You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This update includes multiple major version upgrades with significant breaking changes that require developer action.
Highlights
tap 11.1.5 → 18.0.0 (HIGH RISK): This is a major overhaul across seven major versions, introducing numerous breaking changes. Test configurations, CI scripts, and potentially test code will need to be updated.
express-fileupload 0.0.5 → 1.1.10 (HIGH RISK): This upgrade removes support for application/x-www-form-urlencoded, making the library a multipart-only solution. It also drops support for older Node.js versions.
Detailed Analysis
tap 11.1.5 → 18.0.0
This upgrade spans multiple major versions (v12 through v18) and is considered a major overhaul of the framework. Developers should expect to make significant changes to their testing setup.
Key Breaking Changes:
Coverage Enforcement: Coverage is now enabled by default and requires 100% coverage, which will likely break builds that do not meet this threshold. This can be configured.
Configuration: The configuration system has been significantly changed. Options related to nyc are removed as tap now uses c8. The method for specifying test files has changed from regular expressions (test-regexp) to glob patterns (include/exclude).
ES Modules: Switched from @std/esm to native ES Modules, which may require changes to how tests are written and run.
API and CLI Changes: Assertion synonyms have been moved to an optional plugin (@tapjs/synonyms). Callbacks have been removed from t.beforeEach and t.afterEach. The CLI has been updated with new commands like tap report and tap replay.
Node.js Version: Support for Node.js versions below 12 has been dropped in v16.0.
Recommendation: Allocate time to carefully migrate your test suite. Review the official tap changelogs and the v18 upgrade guide to address all breaking changes. Start by updating your configuration files (package.json or .taprc) and CI scripts to handle the new coverage and file matching settings.
This upgrade introduces critical breaking changes, primarily by narrowing the scope of the library.
Key Breaking Changes:
Multipart Only: As of version 0.1.0, support for application/x-www-form-urlencoded has been completely removed. The library is now strictly for multipart/form-data uploads. If you rely on this for urlencoded forms, you must use a different middleware like body-parser.
Node.js Support: Support for Node.js versions below v4 was dropped in v0.1.0, and the latest version requires Node.js >=12.0.0.
MD5 Property: The md5 property on the file object changed from a string to a function in v1.0.0 and was later reverted to a checksum string in v1.1.1. The target version 1.1.10 uses a string checksum, which aligns with the original behavior in 0.0.5, but be aware of this fluctuation if targeting intermediate versions.
Recommendation: Verify that all uses of express-fileupload are for multipart file uploads. If you were using it to parse x-www-form-urlencoded data, you must add another middleware (e.g., express.urlencoded()) to handle those requests.
Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.
Snyk changed the following file(s):
package.jsonpackage-lock.jsonVulnerabilities that will be fixed with an upgrade:
SNYK-JS-MINIMATCH-15353389
Breaking Change Risk
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.