Modernize NestJS from 7.4.2 to 10.4.19 and TypeORM from 0.2.25 to 0.3.20

[devin-ai-integration]

Modernize NestJS from 7.4.2 to 10.4.19 and TypeORM from 0.2.25 to 0.3.20

Summary

This PR modernizes the banking application's core dependencies from legacy versions to latest stable releases, addressing security vulnerabilities and enabling access to modern framework features. The upgrade spans multiple breaking changes requiring systematic migration of repository patterns, security middleware, and module configurations.

Key Changes:

• NestJS Framework: 7.4.2 → 10.4.19 (latest stable v10.x)
• TypeORM: 0.2.25 → 0.3.20 with complete repository pattern migration
• Security Dependencies: Updated bcrypt, helmet, @nestjs/jwt, passport-jwt to latest versions
• Breaking Change Migrations: Replaced deprecated @entityrepository with @InjectRepository patterns across all services
• Infrastructure Updates: New TypeORM CLI commands, updated HTTP client, modernized build toolchain

Review & Testing Checklist for Human

⚠️ CRITICAL: This PR contains significant architectural changes that require thorough testing before deployment.

• Database Connection & Migration Testing - Verify database connectivity works and existing migration scripts execute properly with TypeORM 0.3.x CLI
• Authentication Flow End-to-End - Test login, JWT token generation/validation, and protected route access to ensure security middleware updates didn't break auth
• Core Banking Operations - Verify transaction creation, bill management, currency exchange, and account balance calculations work correctly
• Migration Script Execution - Run yarn migration:run and yarn migration:generate to ensure TypeORM CLI changes work properly
• Performance Baseline - Compare memory usage and response times against previous version to detect any performance regressions

Recommended Test Plan:

1. Start application with database connection
2. Create test user account and login
3. Create bills, perform transactions between accounts
4. Generate and execute a test migration
5. Verify all API endpoints return expected responses

Diagram

%%{ init : { "theme" : "default" }}%%
graph TB
    subgraph "Core Dependencies"
        PJ["package.json<br/>Major version bumps"]:::major-edit
        YL["yarn.lock<br/>Dependency resolution"]:::minor-edit
        TS["tsconfig.json<br/>Compiler options"]:::minor-edit
    end
    
    subgraph "TypeORM Migration"
        ORM["src/utils/ormconfig.ts<br/>DataSource pattern"]:::major-edit
        APP["src/modules/app/index.ts<br/>TypeORM config"]:::major-edit
    end
    
    subgraph "Service Layer"
        US["src/modules/user/services/<br/>Repository injection"]:::major-edit
        TS_SVC["src/modules/transaction/services/<br/>Repository injection"]:::major-edit
        BS["src/modules/bill/services/<br/>Repository injection"]:::major-edit
        MS["src/modules/message/services/<br/>Repository injection"]:::major-edit
    end
    
    subgraph "Security & Auth"
        MAIN["src/main.ts<br/>Helmet & rate limiting"]:::major-edit
        JWT["src/modules/auth/strategies/<br/>JWT strategy"]:::context
    end
    
    PJ --> ORM
    ORM --> US
    ORM --> TS_SVC
    ORM --> BS
    ORM --> MS
    MAIN --> JWT
    
    subgraph Legend
        L1["Major Edit"]:::major-edit
        L2["Minor Edit"]:::minor-edit
        L3["Context/No Edit"]:::context
    end
    
    classDef major-edit fill:#90EE90
    classDef minor-edit fill:#87CEEB
    classDef context fill:#FFFFFF

Loading

Notes

Migration Strategy Used:

• Systematic replacement of @EntityRepository → @InjectRepository(Entity) pattern
• Updated all service constructors to use Repository<Entity> instead of custom repository classes
• Maintained existing query builder patterns and business logic
• Preserved circular dependency handling with forwardRef()

Potential Breaking Changes:

• TypeORM CLI commands changed (migration scripts updated in package.json)
• Helmet security headers may have different defaults
• HTTP client behavior might differ slightly with @nestjs/axios

Testing Limitations:

• Database connection unavailable in development environment
• Runtime banking operations not tested due to DB connectivity issues
• Migration scripts not executed (require DB connection)

Session Info:

• Requested by: Arthur Poon (@akkp-windsurf)
• Devin Session: https://app.devin.ai/sessions/d1341f69df134a5fb603c6ffedefa7d7

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring