Skip to content

Bump readable-stream from 3.6.1 to 4.7.0 #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump readable-stream from 3.6.1 to 4.7.0 #1

wants to merge 1 commit into from

Conversation

@robszumski
Copy link
Owner

@robszumski robszumski commented Jul 18, 2025

Bumps readable-stream from 3.6.1 to 4.7.0.

Release notes Sourced from readable-stream's releases.

No release notes provided.

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@robszumski
Bump readable-stream from 3.6.1 to 4.7.0
a2d81b1 
Bumps [readable-stream](https://github.com/nodejs/readable-stream) from 3.6.1 to 4.7.0.
- [Release notes](https://github.com/nodejs/readable-stream/releases)
- [Changelog](https://github.com/nodejs/readable-stream/blob/main/CHANGELOG.md)
- [Commits](nodejs/readable-stream@v3.6.1...v4.7.0)

---
updated-dependencies:
- dependency-name: readable-stream
  dependency-type: direct
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@robszumski
Copy link
Owner Author

robszumski commented Jul 18, 2025
edited
Loading

fossabot is Thinking

45 of ~45 steps completed

• ✅ Starting dependency impact analysis... completed successfully (5 steps)

✓ Safe to upgrade

I recommend merging this readable-stream v4.7.0 update. The most significant change is that autoDestroy now defaults to true, which will automatically clean up the Logger stream after end/finish events, improving resource management without requiring code changes. The update also removes Readable.fromWeb and Readable.toWeb methods and incorporates Node.js 18 streams implementation, but these changes don't affect the project's simple Logger class implementation.

  • Analyzed the Logger class in lib/util/logger.js to verify compatibility with the new autoDestroy default1
  • Searched the entire codebase for usage of removed Readable.fromWeb and Readable.toWeb methods2
  • Validated the Logger's stream implementation against Node.js 18 compatibility requirements3
  • Examined error handling patterns in the Logger to assess impact of updated error codes4

Change Details

✓ Safe Breaking Changes (8)
✓ readable-stream: autoDestroy option for readable streams now defaults to true instead of false, meaning streams will automatically call destroy() after end/finish events are emitted

Status: ✓ Safe - No impact detected

While the Logger class extends Readable, it doesn't explicitly configure autoDestroy and likely benefits from the new default behavior. The Logger's current implementation appears compatible with automatic cleanup after stream end/finish events. No breaking patterns found in the stream lifecycle management.

Validations (3)

  1. Logger class extends Readable but doesn't explicitly set autoDestroy option. Current implementation relies on manual lifecycle management.

  2. No explicit autoDestroy configuration found in the Logger implementation

  3. Confirmed breaking change affects 5277+ npm packages. Default change from false to true affects stream cleanup behavior.

Citations (2)

node-newrelic/lib/util/logger.js

Line 65 in a2d81b1

Readable.call(this)

Logger constructor calls parent Readable constructor without autoDestroy option, will inherit new default behavior which is likely compatible

Additional Citations:

Summary: Official Node.js commit showing the autoDestroy default change implementation

nodejs/node@4bec6d1

Change autoDestroy option default to true

✓ readable-stream: Updated to Node.js 18 streams implementation with breaking changes from Node v12-v18

Status: ✓ Safe - No impact detected

The Logger class uses standard stream patterns that are compatible with Node.js 18 implementation. No deprecated features or incompatible patterns found.

Validations (3)

  1. Logger class uses standard stream patterns (inherits, _read, push, pipe) that are compatible with Node.js 18 implementation

  2. No usage of deprecated thenable support or other removed features found

  3. readable-stream v4 is specifically designed to maintain compatibility while incorporating Node.js 18 changes

Citations (2)

node-newrelic/lib/util/logger.js

Line 58 in a2d81b1

util.inherits(Logger, Readable)

Standard inheritance pattern that remains compatible with Node.js 18 streams implementation

Additional Citations:

Summary: Official documentation confirming readable-stream v4 compatibility with Node.js 18

https://nearform.com/insights/introducing-readable-stream-4-0-0/

V4.x.x of readable-stream is a cut from Node 18. This version supports Node 12, 14, 16 and 18

✓ readable-stream: Error codes changes and updated error handling from Node v9-v10

Status: ✓ Safe - No impact detected

The Logger implementation doesn't rely on specific Node.js error codes from v9-v10 that would be affected by the changes. Error handling is basic and generic.

Validations (2)

  1. Logger has basic error handling in stringify operations but doesn't rely on specific error codes

  2. No specific Node.js error code handling found that would be affected by v9-v10 changes

Citations (1)

node-newrelic/lib/util/logger.js

Line 291 in a2d81b1

} catch {

Generic error handling that doesn't depend on specific error codes from Node v9-v10

✓ readable-stream: Readable event precedence over flowing behavior changes

Status: ✓ Safe - No impact detected

The Logger class implements standard readable stream patterns (_read, push) without complex event precedence dependencies that would be affected by this change.

Validations (2)

  1. Logger implements _read() method and uses push() for data flow. No explicit readable event listeners that would conflict with flowing behavior.

  2. Logger uses standard readable stream patterns without conflicting event precedence issues

Citations (1)

node-newrelic/lib/util/logger.js

Line 246 in a2d81b1

Logger.prototype._read = function _read() {

Standard _read implementation that follows proper readable stream patterns without event precedence conflicts

✓ readable-stream: Virtual methods errors consistency changes

Status: ✓ Safe - No impact detected

The Logger class properly implements required stream methods (_read) and doesn't rely on virtual method error handling patterns that would be affected by consistency changes.

Validations (2)

  1. Logger properly implements _read() method and doesn't rely on virtual method error handling

  2. No problematic virtual method patterns found in the Logger implementation

Citations (1)

node-newrelic/lib/util/logger.js

Line 246 in a2d81b1

Logger.prototype._read = function _read() {

Proper implementation of required _read method, not relying on virtual method error handling

✓ readable-stream: Writable.end return value changes (now returns this)

Status: ✓ Safe - No impact detected

The Logger class extends Readable, not Writable, so changes to Writable.end return values do not affect this implementation.

Validations (2)

  1. Logger extends Readable, not Writable. No direct usage of Writable.end found in the implementation.

  2. The Logger class is specifically a Readable stream implementation, not using Writable functionality

Citations (1)

node-newrelic/lib/util/logger.js

Line 10 in a2d81b1

const Readable = require('readable-stream')

Logger uses Readable streams only, not affected by Writable.end return value changes

✓ readable-stream: Readable continues to read when push('') behavior changes

Status: ✓ Safe - No impact detected

The Logger implementation doesn't use push('') empty string patterns, so changes to this behavior do not affect the code.

Validations (2)

  1. Logger uses push() with actual data (this.buffer) and doesn't use push('') empty string pattern

  2. No usage of push('') found in the Logger implementation

Citations (1)

node-newrelic/lib/util/logger.js

Line 248 in a2d81b1

this.reading = this.push(this.buffer)

Logger uses push() with actual data (buffer content), not empty strings, so unaffected by push('') behavior changes

✓ readable-stream: Removed Readable.fromWeb and Readable.toWeb methods

Status: ✓ Safe - No impact detected

The codebase does not use Readable.fromWeb or Readable.toWeb methods anywhere, so their removal has no impact on this project.

Validations (2)

  1. No usage of Readable.fromWeb or Readable.toWeb methods found in the codebase

  2. Methods were removed due to implementation problems. Community reported issues with webStreamsAdapters being undefined.

Citations (1)

Additional Citations:

Summary: GitHub issue documenting the implementation problems that led to removal of these methods

nodejs/readable-stream#482

Readable.fromWeb and Readable.toWeb do not seems to be properly implemented

Was this helpful? 👍 👎

Footnotes

  1. Found that the Logger extends Readable but doesn't explicitly configure autoDestroy, meaning it will inherit the new default behavior of automatic cleanup after stream completion, which aligns with proper resource management practices

  2. Confirmed zero usage of these methods across all files, so their removal has no impact on the project

  3. Verified that the Logger uses standard stream patterns (_read, push, pipe) that are fully compatible with the Node.js 18 streams implementation now incorporated in readable-stream v4

  4. Found only basic error handling in stringify operations with no dependencies on specific Node.js error codes from v9-v10 that would be affected by the changes

Repository owner deleted a comment from fossa-robszumski bot Jul 21, 2025
Repository owner deleted a comment from fossa-robszumski bot Jul 21, 2025
Repository owner deleted a comment from fossa-robszumski bot Jul 21, 2025
@robszumski
Copy link
Owner Author

robszumski commented Aug 30, 2025

@fossa-robszumski analyze --force

@fossa-robszumski
Copy link

fossa-robszumski bot commented Aug 30, 2025
edited
Loading

fossabot is Thinking

@fossa-robszumski
Copy link

fossa-robszumski bot commented Aug 30, 2025
edited
Loading

✓ Safe to upgrade

I recommend merging this update because the dependencies caused no impact for this update.

What I analyzed

✓ Found all breaking changes in the upgraded dependencies
✓ Analyzed usage patterns across your codebase
✓ Assessed impact on your specific usage patterns
✓ Confirmed no action required

Dependency Usage

No dependencies were analyzed in this repository.

fossabot examines dependency changes, understands usage patterns, and assesses the impact on your codebase through a combination of static analysis, deep dependency research, security metadata and AI.

@robszumski
Copy link
Owner Author

robszumski commented Sep 5, 2025

@fossa-robszumski analyze --force

@fossa-robszumski
Copy link

fossa-robszumski bot commented Sep 5, 2025
edited
Loading

fossabot Analysis Failed

@robszumski
Copy link
Owner Author

robszumski commented Sep 8, 2025

@fossa-robszumski analyze --force

@fossa-robszumski
Copy link

fossa-robszumski bot commented Sep 8, 2025
edited
Loading

fossabot Analysis Failed

@fossa-robszumski
Copy link

fossa-robszumski bot commented Sep 8, 2025

Analysis started…

I'm analyzing this upgrade PR which consists of:

  • readable-stream from 3.6.1 → 4.7.0

I'll update this comment with the results once the analysis is complete. This can take upwards of an hour depending on the complexity of the changes.

What I'm checking:

  • Find all breaking changes in the upgraded dependencies
    • Human-readable release notes, migration guides, etc.
    • Undeclared breaking changes through code analysis
  • Deep research to find impact on your codebase, based on how the dependencies are used
    • Static analysis and call graph processing
  • Provide upgrade recommendations or suggest a fix to adapt your code

fossabot analysis in progress.

@robszumski
Copy link
Owner Author

robszumski commented Sep 8, 2025

@fossabot analyze

@fossabot
Copy link

fossabot bot commented Sep 8, 2025

fossabot currently requires PRs to be created by Dependabot or Renovate.

Available commands:

  • @fossabot analyze - Analyzes a dependency update PR to identify breaking changes and their potential impact on your app.

@robszumski
Copy link
Owner Author

robszumski commented Sep 8, 2025

@fossabot analyze --force

@fossabot
Copy link

fossabot bot commented Sep 8, 2025
edited
Loading

✓ Safe to upgrade

I recommend merging this update because the dependencies caused no impact for this update.

  • I analyzed usage patterns across 1 file
  • I researched dependency changes and release notes

What I analyzed

✓ Found all breaking changes in the upgraded dependencies
✓ Analyzed 1 usage pattern across 1 file
✓ Assessed impact on your specific usage patterns
✓ Confirmed no action required

Dependency Usage

The readable-stream package is used in the logging utility to create a custom streaming logger that extends the Readable class. This implementation enables log entries to be buffered and piped to various output destinations while maintaining consistent stream behavior across different Node.js versions.

  • readable-stream at lib/util/logger.js:10: Based on the context, it appears that the code is importing the Readable stream module from 'readable-stream', likely to provide a cross-platform, consistent stream implementation for logging or data processing purposes.

Changes Summary

Found 1 important update

View all changes

readable-stream (3.6.1 → 4.7.0)
Important for you: The major version update from 3.6.1 to 4.7.0 removes numeric separator functionality in a breaking change. This represents a significant API modification that will require code updates for applications using the removed numeric separator feature.
Interesting changes: The major version update from 3.6.1 to 4.7.0 removes numeric separator functionality in a breaking change. This represents a significant API modification that will require code updates for applications using the removed numeric separator feature.

fossabot analyzed this PR using static analysis and dependency research.

@fossa-robszumski
Copy link

fossa-robszumski bot commented Sep 8, 2025
edited
Loading

fossabot Analysis Failed

@fossa-robszumski
Copy link

fossa-robszumski bot commented Sep 8, 2025
edited
Loading

Finding app impact…

I'll update this comment with the results once the impact analysis is complete.

Dependency changes

readable-stream (3.6.1 → 4.7.0)
Important for you: Removed numeric separator syntax from the codebase. This is a breaking change that may affect code relying on the previous numeric formatting behavior.
Interesting changes: This update adds Node.js 18.19.0 and 21.x support with updated CI workflows. The release removes Readable.fromWeb and Readable.toWeb methods, fixes ES5 compatibility issues, and adds string decoder as a dependency to improve module handling.

What I'm checking:

  • Deep research to find impact on your codebase, based on how the dependencies are used
    • Static analysis and call graph processing
  • Provide upgrade recommendations or suggest a fix to adapt your code

fossabot analysis in progress.

Repository owner deleted a comment from fossa-robszumski bot Sep 23, 2025
Repository owner deleted a comment from fossa-robszumski bot Sep 23, 2025
@fossa-robszumski
Copy link

fossa-robszumski bot commented Sep 23, 2025
edited
Loading

fossabot Analysis Failed

@fossa-robszumski
Copy link

fossa-robszumski bot commented Sep 23, 2025
edited
Loading

Finding app impact…

I'll update this comment with the results once the impact analysis is complete.

Dependency changes

readable-stream (3.6.1 → 4.7.0)
The major version update removes numeric separator functionality, which is a breaking change that may affect code relying on this feature. This is the only significant change in the upgrade from version 3.6.1 to 4.7.0. The major version update removes numeric separator functionality, which is a breaking change that may affect code relying on this feature. This is the only significant change in the upgrade from version 3.6.1 to 4.7.0.

What I'm checking:

  • Deep research to find impact on your codebase, based on how the dependencies are used
    • Static analysis and call graph processing
  • Provide upgrade recommendations or suggest a fix to adapt your code

fossabot analysis in progress.

@robszumski
Copy link
Owner Author

robszumski commented Sep 23, 2025

@fossa-robszumski analyze --force

@fossa-robszumski
Copy link

fossa-robszumski bot commented Sep 23, 2025
edited
Loading

fossabot Analysis Failed

@fossa-robszumski
Copy link

fossa-robszumski bot commented Sep 23, 2025
edited
Loading

Finding app impact…

I'll update this comment with the results once the impact analysis is complete.

Dependency changes

readable-stream (3.6.1 → 4.7.0)
The update removes numeric separators from the codebase, which represents a breaking change that may affect code compatibility. This is the only significant modification in the major version upgrade from 3.6.1 to 4.7.0. This update adds Node.js 20 and 21 support while removing Readable.fromWeb and Readable.toWeb methods. It fixes string decoder imports and improves ES5 compatibility along with performance optimizations for internal stream implementations.

What I'm checking:

  • Deep research to find impact on your codebase, based on how the dependencies are used
    • Static analysis and call graph processing
  • Provide upgrade recommendations or suggest a fix to adapt your code

fossabot analysis in progress.

@fossa-robszumski
Copy link

fossa-robszumski bot commented Sep 29, 2025
edited
Loading

fossabot Analysis Failed

@fossa-robszumski
Copy link

fossa-robszumski bot commented Sep 29, 2025
edited
Loading

Finding app impact…

I'll update this comment with the results once the impact analysis is complete.

Dependency changes

readable-stream (3.6.1 → 4.7.0)
The update removes numeric separator syntax from the codebase. This is a breaking change that affects code compatibility between versions 3.6.1 and 4.7.0.

What I'm checking:

  • Deep research to find impact on your codebase, based on how the dependencies are used
    • Static analysis and call graph processing
  • Provide upgrade recommendations or suggest a fix to adapt your code

fossabot analysis in progress.

@qiuchen-fossa
Copy link

qiuchen-fossa commented Oct 2, 2025
edited
Loading

fossabot Analysis Failed

@qiuchen-fossa
Copy link

qiuchen-fossa commented Oct 2, 2025
edited
Loading

Finding app impact…

I'll update this comment with the results once the impact analysis is complete.

Changes

Breaking Change Alert: readable-stream removes numeric separator syntax, requiring code updates. Additionally, the package fixes multiple import issues including string_decoder and removes Readable.fromWeb/toWeb methods, while adding support for newer Node.js runtimes and improving browser compatibility through better process-shim loading and globalThis usage.

What I'm checking:

  • Deep research to find impact on your codebase, based on how the dependencies are used
    • Static analysis and call graph processing
  • Provide upgrade recommendations or suggest a fix to adapt your code

fossabot analysis in progress.

@qiuchen-fossa
Copy link

qiuchen-fossa commented Oct 2, 2025
edited
Loading

Workflow Debug Information

Workflow: Unknown
Status: completed
Duration: 106h58m

LLM Usage Statistics

{
  "totalCalls": 24,
  "totalCost": "$1.4979",
  "totalTokens": 266980,
  "inputTokens": 203940,
  "outputTokens": 63040,
  "modelBreakdown": {
    "claude-3-5-haiku-20241022": {
      "calls": 18,
      "cost": 0.0054,
      "tokens": 9119
    },
    "claude-sonnet-4-5": {
      "calls": 3,
      "cost": 0.5666,
      "tokens": 98352
    },
    "claude-sonnet-4-20250514": {
      "calls": 3,
      "cost": 0.926,
      "tokens": 159509
    }
  }
}

Debug Information Paths

{
  "debugCache": "Not configured",
  "temporaryDirectory": "/tmp/fossabot/debug_cache/2025-10-02T16:27:47.798Z",
  "workflowLogs": "Not captured"
}

Key Workflow Outputs

{
  "mergedChanges": "Object with 1 keys"
}

Step Execution Summary

[
  {
    "step": "AcknowledgeTriggerComment",
    "status": "completed",
    "duration": "0.01s"
  },
  {
    "step": "ExtractGithubRepoDetails",
    "status": "completed",
    "duration": "0.01s"
  },
  {
    "step": "FetchIntegrationSecrets",
    "status": "completed",
    "duration": "0.01s"
  },
  {
    "step": "FetchPullRequestData",
    "status": "completed",
    "duration": "0.94s"
  },
  {
    "step": "StartEdgeBitAnalysis",
    "status": "completed",
    "duration": "0.01s"
  },
  {
    "step": "GetEdgeBitReferences",
    "status": "completed",
    "duration": "0.01s"
  },
  {
    "step": "CloneGithubRepository",
    "status": "completed",
    "duration": "7.02s"
  },
  {
    "step": "GetDependenciesMetadata",
    "status": "completed",
    "duration": "1.37s"
  },
  {
    "step": "CheckMaliciousPackages",
    "status": "completed",
    "duration": "1.13s"
  },
  {
    "step": "PublishInitialPRComment",
    "status": "completed",
    "duration": "1.07s"
  },
  {
    "step": "ClusterClassification",
    "status": "completed",
    "duration": "0.01s"
  },
  {
    "step": "LogClusterClassification",
    "status": "completed",
    "duration": "0.01s"
  },
  {
    "step": "ProcessDependencies",
    "status": "completed",
    "duration": "3.87s"
  },
  {
    "step": "ExtractDependencyChangeLogs",
    "status": "completed",
    "duration": "0.10s"
  },
  {
    "step": "FindPackageUsages",
    "status": "completed",
    "duration": "0.08s"
  },
  {
    "step": "ExtractUsagePatterns",
    "status": "completed",
    "duration": "0.02s"
  },
  {
    "step": "ExtractDependencyReleaseNotes",
    "status": "completed",
    "duration": "24.40s"
  },
  {
    "step": "MergeDependencyChanges",
    "status": "completed",
    "duration": "0.02s"
  },
  {
    "step": "EdgeBitAnalysis",
    "status": "completed",
    "duration": "0.01s"
  },
  {
    "step": "DetailedUsageAnalysis",
    "status": "completed",
    "duration": "30.77s"
  },
  {
    "step": "AnalyzeChanges",
    "status": "completed",
    "duration": "5.57s"
  },
  {
    "step": "PublishChangeSummary",
    "status": "completed",
    "duration": "2.25s"
  },
  {
    "step": "PublishUsageSummary",
    "status": "completed",
    "duration": "1.78s"
  },
  {
    "step": "WebSearchCollector",
    "status": "completed",
    "duration": "78.96s"
  },
  {
    "step": "EcosystemMetadataCollector",
    "status": "completed",
    "duration": "259.01s"
  },
  {
    "step": "ImpactSynthesis",
    "status": "completed",
    "duration": "96.06s"
  },
  {
    "step": "SendTrackingImpactResults",
    "status": "completed",
    "duration": "0.02s"
  },
  {
    "step": "PublishImpactSummary",
    "status": "completed",
    "duration": "1.72s"
  }
]

Debug information retained for analysis. This comment will remain for debugging purposes.

@qiuchen-fossa
Copy link

qiuchen-fossa commented Oct 2, 2025
edited
Loading

✓ Safe to upgrade

I recommend merging this upgrade because the codebase uses a minimal, compatible subset of the Readable stream API that is unaffected by breaking changes in version 4. The Logger class implements only basic streaming functionality (push, _read, pipe) using util.inherits inheritance pattern, which remains fully supported. The project already requires Node.js 18+, making it compatible with the Node.js stream changes that readable-stream 4 incorporates. While the dependency was targeted by a typosquatting campaign in February 2024, the legitimate package itself has no direct security vulnerabilities. The upgrade includes 8 new features and 9 bug fixes, improving stream reliability without requiring code changes.

What we checked

  • Dependency upgraded from ^3.6.1 to ^4.7.0 in production dependencies [1]
  • Single import point: uses require('readable-stream') to extend Readable class [2]
  • Uses util.inherits(Logger, Readable) - compatible inheritance pattern supported in v4 [3]
  • Calls Readable.call(this) without options - default behavior unchanged in v4 [4]
  • Implements _read() method using push() API - core functionality stable across versions [5]
  • Uses pipe() method for stream composition - standard API unchanged in v4 [6]
  • Requires Node.js >=18, aligning with readable-stream v4 which incorporates Node 18 stream changes [7]
  • Security note: While readable-stream was targeted by typosquatting in Feb 2024, the legitimate package has no direct vulnerabilities [8]
  • Version 4 breaking changes consist of Node.js 18 stream API updates, which are already supported by the project's Node.js >=18 requirement [9]

Dependency Usage

The readable-stream package is used exclusively in the logging infrastructure as a foundational component of the custom Logger class that extends Node.js Readable streams to provide buffered, streamable log output throughout the New Relic APM agent. This dependency enables the logging system to handle high-volume diagnostic data efficiently by implementing backpressure management and preventing memory overflow when log output exceeds buffer limits. The Logger class is instantiated widely across the entire agent codebase to support instrumentation, transaction tracing, error reporting, and telemetry collection functionality that underpins New Relic's application performance monitoring capabilities.

  • readable-stream: lib/util/logger.js:10 - In this context, the code is importing the Readable stream module from 'readable-stream', which provides a cross-environment compatible implementation of Node.js streams, likely to be used for creating or manipulating log streams in a consistent manner across different JavaScript environments.
Other Usages (1)

These usages were analyzed but no breaking changes were detected:

readable-stream

Changes

The readable-stream package has been upgraded with one breaking change: numeric separators have been removed from the codebase. This update includes nine bug fixes addressing import issues (string_decoder and stream package dependencies), browser compatibility (bigint literal syntax, browserify process-shim), and API corrections (removal of fromWeb/toWeb methods), along with updated Node.js core streams implementation.

View 30 more changes
References (9)

[1]: Dependency upgraded from ^3.6.1 to ^4.7.0 in production dependencies
https://github.com/robszumski/node-newrelic/blob/a2d81b1b03cfdbcafdda54e1635810093669a27d/private/tmp/fossabot/debug_cache/2025-10-02T16:27:47.798Z/robszumski-node-newrelic-pr1-1e88ab/repository/package.json#L220

[2]: Single import point: uses require('readable-stream') to extend Readable class
https://github.com/robszumski/node-newrelic/blob/a2d81b1b03cfdbcafdda54e1635810093669a27d/private/tmp/fossabot/debug_cache/2025-10-02T16:27:47.798Z/robszumski-node-newrelic-pr1-1e88ab/repository/lib/util/logger.js#L10

[3]: Uses util.inherits(Logger, Readable) - compatible inheritance pattern supported in v4
https://github.com/robszumski/node-newrelic/blob/a2d81b1b03cfdbcafdda54e1635810093669a27d/private/tmp/fossabot/debug_cache/2025-10-02T16:27:47.798Z/robszumski-node-newrelic-pr1-1e88ab/repository/lib/util/logger.js#L58

[4]: Calls Readable.call(this) without options - default behavior unchanged in v4
https://github.com/robszumski/node-newrelic/blob/a2d81b1b03cfdbcafdda54e1635810093669a27d/private/tmp/fossabot/debug_cache/2025-10-02T16:27:47.798Z/robszumski-node-newrelic-pr1-1e88ab/repository/lib/util/logger.js#L65

[5]: Implements _read() method using push() API - core functionality stable across versions
https://github.com/robszumski/node-newrelic/blob/a2d81b1b03cfdbcafdda54e1635810093669a27d/private/tmp/fossabot/debug_cache/2025-10-02T16:27:47.798Z/robszumski-node-newrelic-pr1-1e88ab/repository/lib/util/logger.js#L246

[6]: Uses pipe() method for stream composition - standard API unchanged in v4
https://github.com/robszumski/node-newrelic/blob/a2d81b1b03cfdbcafdda54e1635810093669a27d/private/tmp/fossabot/debug_cache/2025-10-02T16:27:47.798Z/robszumski-node-newrelic-pr1-1e88ab/repository/lib/util/logger.js#L80

[7]: Requires Node.js >=18, aligning with readable-stream v4 which incorporates Node 18 stream changes
https://github.com/robszumski/node-newrelic/blob/a2d81b1b03cfdbcafdda54e1635810093669a27d/private/tmp/fossabot/debug_cache/2025-10-02T16:27:47.798Z/robszumski-node-newrelic-pr1-1e88ab/repository/package.json#L154

[8]: Security note: While readable-stream was targeted by typosquatting in Feb 2024, the legitimate package has no direct vulnerabilities (source link)

[9]: Version 4 breaking changes consist of Node.js 18 stream API updates, which are already supported by the project's Node.js >=18 requirement (source link)

fossabot analyzed this PR using static analysis and dependency research.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@robszumski @qiuchen-fossa