build(deps-dev): bump koa from 2.15.3 to 3.0.1 #16

dependabot · 2025-07-28T23:32:46Z

Bumps koa from 2.15.3 to 3.0.1.

Release notes

v3.0.1

What's Changed

fix(security): only allow same origin referer on response back koajs/koa@422c551

chore: adds initial doc text refresh; migration guide [CHORE-1870] by @yowainwright in koajs/koa#1877

build(deps-dev): bump formidable from 3.5.2 to 3.5.4 by @dependabot[bot] in koajs/koa#1878

chore: removes done callbacks in tests [CHORE-1870] by @yowainwright in koajs/koa#1875

build(deps-dev): bump supertest from 7.1.0 to 7.1.1 by @dependabot[bot] in koajs/koa#1879

build(deps): bump debug from 4.4.0 to 4.4.1 by @dependabot[bot] in koajs/koa#1880

feat: replace debug module with pure node:util::debuglog by @3imed-jaberi in koajs/koa#1885

feat: replace cache-content-type with mime-types directly by @3imed-jaberi in koajs/koa#1886

build(deps): bump statuses from 2.0.1 to 2.0.2 by @dependabot[bot] in koajs/koa#1888

build(deps-dev): bump supertest from 7.1.1 to 7.1.4 by @dependabot[bot] in koajs/koa#1895

build(deps-dev): bump form-data from 4.0.3 to 4.0.4 by @dependabot[bot] in koajs/koa#1894

Full Changelog: koajs/koa@v3.0.0...v3.0.1

v3.0.0

This is a major release.

Breaking

Minimum node v18

Removes .redirect('back'), adds .back(fallback_url) @fl0w koajs/koa#1115

For .redirect(), don't render redirect values in anchor ref koajs/koa@ff25eb4

req.origin should display the origin header if it exists, not the current hostname koajs/koa#1008. origin now aligns with the Origin header as used in CORS.

.body=<json> should not overwrite type if type already json koajs/koa#1120

Remove special ENOENT support koajs/koa#1861 - this is a big change and will require any file servers to adapt to this change for handling 404s / files not found

Removes generator deprecation messages. Generators are no longer supported. Koa no longer asserts if generators are used. Set content-length: 0 if body is explicitly set to null @ognjenjevremovic #1528 Remove obsolete createAsyncCtxStorageMiddleware koajs/koa#1817

ctx.throw now requires a format of ctx.throw(status, error, properties). See: https://www.npmjs.com/package/http-errors

New

Support custom streams @KristapsR koajs/koa#1825

Support WHATWG response bodies koajs/koa#1830 @kravorkid

Use asyncLocalStorage to get current context from app, e.g.: const ctx = app.currentContext.

Fixes

Handle responses when socket is no longer writable @titanism @azlond koajs/koa#1593

fix: Do not response Content-Length if Transfer-Encoding is defined #1562 @charlyzeng

fix: Set body to 'null' if ctx.type = 'json' and ctx.body = null #1059 @likegun

fix: can not get currentContext in error handler (#1758) (Gxkl <gxkl203@gmail.com>)

Fix exports.defaults in package.json koajs/koa#1630

Fix leaky handles in tests koajs/koa#1838

Fix body null checks koajs/koa#1814

Fix reformatting redirect URLs koajs/koa#1805 koajs/koa#1804

Fix passing ctx in error handler koajs/koa#1758

... (truncated)

Changelog

Sourced from koa's changelog.

[!IMPORTANT] Moving forwards we are using the GitHub releases page at https://github.com/koajs/koa/releases in combination with np for publishing releases and their changelogs.

3.0.0-alpha.3 / 2025-02-11

fixes

Avoid redos on host and protocol getter

3.0.0-alpha.2 / 2024-11-04

breaking changes

Update http-errors to v2.0.0 #1486

ctx.throw now requires a format of ctx.throw(status, error, properties). See: https://www.npmjs.com/package/http-errors

Remove res.redirect('back'), add back() method to ctx #1115

Replace node querystring with URLSearchParams #1828

Remove obsolete createAsyncCtxStorageMiddleware #1817

features

Add support for web WHATWG #1830

updates

Update cookies to ~0.9.1 #1846

Update statuses to ^2.0.1

Update supertest to ^7.0.0 #1841

fixes

Fix exports.defaults in package.json #1630

Fix leaky handles in tests #1838

Fix body null checks #1814

Fix reformatting redirect URLs #1805 #1804

Fix passing ctx in error handler #1758

migrations

Migrate from jest to the native node test runner #1845

3.0.0-alpha.1 / 2023-04-12

fixes

[e98b8d1] - fix: can not get currentContext in error handler (#1758) (Gxkl <gxkl203@gmail.com>)

3.0.0-alpha.0 / 2023-01-02

Breaking Changes

... (truncated)

Commits

1ddb048 3.0.1
422c551 Merge commit from fork
6e51eb1 build(deps-dev): bump form-data from 4.0.3 to 4.0.4 (#1894)
d378e5c build(deps-dev): bump supertest from 7.1.1 to 7.1.4 (#1895)
cb22d8d build(deps): bump statuses from 2.0.1 to 2.0.2 (#1888)
0acad8f feat: replace cache-content-type with mime-types directly (#1886)
2f6e814 feat: replace debug module with pure node:util::debuglog (#1885)
8620ced build(deps): bump debug from 4.4.0 to 4.4.1 (#1880)
dec1ffc build(deps-dev): bump supertest from 7.1.0 to 7.1.1 (#1879)
9057541 chore: removes done callbacks in tests [CHORE-1870] (#1875)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [koa](https://github.com/koajs/koa) from 2.15.3 to 3.0.1. - [Release notes](https://github.com/koajs/koa/releases) - [Changelog](https://github.com/koajs/koa/blob/master/History.md) - [Commits](koajs/koa@2.15.3...v3.0.1) --- updated-dependencies: - dependency-name: koa dependency-version: 3.0.1 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 28, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

build(deps-dev): bump koa from 2.15.3 to 3.0.1 #16

build(deps-dev): bump koa from 2.15.3 to 3.0.1 #16

Uh oh!

dependabot bot commented on behalf of github Jul 28, 2025

Uh oh!

Uh oh!

build(deps-dev): bump koa from 2.15.3 to 3.0.1 #16

Are you sure you want to change the base?

build(deps-dev): bump koa from 2.15.3 to 3.0.1 #16

Uh oh!

Conversation

dependabot bot commented on behalf of github Jul 28, 2025

v3.0.1

What's Changed

v3.0.0

Breaking

New

Fixes

3.0.0-alpha.3 / 2025-02-11

3.0.0-alpha.2 / 2024-11-04

3.0.0-alpha.1 / 2023-04-12

3.0.0-alpha.0 / 2023-01-02

Breaking Changes

Uh oh!

Uh oh!