[Snyk] Security upgrade file-type from 19.6.0 to 21.3.1

[macpro-snyk-service-account]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• lib/local-constructs/clamav-scanning/package.json
• lib/local-constructs/clamav-scanning/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Infinite loop SNYK-JS-FILETYPE-15456217	66

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[macpro-snyk-service-account]

Risk Assessment

HIGH

This is a major version upgrade that introduces significant breaking changes, including a transition to a pure ESM package and a requirement for Node.js 20.

Summary of Breaking Changes

The upgrade of file-type from version 19.6.0 to 21.3.1 includes several breaking changes across major versions 20 and 21.

Key Breaking Changes:

• ESM-Only Package: Starting with recent major versions, file-type is now a pure ESM (ECMAScript Module) package. This means you can no longer use require('file-type'). You must now use import statements and your project needs to be configured as an ES Module ("type": "module" in your package.json).
• Node.js Version Requirement: Version 21.0.0 and later require Node.js 20 or newer.
• Dropped Adobe Illustrator Support: Detection for Adobe Illustrator (.ai) files has been removed in v21.0.0.
• MIME-Type Corrections: The official IANA registered MIME-types for Matroska, FLAC, Apache Parquet, and Apache Arrow have been corrected in v21.0.0, which may affect applications that relied on the previous values.

Recommendation

This upgrade requires code modifications and an environment update.

• Action Required:
  • Ensure your project is running on Node.js 20 or a later version.
  • Update your project to use ES Modules. This involves changing require('file-type') to import { ... } from 'file-type' and setting "type": "module" in your package.json.
  • Review any logic that depends on the MIME-types for Matroska, FLAC, Parquet, or Arrow, as these have been changed to their official IANA registered values.
  • If you rely on Adobe Illustrator file type detection, you will need to find an alternative solution.

Sources:

• file-type GitHub Releases
• file-type npm page

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[macpro-snyk-service-account]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[github-actions]

Coverage Report

Status	Category	Percentage	Covered / Total
🔵	Lines	90.54% (🎯 90%) 🟰 ±0%	6303 / 6961
🔵	Statements	90.03% (🎯 90%) 🟰 ±0%	6865 / 7625
🔵	Functions	84.64% (🎯 85%) 🟰 ±0%	1797 / 2123
🔵	Branches	77.87% (🎯 80%) 🟰 ±0%	3538 / 4543

File Coverage

No changed files found.

Generated in workflow #4578 for commit e965960 by the Vitest Coverage Report Action