Skip to content

[Snyk] Fix for 1 vulnerabilities#397

Open
guypod wants to merge 2 commits into
masterfrom
snyk-fix-63e32a6d1362d8edf322c659473da262
Open

[Snyk] Fix for 1 vulnerabilities#397
guypod wants to merge 2 commits into
masterfrom
snyk-fix-63e32a6d1362d8edf322c659473da262

Conversation

@guypod

@guypod guypod commented Jul 1, 2026

Copy link
Copy Markdown
Owner

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

  • package.json
  • package-lock.json

Vulnerabilities that will be fixed with an upgrade:

Issue Score
high severity Inefficient Algorithmic Complexity
SNYK-JS-BRACEEXPANSION-17706650
  721  

Breaking Change Risk

Merge Risk: High

Notice: This assessment is enhanced by AI.


Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

@guypod

guypod commented Jul 1, 2026

Copy link
Copy Markdown
Owner Author

Merge Risk: High

This upgrade includes multiple high-risk major version updates for typeorm and tap, requiring significant developer action, code refactoring, and environment updates.

Top 3 Most Impactful Upgrades

1. typeorm: 0.2.24 → 1.0.0

  • Risk: HIGH
  • Reason: This is a major release that modernizes the API and removes long-deprecated features. It introduces significant breaking changes that will require substantial code modifications.
  • Key Breaking Changes:
    • Environment: Requires Node.js 20 or newer.
    • API Overhaul: Connection is renamed to DataSource. Global functions like createConnection and getRepository have been removed. You must now use dataSource.getRepository().
    • Find Options: Find option arrays (e.g., relations: ["user"]) are replaced with an object syntax (e.g., relations: { user: true }).
    • Database Drivers: The mysql driver is no longer supported; only mysql2 is.
  • Recommendation: This is a major refactoring effort. Use the official @typeorm/codemod package to automate a large portion of the migration. Carefully review the official upgrading guide before proceeding.

2. tap: 11.1.5 → 18.0.0

  • Risk: HIGH
  • Reason: This upgrade spans seven major versions and includes a complete rewrite of the library in version 18. This will almost certainly break existing test configurations and CI pipelines.
  • Key Breaking Changes:
    • Coverage Enforcement: Code coverage is now enabled by default and is treated as a test failure if it doesn't meet the threshold (defaulting to 100%).
    • Configuration: The configuration system is overhauled. test-regexp is replaced by include/exclude glob patterns in a .taprc file or package.json.
    • ESM & TypeScript: The library was rewritten in TypeScript to provide native support for ESM, TS, and CommonJS.
    • Node.js Version: Support for Node.js versions below 10 was dropped in v12.
  • Recommendation: Developers must update their test configuration files, review test scripts for compatibility, and address new coverage failures. The default requirement for 100% coverage may need to be adjusted for your project.

3. express-fileupload: 0.0.5 → 1.1.10

  • Risk: MEDIUM
  • Reason: This upgrade moves from a very early 0.0.x version to a stable 1.x release. While many changes are bug fixes and security patches, there is

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

@netlify

netlify Bot commented Jul 1, 2026

Copy link
Copy Markdown

Deploy Preview for deft-semolina-3725a9 failed.

Name Link
🔨 Latest commit 4a6553a
🔍 Latest deploy log https://app.netlify.com/projects/deft-semolina-3725a9/deploys/6a44d425ee20410008f3f8f9

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants