Skip to content

[Snyk] Fix for 7 vulnerabilities #231

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 7 vulnerabilities #231

wants to merge 1 commit into from

Conversation

@Omrisnyk
Copy link
Owner

@Omrisnyk Omrisnyk commented Jun 10, 2025

snyk-top-banner

Snyk has created this PR to fix 7 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

  • large-file/package.json

Vulnerabilities that will be fixed with an upgrade:

Issue Score
high severity Denial of Service (DoS)
SNYK-JS-WS-7266574		   169  
high severity Excessive Platform Resource Consumption within a Loop
SNYK-JS-BRACES-6838727		   159  
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		   159  
medium severity Missing Release of Resource after Effective Lifetime
SNYK-JS-INFLIGHT-6095116		   131  
medium severity Prototype Pollution
SNYK-JS-TOUGHCOOKIE-5672873		   117  
high severity Inefficient Regular Expression Complexity
SNYK-JS-MICROMATCH-6838728		   114  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-3050818		   45  
Release notes
Package name: expect
  • 30.0.0 - 2025-06-10

    Today we are happy to announce the release of Jest 30. This release features a substantial number of changes, fixes, and improvements. While it is one of the largest major releases of Jest ever, we admit that three years for a major release is too long. In the future, we are aiming to make more frequent major releases to keep Jest great for the next decade.

    If you want to skip all the news and just get going, run npm install jest@^30.0.0 and follow the migration guide: Upgrading from Jest 29 to 30.

    Read the full blog post

    Features

    • [*] Renamed globalsCleanupMode to globalsCleanup and --waitNextEventLoopTurnForUnhandledRejectionEvents to --waitForUnhandledRejections
    • [expect] Add ArrayOf asymmetric matcher for validating array elements. (#15567)
    • [babel-jest] Add option excludeJestPreset to allow opting out of babel-preset-jest (#15164)
    • [expect] Revert #15038 to fix expect(fn).toHaveBeenCalledWith(expect.objectContaining(...)) when there are multiple calls (#15508)
    • [jest-circus, jest-cli, jest-config] Add waitNextEventLoopTurnForUnhandledRejectionEvents flag to minimise performance impact of correct detection of unhandled promise rejections introduced in #14315 (#14681)
    • [jest-circus] Add a waitBeforeRetry option to jest.retryTimes (#14738)
    • [jest-circus] Add a retryImmediately option to jest.retryTimes (#14696)
    • [jest-circus, jest-jasmine2] Allow setupFilesAfterEnv to export an async function (#10962)
    • [jest-circus, jest-test-result] Add startedAt timestamp in TestCaseResultObject within onTestCaseResult (#15145)
    • [jest-cli] Export buildArgv (#15310)
    • [jest-config] [BREAKING] Add mts and cts to default moduleFileExtensions config (#14369)
    • [jest-config] [BREAKING] Update testMatch and testRegex default option for supporting mjs, cjs, mts, and cts (#14584)
    • [jest-config] Loads config file from provided path in package.json (#14044)
    • [jest-config] Allow loading jest.config.cts files (#14070)
    • [jest-config] Show rootDir in error message when a preset fails to load (#15194)
    • [jest-config] Support loading TS config files using esbuild-register via docblock loader (#15190)
    • [jest-config] Allow passing TS config loader options via docblock comment (#15234)
    • [jest-config] If Node is running with type stripping enabled, do not require a TS loader (#15480)
    • [@ jest/core] Group together open handles with the same stack trace (#13417, & #14789)
    • [@ jest/core] Add perfStats to surface test setup overhead (#14622)
    • [@ jest/core] [BREAKING] Changed --filter to accept an object with shape { filtered: Array<string> } to match documentation (#13319)
    • [@ jest/core] Support --outputFile option for --listTests (#14980)
    • [@ jest/core] Stringify Errors properly with --json flag (#15329)
    • [@ jest/core, @ jest/test-sequencer] [BREAKING] Exposes globalConfig & contexts to TestSequencer (#14535, & #14543)
    • [jest-each] Introduce %$ option to add number of the test to its title (#14710)
    • [@ jest/environment] [BREAKING] Remove deprecated jest.genMockFromModule() (#15042)
    • [@ jest/environment] [BREAKING] Remove unnecessary defensive code (#15045)
    • [jest-environment-jsdom] [BREAKING] Upgrade JSDOM to v22 (#13825)
    • [@ jest/environment-jsdom-abstract] Introduce new package which abstracts over the jsdom environment, allowing usage of custom versions of JSDOM (#14717)
    • [jest-environment-node] Update jest environment with dispose symbols Symbol (#14888 & #14909)
    • [expect, @ jest/expect] [BREAKING] Add type inference for function parameters in CalledWith assertions (#15129)
    • [@ jest/expect-utils] Properly compare all types of TypedArrays (#15178)
    • [@ jest/fake-timers] [BREAKING] Upgrade @ sinonjs/fake-timers to v13 (#14544 & #15470)
    • [@ jest/fake-timers] Exposing new modern timers function advanceTimersToFrame() which advances all timers by the needed milliseconds to execute callbacks currently scheduled with requestAnimationFrame (#14598)
    • [jest-matcher-utils] Add SERIALIZABLE_PROPERTIES to allow custom serialization of objects (#14893)
    • [jest-mock] Add support for the Explicit Resource Management proposal to use the using keyword with jest.spyOn(object, methodName) (#14895)
    • [jest-reporters] Add support for DEC mode 2026 (#15008)
    • [jest-resolver] Support file:// URLs as paths (#15154)
    • [jest-resolve,jest-runtime,jest-resolve-dependencies] Pass the conditions when resolving stub modules (#15489)
    • [jest-runtime] Exposing new modern timers function jest.advanceTimersToFrame() from @ jest/fake-timers (#14598)
    • [jest-runtime] Support import.meta.filename and import.meta.dirname (available from Node 20.11) (#14854)
    • [jest-runtime] Support import.meta.resolve (#14930)
    • [jest-runtime] [BREAKING] Make it mandatory to pass globalConfig to the Runtime constructor (#15044)
    • [jest-runtime] Add unstable_unmockModule (#15080)
    • [jest-runtime] Add onGenerateMock transformer callback for auto generated callbacks (#15433 & #15482)
    • [jest-runtime] [BREAKING] Use vm.compileFunction over vm.Script (#15461)
    • [@ jest/schemas] Upgrade @ sinclair/typebox to v0.34 (#15450)
    • [@ jest/types] test.each(): Accept a readonly (as const) table properly (#14565)
    • [@ jest/types] Improve argument type inference passed to test and describe callback functions from each tables (#14920)
    • [jest-snapshot] [BREAKING] Add support for Error causes in snapshots (#13965)
    • [jest-snapshot] Support Prettier 3 (#14566)
    • [@ jest/util-snapshot] Extract utils used by tooling from jest-snapshot into its own package (#15095)
    • [pretty-format] [BREAKING] Do not render empty string children ('') in React plugin (#14470)

    Fixes

    • [expect] Show AggregateError to display (#15346)
    • [*] Replace exit with exit-x (#15399)
    • [babel-plugin-jest-hoist] Use denylist instead of the deprecated blacklist for Babel 8 support (#14109)
    • [babel-plugin-jest-hoist] Do not rely on buggy Babel behaviour (#15415)
    • [expect] Check error instance type for toThrow/toThrowError (#14576)
    • [expect] Improve diff for failing expect.objectContaining (#15038)
    • [expect] Use Array.isArray to check if an array is an Array (#15101)
    • [expect] Fix Error cause assertion errors (#15339)
    • [jest-changed-files] Print underlying errors when VCS commands fail (#15052)
    • [jest-changed-files] Abort sl root call if output resembles a steam locomotive (#15053)
    • [jest-circus] [BREAKING] Prevent false test failures caused by promise rejections handled asynchronously (#14315)
    • [jest-circus] Replace recursive makeTestResults implementation with iterative one (#14760)
    • [jest-circus] Omit expect.hasAssertions() errors if a test already has errors (#14866)
    • [jest-circus, jest-expect, jest-snapshot] Pass test.failing tests when containing failing snapshot matchers (#14313)
    • [jest-circus] Concurrent tests now emit jest circus events at the correct point and in the expected order. (#15381)
    • [jest-cli] [BREAKING] Validate CLI flags that require arguments receives them (#14783)
    • [jest-config] Make sure to respect runInBand option (#14578)
    • [jest-config] Support testTimeout in project config (#14697)
    • [jest-config] Support coverageReporters in project config (#14697)
    • [jest-config] Allow reporters in project config (#14768)
    • [jest-config] Allow Node16/NodeNext/Bundler moduleResolution in project's tsconfig (#14739)
    • [@ jest/create-cache-key-function] Correct the return type of createCacheKey (#15159)
    • [jest-each] Allow $keypath templates with null or undefined values (#14831)
    • [@ jest/expect-utils] Fix comparison of DataView (#14408)
    • [@ jest/expect-utils] [BREAKING] exclude non-enumerable in object matching (#14670)
    • [@ jest/expect-utils] Fix comparison of URL (#14672)
    • [@ jest/expect-utils] Check Symbol properties in equality (#14688)
    • [@ jest/expect-utils] Catch circular references within arrays when matching objects (#14894)
    • [@ jest/expect-utils] Fix not addressing to Sets and Maps as objects without keys (#14873)
    • [jest-haste-map] Fix errors or clobbering with multiple hasteImplModulePaths (#15522)
    • [jest-leak-detector] Make leak-detector more aggressive when running GC (#14526)
    • [jest-runtime] Properly handle re-exported native modules in ESM via CJS (#14589)
    • [jest-runtime] Refactor _importCoreModel so required core module is consistent if modified while loading (#15077)
    • [jest-schemas, jest-types] [BREAKING] Fix type of testFailureExitCode config option(#15232)
    • [jest-util] Make sure isInteractive works in a browser (#14552)
    • [pretty-format] [BREAKING] Print ArrayBuffer and DataView correctly (#14290)
    • [pretty-format] Fixed a bug where "anonymous custom elements" were not being printed as expected. (#15138)
    • [jest-cli] When specifying paths on the command line, only match against the relative paths of the test files (#12519)
      • [BREAKING] Changes testPathPattern configuration option to testPathPatterns, which now takes a list of patterns instead of the regex.
      • [BREAKING] --testPathPattern is now --testPathPatterns
      • [BREAKING] Specifying testPathPatterns when programmatically calling watch must be specified as new TestPathPatterns(patterns), where TestPathPatterns can be imported from @ jest/pattern
    • [jest-reporters, jest-runner] Unhandled errors without stack get correctly logged to console (#14619)
    • [jest-util] Always load mjs files with import (#15447)
    • [jest-worker] Properly handle a circular reference error when worker tries to send an assertion fails where either the expected or actual value is circular (#15191)
    • [jest-worker] Properly handle a BigInt when worker tries to send an assertion fails where either the expected or actual value is BigInt (#15191)
    • [expect] Resolve issue where ObjectContaining matched non-object values. ([#15463])(#15463).
      • Adds a conditional/check to ensure the argument passed to expect is an object.
      • Add unit tests for new ObjectContaining behavior.
      • Remove invalid/wrong test case assertions for ObjectContaining.
    • [jest-worker] Addresses incorrect state on exit (#15610)

    Performance

    • [*] [BREAKING] Bundle all of Jest's modules into index.js (#12348, #14550 & #14661)
    • [jest-haste-map] Only spawn one process to check for watchman installation (#14826)
    • [jest-runner] Better cleanup source-map-support after test to resolve (minor) memory leak (#15233)
    • [jest-circus, jest-environment-node, jest-repl, jest-runner, jest-util] Cleanup global variables on environment teardown to reduce memory leaks (#15215 & #15636 & #15643)

    Chore & Maintenance

    • [jest-environment-jsdom, jest-environment-jsdom-abstract] Increased version of jsdom to ^26.0.0 (#15325CVE-2024-37890)
    • [*] Increase version of micromatch to ^4.0.7 (#15082)
    • [*] [BREAKING] Drop support for Node.js versions 14, 16, 19, 21 and 23 (#14460, #15118, #15623, #15640)
    • [*] [BREAKING] Drop support for [email protected], minimum version is now 5.4 (#14542, #15621)
    • [*] Depend on exact versions of monorepo dependencies instead of ^ range (#14553)
    • [*] [BREAKING] Add ESM wrapper for all of Jest's modules (#14661)
    • [*] [BREAKING] Upgrade to glob@10 (#14509)
    • [*] Use TypeError over Error where appropriate (#14799)
    • [docs] Fix typos in CHANGELOG.md and packages/jest-validate/README.md (#14640)
    • [docs] Don't use alias matchers in docs (#14631)
    • [babel-jest, babel-preset-jest] [BREAKING] Increase peer dependency of @ babel/core to ^7.11 (#14109)
    • [babel-jest, @ jest/transform] Update babel-plugin-istanbul to v6 (#15156)
    • [babel-plugin-jest-hoist] Move unnecessary dependencies to devDependencies (#15010)
    • [expect] [BREAKING] Remove .toBeCalled(), .toBeCalledTimes(), .toBeCalledWith(), .lastCalledWith(), .nthCalledWith(), .toReturn(), .toReturnTimes(), .toReturnWith(), .lastReturnedWith(), .nthReturnedWith() and .toThrowError() matcher aliases (#14632)
    • [jest-cli, jest-config, @ jest/types] [BREAKING] Remove deprecated --init argument (#14490)
    • [jest-config, @ jest/core, jest-util] Upgrade ci-info (#14655)
    • [jest-mock] [BREAKING] Remove MockFunctionMetadataType, MockFunctionMetadata and SpyInstance types (#14621)
    • [@ jest/reporters] Upgrade istanbul-lib-source-maps (#14924)
    • [jest-schemas] Upgrade @ sinclair/typebox (#14775)
    • [jest-transform] Upgrade write-file-atomic (#14274)
    • [jest-util] Upgrade picomatch to v4 (#14653 & #14885)
    • [docs] Append to NODE_OPTIONS, not overwrite ([#14730](https://redirect.github.com/jestjs/jest/pull/14730))
    • [docs] Updated .toHaveBeenCalled() documentation to correctly reflect its functionality (#14842)
    • [docs] Link NestJS documentation on testing with Jest (#14940)
    • [docs] Revised documentation for .toHaveBeenCalled() to accurately depict its functionality. (#14853)
    • [docs] Removed ExpressJS reference link from documentation due to dead link (#15270)
    • [docs] Correct broken links in docs (#15359)

    New Contributors

@Omrisnyk
Copy link
Owner Author

Omrisnyk commented Jun 10, 2025
edited
Loading

🎉 Snyk checks have passed. No issues have been found so far.

security/snyk check is complete. No issues have been found. (View Details)

license/snyk check is complete. No issues have been found. (View Details)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Omrisnyk @snyk-bot