[Snyk] Security upgrade tap from 5.8.0 to 18.0.0

[Robthreefold]

Snyk has created this PR to fix 5 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json
• package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Access of Resource Using Incompatible Type ('Type Confusion') SNYK-JS-HANDLEBARS-15803084	740
	Access of Resource Using Incompatible Type ('Type Confusion') SNYK-JS-HANDLEBARS-15803082	735
	Improper Check for Unusual or Exceptional Conditions SNYK-JS-HANDLEBARS-15807042	710
	Improper Encoding or Escaping of Output SNYK-JS-HANDLEBARS-15807040	695
	Access of Resource Using Incompatible Type ('Type Confusion') SNYK-JS-HANDLEBARS-15803086	660

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Access of Resource Using Incompatible Type ('Type Confusion')
🦉 Access of Resource Using Incompatible Type ('Type Confusion')
🦉 Improper Encoding or Escaping of Output

[Robthreefold]

This is a massive upgrade from version 5.8.0 to 18.0.0, spanning 13 major versions and a complete architectural overhaul of the tap testing framework. A direct upgrade is not possible without a significant migration effort, as nearly every aspect of the library has changed.

Key Breaking Changes:

• Architecture and Modularity: The framework was rewritten in TypeScript and now uses a plugin-based architecture. Core functionalities like assertions (@tapjs/asserts), lifecycle hooks (@tapjs/before-each), and even TypeScript support are now managed as plugins.
• Configuration:
  • Configuration loading is stricter. All temporary files, including coverage and process info, are now stored in a single .tap directory.
  • The tap config command replaces the --dump-config flag.
  • Filtering tests via test-regexp and test-ignore has been replaced with include and exclude glob patterns.
• Coverage Enforcement: Code coverage checking is enabled by default in version 18. Builds will fail if coverage does not meet the threshold (defaulting to 100%), which is a major change from older versions.
• API and Globals:
  • Mocha-style globals (describe, it) are no longer available by default. They have been moved to the @tapjs/mocha-globals plugin and must be explicitly configured.
  • Assertion synonyms (e.g., t.is_not_equal) have been deprecated and removed.
  • t.beforeEach and t.afterEach no longer accept callback arguments and now require returning a promise for async operations.
• CLI Changes: The tap --watch command has been replaced by the new tap repl command.
• Node.js Support: Support for Node.js versions below 10 was dropped.

Recommendation: This upgrade cannot be performed without a thorough migration. Developers must review the official upgrading guide, refactor test configurations, update test files to use modern APIs and promise-based patterns, and address the new default coverage requirements. Treat this as a rewrite of the test suite.

Source: Upgrading Guide, Changelog

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[Robthreefold]

⛔ Snyk checks have failed. 6 issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (6)
⛔	Open Source Security	0	3	3	0	6 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[Robthreefold]

⛔ Snyk checks have failed. 6 issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (6)
⛔	Open Source Security	0	3	3	0	6 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[Robthreefold]

⛔ Snyk checks have failed. 6 issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (6)
⛔	Open Source Security	0	3	3	0	6 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[Robthreefold]

⛔ Snyk checks have failed. 6 issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (6)
⛔	Open Source Security	0	3	3	0	6 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[Robthreefold]

⛔ Snyk checks have failed. 6 issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (6)
⛔	Open Source Security	0	3	3	0	6 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[Robthreefold]

⛔ Snyk checks have failed. 6 issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (6)
⛔	Open Source Security	0	3	3	0	6 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.