dependabot-preview[bot]
commented
5 years ago Looks like mocha is up-to-date now, so this is no longer needed.
Closed dependabot-preview[bot] closed 5 years ago
dependabot-preview[bot]
commented
5 years ago Looks like mocha is up-to-date now, so this is no longer needed.
Updates the requirements on mocha to permit the latest version.
Release notes
*Sourced from [mocha's releases](https://github.com/mochajs/mocha/releases).* > ## v6.1.4 > # 6.1.4 / 2019-04-18 > > ## :lock: Security Fixes > > - [#3877](https://github-redirect.dependabot.com/mochajs/mocha/issues/3877): Upgrade [js-yaml](https://npm.im/js-yaml), addressing [code injection vulnerability](https://www.npmjs.com/advisories/813) ([**[@bjornstar](https://github.com/bjornstar)**](https://github.com/bjornstar))Changelog
*Sourced from [mocha's changelog](https://github.com/mochajs/mocha/blob/master/CHANGELOG.md).* > # 6.1.4 / 2019-04-18 > > ## :lock: Security Fixes > > - [#3877](https://github-redirect.dependabot.com/mochajs/mocha/issues/3877): Upgrade [js-yaml](https://npm.im/js-yaml), addressing [code injection vulnerability](https://www.npmjs.com/advisories/813) ([**[@bjornstar](https://github.com/bjornstar)**](https://github.com/bjornstar)) > > # 6.1.3 / 2019-04-11 > > ## :bug: Fixes > > - [#3863](https://github-redirect.dependabot.com/mochajs/mocha/issues/3863): Fix `yargs`-related global scope pollution ([**[@inukshuk](https://github.com/inukshuk)**](https://github.com/inukshuk)) > - [#3869](https://github-redirect.dependabot.com/mochajs/mocha/issues/3869): Fix failure when installed w/ `pnpm` ([**[@boneskull](https://github.com/boneskull)**](https://github.com/boneskull)) > > # 6.1.2 / 2019-04-08 > > ## :bug: Fixes > > - [#3867](https://github-redirect.dependabot.com/mochajs/mocha/issues/3867): Re-publish v6.1.1 from POSIX OS to avoid dropped executable flags ([**[@boneskull](https://github.com/boneskull)**](https://github.com/boneskull)) > > # 6.1.1 / 2019-04-07 > > ## :bug: Fixes > > - [#3866](https://github-redirect.dependabot.com/mochajs/mocha/issues/3866): Fix Windows End-of-Line publishing issue ([**[@juergba](https://github.com/juergba)**](https://github.com/juergba) & [**[@cspotcode](https://github.com/cspotcode)**](https://github.com/cspotcode)) > > # 6.1.0 / 2019-04-07 > > ## :lock: Security Fixes > > - [#3845](https://github-redirect.dependabot.com/mochajs/mocha/issues/3845): Update dependency "js-yaml" to v3.13.0 per npm security advisory ([**[@plroebuck](https://github.com/plroebuck)**](https://github.com/plroebuck)) > > ## :tada: Enhancements > > - [#3766](https://github-redirect.dependabot.com/mochajs/mocha/issues/3766): Make reporter constructor support optional `options` parameter ([**[@plroebuck](https://github.com/plroebuck)**](https://github.com/plroebuck)) > - [#3760](https://github-redirect.dependabot.com/mochajs/mocha/issues/3760): Add support for config files with `.jsonc` extension ([**[@sstephant](https://github.com/sstephant)**](https://github.com/sstephant)) > > ## :fax: Deprecations > > These are _soft_-deprecated, and will emit a warning upon use. Support will be removed in (likely) the next major version of Mocha: > > - [#3719](https://github-redirect.dependabot.com/mochajs/mocha/issues/3719): Deprecate `this.skip()` for "after all" hooks ([**[@juergba](https://github.com/juergba)**](https://github.com/juergba)) > > ## :bug: Fixes > > - [#3829](https://github-redirect.dependabot.com/mochajs/mocha/issues/3829): Use cwd-relative pathname to load config file ([**[@plroebuck](https://github.com/plroebuck)**](https://github.com/plroebuck)) > - [#3745](https://github-redirect.dependabot.com/mochajs/mocha/issues/3745): Fix async calls of `this.skip()` in "before each" hooks ([**[@juergba](https://github.com/juergba)**](https://github.com/juergba)) > - [#3669](https://github-redirect.dependabot.com/mochajs/mocha/issues/3669): Enable `--allow-uncaught` for uncaught exceptions thrown inside hooks ([**[@givanse](https://github.com/givanse)**](https://github.com/givanse)) > > and some regressions: > > ... (truncated)Commits
- [`31c019e`](https://github.com/mochajs/mocha/commit/31c019e0fffb4e77b7191ac5882edbe15f581c0b) Release v6.1.4 - [`c3d241e`](https://github.com/mochajs/mocha/commit/c3d241ecedfafe3ee40329933f719b5fc880b63e) update CHANGELOG.md for v6.1.4 [ci skip] - [`0d9d4a3`](https://github.com/mochajs/mocha/commit/0d9d4a3e1bdf948adde23819c8816903906e7423) Update js-yaml from 3.13.0 to 3.13.1 ([#3877](https://github-redirect.dependabot.com/mochajs/mocha/issues/3877)) - [`f1fe632`](https://github.com/mochajs/mocha/commit/f1fe632a5aca224994fa8c1240be6852bec236a8) Release v6.1.3 - [`ae3d53f`](https://github.com/mochajs/mocha/commit/ae3d53f9bf859b6262ecf3ddfb88e8339576cb95) update CHANGELOG for v6.1.3 [ci skip] - [`e73941a`](https://github.com/mochajs/mocha/commit/e73941a60457a09149e5a212fcc4985de58358e1) upgrade node-environment-flags; closes [#3868](https://github-redirect.dependabot.com/mochajs/mocha/issues/3868) - [`5121211`](https://github.com/mochajs/mocha/commit/51212115c8f46d47b57ce9e65f054f83bc7a0acc) Do not pass argv twice - [`f05a58f`](https://github.com/mochajs/mocha/commit/f05a58f5616b7b184e905231ab25c6162bc268f4) Fix yargs global pollution - [`86cd699`](https://github.com/mochajs/mocha/commit/86cd699cfb6193cbb894433c4bc69c9e60208003) Release v6.1.2 - [`2e8f31f`](https://github.com/mochajs/mocha/commit/2e8f31f3ceef40c7df9f74727d9c57cce7ae9a69) update CHANGELOG for v6.1.2 - Additional commits viewable in [compare view](https://github.com/mochajs/mocha/compare/v5.2.0...v6.1.4)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.