Bump koa from 2.15.3 to 3.1.2 in /apps/koa

[dependabot]

Bumps koa from 2.15.3 to 3.1.2.

Release notes

Sourced from koa's releases.

v3.1.2

What's Changed

• fix: typo in troubleshooting.md by @​WuMingDao in koajs/koa#1916
• build(deps-dev): bump qs from 6.14.0 to 6.14.1 by @​dependabot[bot] in koajs/koa#1921
• build(deps): bump http-errors from 2.0.0 to 2.0.1 by @​dependabot[bot] in koajs/koa#1919
• build(deps): bump mime-types from 3.0.1 to 3.0.2 by @​dependabot[bot] in koajs/koa#1918
• docs: use correct term "Server-Sent Events" in guide by @​jtr860830 in koajs/koa#1920
• build(deps): bump content-disposition from 0.5.4 to 1.0.1 by @​dependabot[bot] in koajs/koa#1917
• build(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 by @​dependabot[bot] in koajs/koa#1922
• fix(security): Host Header Injection via ctx.hostname by @​killagu GHSA-7gcc-r8m5-44qm

New Contributors

• @​WuMingDao made their first contribution in koajs/koa#1916
• @​jtr860830 made their first contribution in koajs/koa#1920

Full Changelog: koajs/koa@v3.1.1...v3.1.2

v3.1.1

What's Changed

• fix: only original value destroy if the new value is not a stream by @​yowainwright in koajs/koa#1914

Full Changelog: koajs/koa@v3.1.0...v3.1.1

v3.1.0

What's Changed

• feat: fixes mem leak relating to issue-1834 by @​yowainwright in koajs/koa#1893
• fix: adds steam clean up by @​yowainwright in koajs/koa#1910

Full Changelog: koajs/koa@v3.0.3...v3.1.0

v3.0.3

What's Changed

• fix: normalize referer before redirect by @​fengmk2 in koajs/koa#1908

Full Changelog: koajs/koa@v3.0.2...v3.0.3

v3.0.2

What's Changed

• fix: fixes response.attachment behaviour leads to Content-Type Sniffing by @​yowainwright in koajs/koa#1904
• chore: use NPM trusted publishing with semver tag triggers by @​Copilot in koajs/koa#1907

New Contributors

• @​Copilot made their first contribution in koajs/koa#1907

Full Changelog: koajs/koa@v3.0.1...v3.0.2

v3.0.1

... (truncated)

Changelog

Sourced from koa's changelog.

[!IMPORTANT] Moving forwards we are using the GitHub releases page at https://github.com/koajs/koa/releases in combination with np for publishing releases and their changelogs.

---

3.0.0-alpha.3 / 2025-02-11

fixes

• Avoid redos on host and protocol getter

3.0.0-alpha.2 / 2024-11-04

breaking changes

• Update http-errors to v2.0.0 #1486
  • ctx.throw now requires a format of ctx.throw(status, error, properties). See: https://www.npmjs.com/package/http-errors
• Remove res.redirect('back'), add back() method to ctx #1115
• Replace node querystring with URLSearchParams #1828
• Remove obsolete createAsyncCtxStorageMiddleware #1817

features

• Add support for web WHATWG #1830

updates

• Update cookies to ~0.9.1 #1846
• Update statuses to ^2.0.1
• Update supertest to ^7.0.0 #1841

fixes

• Fix exports.defaults in package.json #1630
• Fix leaky handles in tests #1838
• Fix body null checks #1814
• Fix reformatting redirect URLs #1805 #1804
• Fix passing ctx in error handler #1758

migrations

• Migrate from jest to the native node test runner #1845

3.0.0-alpha.1 / 2023-04-12

fixes

• [e98b8d1] - fix: can not get currentContext in error handler (#1758) (Gxkl <gxkl203@gmail.com>)

3.0.0-alpha.0 / 2023-01-02

Breaking Changes

... (truncated)

Commits

• c5a52e0 3.1.2
• 55ab9ba Merge commit from fork
• fecd464 build(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 (#1922)
• d2066cf build(deps): bump content-disposition from 0.5.4 to 1.0.1 (#1917)
• 8694a06 docs: use correct term "Server-Sent Events" in guide (#1920)
• 096682b build(deps): bump mime-types from 3.0.1 to 3.0.2 (#1918)
• 8215c2e build(deps): bump http-errors from 2.0.0 to 2.0.1 (#1919)
• cfe5ec6 build(deps-dev): bump qs from 6.14.0 to 6.14.1 (#1921)
• 0a6afa5 fix: typo in troubleshooting.md (#1916)
• 2e52fb5 3.1.1
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for koa since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

[cursor]

Type definitions not updated for Koa major version bump

Medium Severity

koa was bumped from v2 to v3 (a major version with breaking API changes), but @types/koa remains at 2.15.0. The correct types for Koa 3.x are @types/koa@3.0.0+. This mismatch means TypeScript will type-check against the v2 API surface while the runtime uses v3, potentially masking real incompatibilities introduced by breaking changes like the switch from querystring to URLSearchParams and changes to ctx.throw signature.