AVA version 3.14.0 represents a minor update to the popular Node.js test runner, building upon the foundation established by version 3.13.0. Several dependency bumps are the primary changes, bringing in newer versions of underlying tools and libraries, potentially offering improved performance, bug fixes, and security enhancements. For instance, debug jumps from version 4.2.0 to 4.3.1, chalk goes from 4.1.0, and ansi-styles moves from 4.2.1 to 5.0.0. Several devDependencies were also updated, such as c8, xo, tap, react, and typescript.
Specifically, mem, a dependency for memoization, sees a major version upgrade from 6.1.1 to 8.0.0, which could introduce breaking changes if your tests rely on specific internal behaviors of mem. The yargs dependency is upgraded from 16.0.3 to 16.2.0. chokidar gets bumped from 3.4.2 to 3.4.3. update-notifier is updated from 4.1.1 to 5.0.1 which may influence how AVA informs users about new releases.
Developers considering upgrading should carefully review the changelogs of these updated dependencies to ensure compatibility with their existing test suites. While the core AVA functionality remains largely unchanged, these dependency updates are crucial for maintaining a secure and performant testing environment. The small increase in unpacked size, from 271847 to 272935, reflect these updated dependencies.
All the vulnerabilities related to the version 3.14.0 of the package
Got allows a redirect to a UNIX socket
The got package before 11.8.5 and 12.1.0 for Node.js allows a redirect to a UNIX socket.
