[Snyk] Upgrade nodemon from 3.0.1 to 3.1.10

[codingdud]

Snyk has created this PR to upgrade nodemon from 3.0.1 to 3.1.10.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 13 versions ahead of your current version.

• The recommended version was released 5 months ago.

Release notes

Package name: nodemon

• 3.1.10 - 2025-04-23
  

  3.1.10 (2025-04-23)

  Bug Fixes

  • update types and jsdocs (#2232) (297c7c7), closes #2231
• 3.1.9 - 2024-12-13
  

  3.1.9 (2024-12-13)

  Bug Fixes

  • maintain backward support for exitcrash (9c9de6e)
• 3.1.8 - 2024-12-13
  

  3.1.8 (2024-12-13)

  Bug Fixes

  • types updated (cb91187)
• 3.1.7 - 2024-09-20
  

  3.1.7 (2024-09-20)

  Bug Fixes

  • types for export on ESModule (#2211) (9b0606a)
• 3.1.6 - 2024-09-19
  

  3.1.6 (2024-09-19)

  Bug Fixes

  • watch nested paths (11fcaaa), closes #2216
• 3.1.5 - 2024-09-17
  

  3.1.5 (2024-09-17)

  Bug Fixes

  • add missing ignore option to type defintion of config (#2224) (254c2ab)
• 3.1.4 - 2024-06-20
  

  3.1.4 (2024-06-20)

  Bug Fixes

  • ensure local env have priority (6020968), closes #2209
• 3.1.3 - 2024-06-03
  

  3.1.3 (2024-06-03)

  Bug Fixes

  • cast the nodemon function as Nodemon type (eaa1d54), closes #2206
• 3.1.2 - 2024-05-29
  

  3.1.2 (2024-05-29)

  Bug Fixes

  • Type exports correctly (#2207) (789663c), closes #2206
• 3.1.1 - 2024-05-25
  

  3.1.1 (2024-05-25)

  Bug Fixes

  • add types to help with required nodemon usage (#2204) (cd27c0b)
• 3.1.0 - 2024-02-22
• 3.0.3 - 2024-01-16
• 3.0.2 - 2023-12-01
• 3.0.1 - 2023-07-09

from nodemon GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
simpform	Error			Sep 15, 2025 6:41am

[gemini-code-assist]

Summary of Changes

Hello @codingdud, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request, automatically generated by Snyk, updates the nodemon development dependency to its latest stable version, 3.1.10. This upgrade aims to keep the project's dependencies current, incorporating numerous bug fixes and type definition enhancements from the nodemon project, thereby improving stability and developer experience.

Highlights

• Nodemon Upgrade: The nodemon package has been upgraded from version 3.0.1 to 3.1.10.
• Dependency Updates: The debug dependency, nested within nodemon, was updated from 3.2.7 to 4.4.3, and its sub-dependency ms was updated from 2.1.1 to 2.1.3.
• Bug Fixes and Type Improvements: The upgrade incorporates various bug fixes and type definition enhancements from the nodemon project, addressing issues related to type exports, nested path watching, and configuration type definitions, as detailed in the release notes.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in issue comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request from Snyk upgrades the nodemon dependency. The change itself is a straightforward and safe version bump. However, I've noticed that nodemon is currently listed under dependencies instead of devDependencies. I've added a review comment with a suggestion to correct this, as development tools should not be part of a production build. This change will help optimize your application's production deployment.

[gemini-code-assist]

nodemon is a development utility and should be listed under devDependencies rather than dependencies. Including it in dependencies results in it being installed in production environments, which is unnecessary. This inflates the production image size and increases the potential attack surface.

Your Dockerfile uses supervisor to run the application, so nodemon is not used in the production container, further strengthening the case for this change.

To address this, please move nodemon to a new devDependencies section in your package.json.

Example:

  "dependencies": {
    "cors": "^2.8.5",
    "dotenv": "^16.3.1",
    "express": "^4.21.0",
    "mongodb": "^5.7.0",
    "mongoose": "^7.6.11"
  },
  "devDependencies": {
    "nodemon": "^3.1.10"
  }