many --target=lint --all	✅ Succeeded	32s	View ↗
nx run workspace:version	✅ Succeeded	1s	View ↗

---

☁️ Nx Cloud last updated this comment at 2025-10-03 19:05:15 UTC

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

package.json (1)

18-34: Dependency bumps are sound; only Mongoose needs extra attention.

• NestJS v11.1.6 and TypeORM 0.3.27 introduce no breaking changes.
• Mongoose 8.10.0 has known test/runtime hang issues—upgrade to 8.10.1 or later, or thoroughly test connection shutdowns.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d000186 and 5cc38f0.

⛔ Files ignored due to path filters (1)

• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (2)

• package.json (3 hunks)
• packages/query-graphql/__tests__/integration/federation-n1/fixtures/test-data.ts (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (11)

• GitHub Check: check (23.x, test)
• GitHub Check: check (22.x, build)
• GitHub Check: check (23.x, lint)
• GitHub Check: check (23.x, build)
• GitHub Check: check (22.x, lint)
• GitHub Check: e2e-test (21.x, postgres)
• GitHub Check: e2e-test (21.x, mysql)
• GitHub Check: e2e-test (20.x, postgres)
• GitHub Check: check (22.x, test)
• GitHub Check: e2e-test (20.x, mysql)
• GitHub Check: Analyze

🔇 Additional comments (2)

packages/query-graphql/__tests__/integration/federation-n1/fixtures/test-data.ts (1)

9-10: LGTM! Proper migration to TypeORM's explicit API.

The change from delete({}) to deleteAll() correctly adopts TypeORM 0.3.x's more explicit repository API, improving code clarity and aligning with the dependency bump.

package.json (1)

39-117: Verify compatibility of upgraded devDependencies

• graphql 16.11.0: dropped positional args for graphql(), strips trailing newlines; update any affected call sites/tests.
• TypeScript ^5.9.3: patch only, but v5.9’s inference changes may surface new errors; run a full typecheck.
• @apollo/gateway & @apollo/subgraph 2.11.2: no breaking changes in these patches, but federation internals can change; validate supergraph composition and run integration/federation tests.

Run your test suite, schema composition, and integration smoke tests before rolling out to production.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

examples/fetch-all-with-negative/e2e/todo-offset-fetch-all-enable.resolver.spec.ts (1)

15-15: Consider using strict equality.

The describeIf helper uses loose equality (==). While this works for string comparisons, prefer strict equality (===) for consistency and to avoid potential type coercion issues.

Apply this diff:

-  const describeIf = (condition: boolean) => (condition ? describe : describe.skip)
+  const describeIf = (condition: boolean) => (condition ? describe : describe.skip)

Actually, looking closer, the condition parameter is already typed as boolean, so the comparison happens at the call site. The real issue is in the usage at lines 67 and 95:

-      describeIf(process.env.NESTJS_QUERY_DB_TYPE == 'postgres')('postgres', () => {
+      describeIf(process.env.NESTJS_QUERY_DB_TYPE === 'postgres')('postgres', () => {

-      describeIf(process.env.NESTJS_QUERY_DB_TYPE == 'mysql')('mysql', () => {
+      describeIf(process.env.NESTJS_QUERY_DB_TYPE === 'mysql')('mysql', () => {

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5cc38f0 and 9fc783f.

⛔ Files ignored due to path filters (1)

• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (4)

• examples/fetch-all-with-negative/e2e/todo-offset-fetch-all-enable.resolver.spec.ts (2 hunks)
• package.json (3 hunks)
• packages/query-graphql/src/types/connection/cursor/pager/strategies/limit-offset.pager-strategy.ts (1 hunks)
• packages/query-graphql/src/types/connection/offset/pager/pager.ts (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (11)

• GitHub Check: check (22.x, build)
• GitHub Check: check (23.x, test)
• GitHub Check: check (22.x, lint)
• GitHub Check: check (23.x, build)
• GitHub Check: e2e-test (20.x, postgres)
• GitHub Check: e2e-test (21.x, postgres)
• GitHub Check: check (23.x, lint)
• GitHub Check: e2e-test (20.x, mysql)
• GitHub Check: check (22.x, test)
• GitHub Check: e2e-test (21.x, mysql)
• GitHub Check: Analyze

🔇 Additional comments (7)

packages/query-graphql/src/types/connection/cursor/pager/strategies/limit-offset.pager-strategy.ts (2)

33-33: Minor wording improvement in comment.

The comment now says "if paging backwards" instead of the previous wording. This is clearer and more concise.

---

44-51: Verify downstream handling of omitted paging properties.
Automated search didn’t surface any uses of paging.limit/paging.offset in query executors—please confirm that all adapters (TypeORM, Sequelize, Mongoose, etc.) gracefully handle undefined limit/offset (e.g. default to no limit) to avoid unexpected behavior.

packages/query-graphql/src/types/connection/offset/pager/pager.ts (1)

73-80: Consistent paging refinement across strategies.

This logic mirrors the changes in limit-offset.pager-strategy.ts, ensuring both cursor-based and offset-based paging handle fetch-all scenarios consistently. The approach of omitting paging.limit and paging.offset when appropriate creates a cleaner query shape.

examples/fetch-all-with-negative/e2e/todo-offset-fetch-all-enable.resolver.spec.ts (2)

67-93: Database-specific test isolation looks good.

The Postgres test correctly validates that fetch-all with offset works and returns the expected 98 items (100 total - 2 offset). The hasPreviousPage: true assertion is correct given the offset > 0.

---

95-116: MySQL limitation correctly tested.

The test correctly validates that MySQL throws an error when attempting to use OFFSET without LIMIT, which is a known MySQL limitation. The error message check confirms the expected behavior.

package.json (2)

36-117: DevDependency updates look reasonable.

Extensive devDependency updates including:

• Testing tools: @types/supertest 6.0.3, supertest 7.1.4, ts-jest 29.4.4
• Build tools: typescript 5.9.3, ts-loader 9.5.4
• Linting: eslint-plugin-import 2.32.0, eslint-plugin-prettier 5.5.4
• Apollo: @apollo/gateway 2.11.2, @apollo/subgraph 2.11.2
• Docusaurus: 3.9.1 across the board

These are primarily patch and minor version updates, which should be low-risk.

---

18-34: No known security vulnerabilities in updated dependencies. All core packages (@nestjs/common, core, platform-express v11.1.6; @nestjs/graphql v13.2.0; mongoose 8.10.1; sequelize 6.37.7; typeorm 0.3.27) are on patched versions. Ensure compatibility across these updates and confirm that the e2e suite passes.