You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This release includes multiple major version upgrades with significant breaking changes. The upgrade for tap is a massive jump from v5 to v18, requiring a full migration. The express-fileupload upgrade also introduces notable breaking changes.
Highlights & Recommendations
tap@5.8.0 → tap@18.0.0 (HIGH RISK)
This is a complete overhaul of the testing framework with numerous breaking changes across multiple major versions. A simple upgrade is not possible; a full migration of test files and configuration is required.
Complete Rewrite: The library was rewritten in TypeScript, with native support for ESM and modern Node.js features.
Configuration Overhaul: Configuration files are significantly different. For example, test-regexp is replaced by include/exclude globs.
Coverage Engine Change: nyc has been replaced by c8. Coverage is now enabled by default, and missing coverage is treated as a test failure.
API Changes: Assertion synonyms have been removed, and lifecycle hooks like beforeEach no longer accept callbacks and must be synchronous or return a promise.
Recommendation: Treat this as a major project to migrate your test suite. Review the official changelog and upgrading guide carefully.
express-fileupload@0.0.5 → express-fileupload@1.1.10 (HIGH RISK)
This upgrade crosses the 1.0.0 boundary and introduces critical breaking changes.
Multipart Only: As of v0.1.0, support for application/x-www-form-urlencoded has been completely removed. The library now only handles multipart/form-data requests.
API Change (.md5): The md5 property on the file object was changed from a string to a function in v1.0.0, and then reverted to a string checksum in v1.1.1. Your code may break depending on which version's behavior it relied upon.
Node.js Support: Support for Node.js versions older than v4 is dropped.
Recommendation: Verify that your application does not rely on this middleware for urlencoded form parsing. Check any usage of the .md5 file property.
snyk@1.290.2 → snyk@1.996.0 (LOW RISK)
While this is a large version jump, it occurs within a single major version (v1). According to Snyk's official policy, breaking changes are reserved for major version updates. This upgrade consists of accumulated features, bug fixes, and performance improvements, and brings the CLI back into the 12-month supported version window.
Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.
Snyk changed the following file(s):
package.jsonpackage-lock.jsonVulnerabilities that will be fixed with an upgrade:
SNYK-JS-MINIMATCH-15353389
Breaking Change Risk
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.