Bump koa and @module-federation/enhanced

[dependabot]

Bumps koa to 3.0.1 and updates ancestor dependency @module-federation/enhanced. These dependencies need to be updated together.

Updates koa from 2.11.0 to 3.0.1

Release notes

Sourced from koa's releases.

v3.0.1

What's Changed

• fix(security): only allow same origin referer on response back koajs/koa@422c551
• chore: adds initial doc text refresh; migration guide [CHORE-1870] by @​yowainwright in koajs/koa#1877
• build(deps-dev): bump formidable from 3.5.2 to 3.5.4 by @​dependabot[bot] in koajs/koa#1878
• chore: removes done callbacks in tests [CHORE-1870] by @​yowainwright in koajs/koa#1875
• build(deps-dev): bump supertest from 7.1.0 to 7.1.1 by @​dependabot[bot] in koajs/koa#1879
• build(deps): bump debug from 4.4.0 to 4.4.1 by @​dependabot[bot] in koajs/koa#1880
• feat: replace debug module with pure node:util::debuglog by @​3imed-jaberi in koajs/koa#1885
• feat: replace cache-content-type with mime-types directly by @​3imed-jaberi in koajs/koa#1886
• build(deps): bump statuses from 2.0.1 to 2.0.2 by @​dependabot[bot] in koajs/koa#1888
• build(deps-dev): bump supertest from 7.1.1 to 7.1.4 by @​dependabot[bot] in koajs/koa#1895
• build(deps-dev): bump form-data from 4.0.3 to 4.0.4 by @​dependabot[bot] in koajs/koa#1894

Full Changelog: koajs/koa@v3.0.0...v3.0.1

v3.0.0

This is a major release.

Breaking

• Minimum node v18
• Removes .redirect('back'), adds .back(fallback_url) @​fl0w koajs/koa#1115
• For .redirect(), don't render redirect values in anchor ref koajs/koa@ff25eb4
• req.origin should display the origin header if it exists, not the current hostname koajs/koa#1008. origin now aligns with the Origin header as used in CORS.
• .body=<json> should not overwrite type if type already json koajs/koa#1120
• Remove special ENOENT support koajs/koa#1861 - this is a big change and will require any file servers to adapt to this change for handling 404s / files not found
• Removes generator deprecation messages. Generators are no longer supported. Koa no longer asserts if generators are used. Set content-length: 0 if body is explicitly set to null @​ognjenjevremovic #1528 Remove obsolete createAsyncCtxStorageMiddleware koajs/koa#1817
• ctx.throw now requires a format of ctx.throw(status, error, properties). See: https://www.npmjs.com/package/http-errors

New

• Support custom streams @​KristapsR koajs/koa#1825
• Support WHATWG response bodies koajs/koa#1830 @​kravorkid
• Use asyncLocalStorage to get current context from app, e.g.: const ctx = app.currentContext.

Fixes

• Handle responses when socket is no longer writable @​titanism @​azlond koajs/koa#1593
• fix: Do not response Content-Length if Transfer-Encoding is defined #1562 @​charlyzeng
• fix: Set body to 'null' if ctx.type = 'json' and ctx.body = null #1059 @​likegun
• fix: can not get currentContext in error handler (#1758) (Gxkl <[email protected]>)
• Fix exports.defaults in package.json koajs/koa#1630
• Fix leaky handles in tests koajs/koa#1838
• Fix body null checks koajs/koa#1814
• Fix reformatting redirect URLs koajs/koa#1805 koajs/koa#1804
• Fix passing ctx in error handler koajs/koa#1758

... (truncated)

Changelog

Sourced from koa's changelog.

[!IMPORTANT] Moving forwards we are using the GitHub releases page at https://github.com/koajs/koa/releases in combination with np for publishing releases and their changelogs.

---

3.0.0-alpha.3 / 2025-02-11

fixes

• Avoid redos on host and protocol getter

3.0.0-alpha.2 / 2024-11-04

breaking changes

• Update http-errors to v2.0.0 #1486
  • ctx.throw now requires a format of ctx.throw(status, error, properties). See: https://www.npmjs.com/package/http-errors
• Remove res.redirect('back'), add back() method to ctx #1115
• Replace node querystring with URLSearchParams #1828
• Remove obsolete createAsyncCtxStorageMiddleware #1817

features

• Add support for web WHATWG #1830

updates

• Update cookies to ~0.9.1 #1846
• Update statuses to ^2.0.1
• Update supertest to ^7.0.0 #1841

fixes

• Fix exports.defaults in package.json #1630
• Fix leaky handles in tests #1838
• Fix body null checks #1814
• Fix reformatting redirect URLs #1805 #1804
• Fix passing ctx in error handler #1758

migrations

• Migrate from jest to the native node test runner #1845

3.0.0-alpha.1 / 2023-04-12

fixes

• [e98b8d1] - fix: can not get currentContext in error handler (#1758) (Gxkl <[email protected]>)

3.0.0-alpha.0 / 2023-01-02

Breaking Changes

... (truncated)

Commits

• 1ddb048 3.0.1
• 422c551 Merge commit from fork
• 6e51eb1 build(deps-dev): bump form-data from 4.0.3 to 4.0.4 (#1894)
• d378e5c build(deps-dev): bump supertest from 7.1.1 to 7.1.4 (#1895)
• cb22d8d build(deps): bump statuses from 2.0.1 to 2.0.2 (#1888)
• 0acad8f feat: replace cache-content-type with mime-types directly (#1886)
• 2f6e814 feat: replace debug module with pure node:util::debuglog (#1885)
• 8620ced build(deps): bump debug from 4.4.0 to 4.4.1 (#1880)
• dec1ffc build(deps-dev): bump supertest from 7.1.0 to 7.1.1 (#1879)
• 9057541 chore: removes done callbacks in tests [CHORE-1870] (#1875)
• Additional commits viewable in compare view

Updates @module-federation/enhanced from 0.2.8 to 0.18.0

Release notes

Sourced from @​module-federation/enhanced's releases.

v0.18.0

What's Changed

New Features 🎉

• feat(enhanced): add include/exclude filtering support for shared modules by @​ScriptedAlchemy in module-federation/core#3949
• feat(dts-plugin): add family option by @​ogonkov in module-federation/core#3977

Bug Fixes 🐞

• fix(dts-plugin): update koa to 2.16.2 to fix CVE-2025-8129 by @​ScriptedAlchemy in module-federation/core#3963
• fix(runtime): support TypeScript moduleResolution NodeNext by @​danpeen in module-federation/core#3960
• fix(rsbuild-plugin): add source.include in prod mode only by @​2heal1 in module-federation/core#3971
• fix(enhanced): add module factory for EntryDependency when entry is e… by @​xinyuehtx in module-federation/core#3953

Document 📖

• docs: add createRemoteCompoent and createRemoteSSRComponent deprecated documentation by @​2heal1 in module-federation/core#3978
• docs: add architectural documentation in arch-doc directory by @​ScriptedAlchemy in module-federation/core#3955

Other Changes

• chore(deps): bump undici from 5.28.5 to 7.13.0 by @​dependabot[bot] in module-federation/core#3966
• chore(deps): bump brace-expansion from 1.1.11 to 1.1.12 by @​dependabot[bot] in module-federation/core#3836
• chore: upgrade @babel/* packages to latest versions by @​ScriptedAlchemy in module-federation/core#3968
• chore(deps-dev): bump pbkdf2 from 3.1.2 to 3.1.3 by @​dependabot[bot] in module-federation/core#3856
• chore(deps-dev): bump form-data from 2.5.1 to 2.5.5 by @​dependabot[bot] in module-federation/core#3933
• chore(deps): bump koa from 2.16.1 to 3.0.1 in /packages/dts-plugin by @​dependabot[bot] in module-federation/core#3956
• Revert "feat: support NodeNext module resolution in packages" by @​danpeen in module-federation/core#3972

New Contributors

• @​ogonkov made their first contribution in module-federation/core#3977
• @​xinyuehtx made their first contribution in module-federation/core#3953

Full Changelog: module-federation/core@v0.17.1...v0.18.0

v0.17.1

What's Changed

New Features 🎉

• feat: upgrade NX to 21.2.3, Storybook to 9.0.9, and TypeScript to 5.8.3 by @​ScriptedAlchemy in module-federation/core#3920
• feat: enhance HoistContainerReferencesPlugin for better module hoisting by @​ScriptedAlchemy in module-federation/core#3903
• feat: implement rslib with TypeScript declaration generation by @​ScriptedAlchemy in module-federation/core#3883

Bug Fixes 🐞

• fix(enhanced): add runtime safety checks to prevent errors by @​ScriptedAlchemy in module-federation/core#3900
• fix: buildVersion now correctly reads from project's package.json by @​ScriptedAlchemy in module-federation/core#3928
• fix(cli): enable modern TypeScript plugin by @​ScriptedAlchemy in module-federation/core#3939
• fix(error-codes): enable modern TypeScript plugin by @​ScriptedAlchemy in module-federation/core#3940
• fix(manifest): enable modern TypeScript plugin by @​ScriptedAlchemy in module-federation/core#3943
• fix(data-prefetch): enable modern TypeScript plugin by @​ScriptedAlchemy in module-federation/core#3941
• fix(esbuild): enable modern TypeScript plugin by @​ScriptedAlchemy in module-federation/core#3942
• fix(utils): enable modern TypeScript plugin by @​ScriptedAlchemy in module-federation/core#3946
• fix(runtime): enable modern TypeScript plugin by @​ScriptedAlchemy in module-federation/core#3937
• fix(managers): enable modern TypeScript plugin by @​ScriptedAlchemy in module-federation/core#3938
• fix(webpack-bundler-runtime): enable modern TypeScript plugin by @​ScriptedAlchemy in module-federation/core#3947

... (truncated)

Changelog

Sourced from @​module-federation/enhanced's changelog.

0.18.0

Minor Changes

• 0ab51b8: fix(enhanced): add module factory for EntryDependency when entry is empty

  • bind normalModuleFactory for EntryDependency when no moduleFactory is bound for EntryDependency

• 98a29c3: feat(enhanced): add include/exclude filtering for shared modules

  • Add include/exclude filtering for both ConsumeSharedPlugin and ProvideSharedPlugin
  • Support version-based filtering using semantic version ranges (e.g., include: { version: '^18.0.0' })
  • Support request pattern filtering with string and RegExp (e.g., include: { request: /^Button/ })
  • Add singleton warnings when filters are used to prevent multiple shared instances
  • Enhanced type definitions and JSON schema validation for filtering options

Patch Changes

• Updated dependencies [08f089a]
• Updated dependencies [f6381e6]
  • @​module-federation/dts-plugin@​0.18.0
  • @​module-federation/sdk@​0.18.0
  • @​module-federation/data-prefetch@​0.18.0
  • @​module-federation/runtime-tools@​0.18.0
  • @​module-federation/cli@​0.18.0
  • @​module-federation/manifest@​0.18.0
  • @​module-federation/rspack@​0.18.0
  • @​module-federation/bridge-react-webpack-plugin@​0.18.0
  • @​module-federation/managers@​0.18.0
  • @​module-federation/inject-external-runtime-core-plugin@​0.18.0
  • @​module-federation/error-codes@​0.18.0

0.17.1

Patch Changes

• bc3bc10: enhance HoistContainerReferencesPlugin for better module hoisting

  • Separate handling for container, federation, and remote dependencies
  • Improved support for runtimeChunk: 'single' configuration
  • Proper remote module hoisting using the new addRemoteDependency hook
  • Simplified cleanup logic for better performance
  • Changed runtime chunk detection to include all chunks with runtime (not just entry chunks)
  • Added comprehensive unit tests for the plugin functionality

• 7000c1f: fix: BuildVersion now correctly reads from project's package.json

  • Fixed getBuildVersion() to accept optional root parameter for correct directory resolution
  • Updated StatsManager to use compiler.context when determining build version
  • Ensures buildVersion in mf-manifest.json matches the project's package.json version

... (truncated)

Commits

• 3612e03 chore: release v0.18.0
• 0ab51b8 fix(enhanced): add module factory for EntryDependency when entry is e… (#3953)
• 98a29c3 feat(enhanced): add include/exclude filtering support for shared modules (#3949)
• 05d5f9b release v0.17.1 (#3950)
• 8727aa3 fix(enhanced): compilerInstance type should be string not enum (#3829)
• 7000c1f fix: buildVersion now correctly reads from project's package.json (#3928)
• bc3bc10 feat: enhance HoistContainerReferencesPlugin for better module hoisting (#3903)
• a7cf276 feat: upgrade NX to 21.2.3, Storybook to 9.0.9, and TypeScript to 5.8.3 (#3920)
• cce6a94 refactor: rename container hooks for clarity and consistency
• 1825b9d fix(enhanced): add runtime safety checks to prevent errors (#3900)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by shawzhou, a new releaser for @​module-federation/enhanced since your current version.

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[bert-e]

Hello dependabot[bot],

My role is to assist you with the merge of this
pull request. Please type @bert-e help to get information
on this process, or consult the user documentation.

Available options

name	description	privileged	authored
/after_pull_request	Wait for the given pull request id to be merged before continuing with the current one.
/bypass_author_approval	Bypass the pull request author's approval	⭐
/bypass_build_status	Bypass the build and test status	⭐
/bypass_commit_size	Bypass the check on the size of the changeset TBA	⭐
/bypass_incompatible_branch	Bypass the check on the source branch prefix	⭐
/bypass_jira_check	Bypass the Jira issue check	⭐
/bypass_peer_approval	Bypass the pull request peers' approval	⭐
/bypass_leader_approval	Bypass the pull request leaders' approval	⭐
/approve	Instruct Bert-E that the author has approved the pull request.		✍️
/create_pull_requests	Allow the creation of integration pull requests.
/create_integration_branches	Allow the creation of integration branches.
/no_octopus	Prevent Wall-E from doing any octopus merge and use multiple consecutive merge instead
/unanimity	Change review acceptance criteria from one reviewer at least to all reviewers
/wait	Instruct Bert-E not to run until further notice.

Available commands

name	description	privileged
/help	Print Bert-E's manual in the pull request.
/status	Print Bert-E's current status in the pull request TBA
/clear	Remove all comments from Bert-E from the history TBA
/retry	Re-start a fresh build TBA
/build	Re-start a fresh build TBA
/force_reset	Delete integration branches & pull requests, and restart merge process from the beginning.
/reset	Try to remove integration branches unless there are commits on them which do not appear on the source branch.

Status report is not available.

The following options are set: bypass_author_approval, bypass_jira_check

[bert-e]

Waiting for approval

The following approvals are needed before I can proceed with the merge:

• the author

• one peer

Peer approvals must include at least 1 approval from the following list:

• @hervedombya

• @MonPote

• @ChengYanJin

• @JBWatenbergScality

The following options are set: bypass_author_approval, bypass_jira_check

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 63.45%. Comparing base (4a33315) to head (3e48477).
⚠️ Report is 51 commits behind head on development/4.1.

Additional details and impacted files

@@                 Coverage Diff                 @@
##           development/4.1     #929      +/-   ##
===================================================
+ Coverage            62.44%   63.45%   +1.00%     
===================================================
  Files                  273      273              
  Lines                12629    12649      +20     
  Branches              3642     3654      +12     
===================================================
+ Hits                  7886     8026     +140     
+ Misses                4719     4600     -119     
+ Partials                24       23       -1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[bert-e]

Conflict

There is a conflict between your branch dependabot/npm_and_yarn/multi-2270368bb2 and the
destination branch development/4.1.

Please resolve the conflict on the feature branch (dependabot/npm_and_yarn/multi-2270368bb2).

git fetch && \
git checkout origin/dependabot/npm_and_yarn/multi-2270368bb2 && \
git merge origin/development/4.1

Resolve merge conflicts and commit

git push origin HEAD:dependabot/npm_and_yarn/multi-2270368bb2

The following options are set: bypass_author_approval, bypass_jira_check