Skip to content

[Snyk] Fix for 1 vulnerabilities#289

Open
rvu-snyk wants to merge 1 commit intomasterfrom
snyk-fix-c9a94fceebab1d81b4ca96e883dfd02c
Open

[Snyk] Fix for 1 vulnerabilities#289
rvu-snyk wants to merge 1 commit intomasterfrom
snyk-fix-c9a94fceebab1d81b4ca96e883dfd02c

Conversation

@rvu-snyk
Copy link

@rvu-snyk rvu-snyk commented Feb 27, 2026

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

  • packages/koa-tracer/package.json
  • packages/koa-tracer/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

Issue Score
high severity Inefficient Algorithmic Complexity
SNYK-JS-MINIMATCH-15353389		   828  

Breaking Change Risk

Merge Risk: High

Notice: This assessment is enhanced by AI.

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

@snyk-bot
fix: packages/koa-tracer/package.json & packages/koa-tracer/package-l…
2b69ef6 
…ock.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-MINIMATCH-15353389
@rvu-snyk
Copy link
Author

rvu-snyk commented Feb 27, 2026

Merge Risk: High

This upgrade includes a high-risk major version update for Jest and a medium-risk update for del-cli.

jest@29.7.0 → jest@30.0.0 (High Risk)

This is a major update with significant breaking changes requiring code and configuration modifications.

Key Breaking Changes:

  • Environment: Support for Node.js versions 14, 16, 19, and 21 has been dropped. The new minimum required version is Node.js 18.
  • API & Matchers:
    • Deprecated matcher aliases have been removed (e.g., toBeCalled() is now toHaveBeenCalled()). An autofixer in eslint-plugin-jest can help with this migration.
    • expect.objectContaining() no longer works with arrays.
    • jest.mock() is now case-sensitive for module paths.
  • DOM Environment: jest-environment-jsdom was upgraded significantly (v21 to v26), which may affect tests that mock DOM properties like window.location.
  • CLI: The --testPathPattern flag has been renamed to --testPathPatterns.
  • Snapshots: Snapshot formats have changed, which will require updates.

Recommendation: Review the official migration guide. Plan for code refactoring to address the matcher changes, update your Node.js environment, and regenerate snapshots.

Source: Jest 30 Release Announcement, Migration Guide

del-cli@5.1.0 → del-cli@6.0.0 (Medium Risk)

This major version upgrade introduces a breaking change related to the runtime environment.

  • Environment: Requires Node.js version 18 or later.

Recommendation: Ensure your deployment and development environments are running Node.js 18+ before upgrading.

Source: del-cli v6.0.0 Release Notes

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rvu-snyk @snyk-bot