Skip to content

[Snyk] Security upgrade jest from 29.7.0 to 30.0.0#299

Open
rvu-snyk wants to merge 1 commit intomasterfrom
snyk-fix-f438c76a7a12a64fafde24176b217c4d
Open

[Snyk] Security upgrade jest from 29.7.0 to 30.0.0#299
rvu-snyk wants to merge 1 commit intomasterfrom
snyk-fix-f438c76a7a12a64fafde24176b217c4d

Conversation

@rvu-snyk
Copy link

@rvu-snyk rvu-snyk commented Mar 2, 2026

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

  • packages/koa-zipkin/package.json
  • packages/koa-zipkin/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

Issue Score
medium severity Missing Release of Resource after Effective Lifetime
SNYK-JS-INFLIGHT-6095116		   631  

Breaking Change Risk

Merge Risk: High

Notice: This assessment is enhanced by AI.

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

@snyk-bot
fix: packages/koa-zipkin/package.json & packages/koa-zipkin/package-l…
c0589eb 
…ock.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
@rvu-snyk
Copy link
Author

rvu-snyk commented Mar 2, 2026

Merge Risk: High

The upgrade to Jest v30.0.0 is a major version with numerous breaking changes that will require developer action, code modifications, and configuration updates.

Key Breaking Changes:

  • Environment Support: Support for Node.js versions 14, 16, 19, and 21 has been dropped. The minimum required TypeScript version is now 5.4.
  • jest-environment-jsdom Upgrade: The underlying jsdom library was upgraded from v21 to v26. This introduces significant changes, most notably making it impossible to mock window.location using Object.defineProperty. Tests relying on this pattern will break.
  • Removed API Aliases: Deprecated expect aliases have been removed (e.g., toBeCalled() is now toHaveBeenCalled()). Code using these aliases must be updated. An autofixer is available via eslint-plugin-jest.
  • Snapshot Updates Required: The format of snapshot files has changed, which will require all existing snapshots to be updated upon upgrade.
  • CLI Flag Renamed: The --testPathPattern command-line argument has been renamed to --testPathPatterns. Any scripts using the old flag must be updated.
  • Matcher Behavior: The toEqual matcher and others now exclude non-enumerable properties by default, which could alter the outcome of existing assertions.

Recommendation: This upgrade involves mandatory code and configuration changes. Developers should review the official migration guide, run the eslint-plugin-jest autofixer for alias updates, and be prepared to update all snapshots. Special attention should be paid to tests that mock window.location as they will require refactoring.

Source: Jest 30 Release Notes

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rvu-snyk @snyk-bot