[Snyk] Upgrade koa from 2.16.1 to 3.0.0

[kshutkin]

Snyk has created this PR to upgrade koa from 2.16.1 to 3.0.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 7 versions ahead of your current version.

• The recommended version was released a month ago.

Release notes

Package name: koa

• 3.0.0 - 2025-04-28
  

  This is a major release.

  Breaking

  • Minimum node v18
  • Removes .redirect('back'), adds .back(fallback_url) @ fl0w #1115
  • For .redirect(), don't render redirect values in anchor ref ff25eb4
  • req.origin should display the origin header if it exists, not the current hostname #1008. origin now aligns with the Origin header as used in CORS.
  • .body=<json> should not overwrite type if type already json #1120
  • Remove special ENOENT support #1861 - this is a big change and will require any file servers to adapt to this change for handling 404s / files not found
  • Removes generator deprecation messages. Generators are no longer supported. Koa no longer asserts if generators are used.
    Set content-length: 0 if body is explicitly set to null @ ognjenjevremovic #1528
    Remove obsolete createAsyncCtxStorageMiddleware #1817
  • ctx.throw now requires a format of ctx.throw(status, error, properties). See: https://www.npmjs.com/package/http-errors

  New

  • Support custom streams @ KristapsR #1825
  • Support WHATWG response bodies #1830 @ kravorkid
  • Use asyncLocalStorage to get current context from app, e.g.: const ctx = app.currentContext.

  Fixes

  • Handle responses when socket is no longer writable @ titanism @ Azlond #1593
  • fix: Do not response Content-Length if Transfer-Encoding is defined #1562 @ charlyzeng
  • fix: Set body to 'null' if ctx.type = 'json' and ctx.body = null #1059 @ likegun
  • fix: can not get currentContext in error handler (#1758) (Gxkl <gxkl203@gmail.com>)
  • Fix exports.defaults in package.json #1630
  • Fix leaky handles in tests #1838
  • Fix body null checks #1814
  • Fix reformatting redirect URLs #1805 #1804
  • Fix passing ctx in error handler #1758
  • Avoid redos on host and protocol getter

  Refactors

  • Replace node query string with URLSearchParams #1828 @ kravorkid

  Dependencies

  • bump type-is@2
  • bump http-errors@2
  • bump cookies@0.9.1
  • bump statuses@2
  • bump supertest@7
• 3.0.0-alpha.5 - 2025-04-06
  

  fix: don't render redirect values in anchor ref

• 3.0.0-alpha.4 - 2025-03-21
  

  Breaking Changes:

  • .req.origin now represents req.headers.origin
  • .body=<json> does not overwrite .type= if the type is already json
  • Removed special ENOENT error support - please check your file handling functions
  • .res.set - do not coerce headers to be strings
• 3.0.0-alpha.3 - 2025-02-11
  

  3.0.0-alpha.3

• 3.0.0-alpha.2 - 2024-11-04
  

  breaking changes

  • Update http-errors to v2.0.0 #1486
    • ctx.throw now requires a format of ctx.throw(status, error, properties). See: https://www.npmjs.com/package/http-errors
  • Remove res.redirect('back'), add back() method to ctx #1115
  • Replace node querystring with URLSearchParams #1828
  • Remove obsolete createAsyncCtxStorageMiddleware #1817

  features

  • Add support for web WHATWG #1830

  updates

  • Update cookies to ~0.9.1 #1846
  • Update statuses to ^2.0.1
  • Update supertest to ^7.0.0 #1841

  fixes

  • Fix exports.defaults in package.json #1630
  • Fix leaky handles in tests #1838
  • Fix body null checks #1814
  • Fix reformatting redirect URLs #1805 #1804
  • Fix passing ctx in error handler #1758

  migrations

  • Migrate from jest to the native node test runner #1845
• 3.0.0-alpha.1 - 2023-04-12
• 3.0.0-alpha.0 - 2023-01-02
• 2.16.1 - 2025-04-06
  

  fix: don't render redirect values in anchor ref

from koa GitHub release notes

---

Important

• Warning: This PR contains a major version upgrade, and may be a breaking change.
• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[changeset-bot]

⚠️ No Changeset found

Latest commit: e4e1e1e

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR