🚨 [security] Update mocha 10.2.0 → 10.5.2 (minor)

[depfu[bot]]

---

🚨 Your current dependencies have known security vulnerabilities 🚨

This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!

---

Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.

What changed?

✳️ mocha (10.2.0 → 10.5.2) · Repo · Changelog

Release Notes

10.5.2

What's Changed

• fix: better tracking of seen objects in error serialization by @sam-super in #5032

New Contributors

• @sam-super made their first contribution in #5032

Full Changelog: v10.5.1...v10.5.2

10.5.1

What's Changed

• fix: Add error handling for nonexistent file case with --file option by @khoaHyh in #5086

New Contributors

• @khoaHyh made their first contribution in #5086

Full Changelog: v10.5.0...v10.5.1

10.5.0

🎉 Enhancements

• #5015 feat: use <progress> and <svg> for browser progress indicator instead of <canvas> (@yourWaifu)
• #5143 feat: allow using any 3.x chokidar dependencies (@simhnna)
• #4835 feat: add MOCHA_OPTIONS env variable (@icholy)

🐛 Fixes

• #5107 fix: include stack in browser uncaught error reporting (@JoshuaKGoldberg)

🔩 Other

• #5110 chore: switch two-column list styles to be opt-in (@marjys)
• #5135 chore: fix some typos in comments (@StevenMia)
• #5130 chore: rename 'master' to 'main' in docs and tooling (@JoshuaKGoldberg)

10.4.0

10.4.0 / 2024-03-26

🎉 Enhancements

• #4829 feat: include .cause stacks in the error stack traces (@voxpelli)
• #4985 feat: add file path to xunit reporter (@bmish)

🐛 Fixes

• #5074 fix: harden error handling in lib/cli/run.js (@stalet)

🔩 Other

• #5077 chore: add mtfoley/pr-compliance-action (@JoshuaKGoldberg)
• #5060 chore: migrate ESLint config to flat config (@JoshuaKGoldberg)
• #5095 chore: revert #5069 to restore Netlify builds (@voxpelli)
• #5097 docs: add sponsored to sponsorship link rels (@JoshuaKGoldberg)
• #5093 chore: add 'status: in triage' label to issue templates and docs (@JoshuaKGoldberg)
• #5083 docs: fix CHANGELOG.md headings to start with a root-level h1 (@JoshuaKGoldberg)
• #5100 chore: fix header generation and production build crashes (@JoshuaKGoldberg)
• #5104 chore: bump ESLint ecmaVersion to 2020 (@JoshuaKGoldberg)
• #5116 fix: eleventy template builds crash with 'unexpected token at ": string, msg..."' (@LcsK)
• #4869 docs: fix documentation concerning glob expansion on UNIX (@binki)
• #5122 test: fix xunit integration test (@voxpelli)
• #5123 chore: activate dependabot for workflows (@voxpelli)
• #5125 build(deps): bump the github-actions group with 2 updates (@dependabot)

10.3.0

This is a stable release equivalent to v10.3.0-preminor.0.

What's Changed

• Fix deprecated warn gh actions by @outsideris in #4962
• fix #4837 Update glob due to vulnerability in dep by @jb2311 in #4970
• Add Node v19 to test matrix by @juergba in #4974
• chore: fix the ci by @Uzlopak in #5020
• update can-i-use by @Uzlopak in #5021
• chore: remove uuid dev dependency by @Uzlopak in #5022
• chore: remove nanoid as dependency by @Uzlopak in #5024
• chore: remove touch as dev dependency by @Uzlopak in #5023
• chore: remove stale workflow by @JoshuaKGoldberg in #5029
• docs: fix fragment ID for yargs' "extends" documentation by @Spencer-Doak in #4918
• docs: use mocha.js instead of mocha in the example run by @nikolas in #4927
• docs: fix jsdoc return type of titlePath method by @F3n67u in #4886
• docs: overhaul contributing and maintenance docs for end-of-year 2023 by @JoshuaKGoldberg in #5038
• docs: touchups to labels and a template title post-revamp by @JoshuaKGoldberg in #5050
• fix: add alt text to Built with Netlify badge by @JoshuaKGoldberg in #5068
• chore: inline nyan reporter's write function by @JoshuaKGoldberg in #5056
• chore: remove unnecessary canvas dependency by @JoshuaKGoldberg in #5069

New Contributors

• @jb2311 made their first contribution in #4970
• @Uzlopak made their first contribution in #5020
• @Spencer-Doak made their first contribution in #4918
• @nikolas made their first contribution in #4927
• @F3n67u made their first contribution in #4886

Full Changelog: v10.2.0...v10.3.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 55 commits:

• Release 10.5.2
• docs: add 10.5.2 to CHANGELOG.md
• fix: better tracking of seen objects in error serialization (#5032)
• Release v10.5.1
• docs: add 10.5.1 to CHANGELOG.md
• fix: Add error handling for nonexistent file case with --file option (#5086)
• Release v10.5.0
• Docs: add 10.5.0 to CHANGELOG.md
• chore: rename 'master' to 'main' in docs and tooling (#5130)
• fix: include stack in browser uncaught error reporting (#5107)
• chore: switch two-column list styles to be opt-in (#5110)
• chore: allow blank issues (#5157)
• chore: remove `husky` for now (#5127)
• feat: add MOCHA_OPTIONS env variable (#4835)
• chore: allow using any 3.x chokidar dependencies (#5143)
• chore: fix some typos in comments (#5135)
• feat: use <progress> and <svg> for browser progress indicator instead of <canvas> (#5015)
• Release v10.4.0
• build(deps): bump the github-actions group with 2 updates (#5125)
• chore: activate dependabot for workflows (#5123)
• fix: harden error handling in `lib/cli/run.js` (#5074)
• fix: xunit integration test (#5122)
• docs: fix documentation concerning glob expansion on UNIX (#4869)
• feat: add file path to xunit reporter (#4985)
• fix: closes #5115 (#5116)
• feat: include `.cause` stacks in the error stack traces (#4829)
• chore: bump ESLint ecmaVersion to 2020 (#5104)
• chore: fix header generation and production build crashes (#5100)
• docs: fix CHANGELOG.md headings to start with a root-level h1 (#5083)
• chore: add 'status: in triage' label to issue templates and docs (#5093)
• docs: add sponsored to sponsorship link rels (#5097)
• chore: revert #5069 to restore Netlify builds (#5095)
• chore: migrate ESLint config to flat config (#5060)
• Release v10.3.0
• docs: add 10.3.0 to CHANGELOG.md
• Release v10.3.0-preminor.0
• chore: add mtfoley/pr-compliance-action (#5077)
• chore: fix link in pull request template (#5091)
• chore: remove unnecessary canvas dependency (#5069)
• chore: inline nyan reporter's write function (#5056)
• fix: add alt text to Built with Netlify badge (#5068)
• docs: touchups to labels and a template title post-revamp (#5050)
• docs: overhaul contributing and maintenance docs for end-of-year 2023 (#5038)
• docs: fix return jsdoc type of `titlePath` (#4886)
• docs: use mocha.js instead of mocha in the example run (#4927)
• docs: fix fragment ID for yargs.js `extends` docs (#4918)
• chore: remove stale workflow (#5029)
• chore: remove touch as dev dependency (#5023)
• chore: remove nanoid as dependency (#5024)
• chore: remove uuid dev dependency (#5022)
• update can-i-use (#5021)
• chore: fix the ci (#5020)
• chore(ci): add Node v19 to test matrix (#4974)
• chore(deps): update 'glob' to v8 (#4970)
• Fix deprecated warn gh actions (#4962)

↗️ binary-extensions (indirect, 2.2.0 → 2.3.0) · Repo

Release Notes

2.3.0

• Add afdesign, afphoto, and afpub (#30) 11b0135

v2.2.0...v2.3.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 3 commits:

• 2.3.0
• Meta tweaks
• Add `afdesign`, `afphoto`, and `afpub` (#30)

↗️ braces (indirect, 3.0.2 → 3.0.3) · Repo · Changelog

Security Advisories 🚨

🚨 Uncontrolled resource consumption in braces

The NPM package braces fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In lib/parse.js, if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.

Commits

See the full diff on Github. The new version differs by 12 commits:

• 3.0.3
• update eslint. lint, fix unit tests.
• Snyk js braces 6838727 (#40)
• fix tests, skip 1 test in test/braces.expand
• readme bump
• Merge pull request #37 from coderaiser/fix/vulnerability
• feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/36#issuecomment-2110820796)
• fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
• remove funding file
• update keepEscaping doc (#27)
• Failing test cases for issue \#29 (#30)
• Create FUNDING.yml

↗️ chokidar (indirect, 3.5.3 → 3.6.0) · Repo · Changelog

Release Notes

3.6.0

What's Changed

• fix readyCount logic by @JLHwung in #1288
• handle MustScanSubDirs by @MarcCelani-at in #1197
• update fs.FSWatcher types to satisfy nodejs versions >= 16; fixes #1299 by @ben-polinsky in #1300

New Contributors

• @Mutahhar made their first contribution in #1226
• @zqianem made their first contribution in #1242
• @JLHwung made their first contribution in #1288
• @MarcCelani-at made their first contribution in #1197
• @ben-polinsky made their first contribution in #1300

Full Changelog: 3.5.3...3.6.0

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by 22 commits:

• Release 3.6.0.
• Add github ci autopublish
• Merge pull request #1300 from ben-polinsky/fix-fswatcher-types-1299
• fix formatting
• update fs.FSWatcher types to satisfy node versions >= 16; fixes #1299
• Merge pull request #1197 from MarcCelani-at/handleMustScanSubDirs
• Merge pull request #1288 from JLHwung/fix-ready-count
• ready call # is unfortunately platform specific
• fix readyCount logic
• Adjust funding field in pkg
• Enable GitHub Sponsors
• Merge pull request #1242 from zqianem/fix/tests
• Fix test case using unsupported option for Node 8
• Fix `close` tests
• Merge pull request #1226 from Mutahhar/patch-1
• Update README.md
• Merge pull request #1198 from XhmikosR/rm-unused-deps
• Merge pull request #1199 from XhmikosR/patch-1
• Update CI config
• Remove unused devDependencies
• move to constants
• handle MustScanSubDirs

↗️ fill-range (indirect, 7.0.1 → 7.1.1) · Repo

Commits

See the full diff on Github. The new version differs by 7 commits:

• 7.1.1
• ensure that maxLen is passed down, to handle zero-padding
• update eslint. lint.
• Delete FUNDING.yml
• Create FUNDING.yml
• 7.0.1
• fix regressions

🆕 css-what (added, 2.1.3)

🆕 json-schema (added, 0.2.3)

🆕 nth-check (added, 1.0.2)

🆕 postcss (added, 7.0.39)

🆕 qs (added, 6.5.3)

🆕 sanitize-html (added, 1.27.5)

🗑️ call-bind (removed)

🗑️ get-intrinsic (removed)

🗑️ has-proto (removed)

🗑️ has-symbols (removed)

🗑️ is-plain-object (removed)

🗑️ nanoid (removed)

🗑️ object-inspect (removed)

🗑️ side-channel (removed)

🗑️ source-map-js (removed)

---

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands

@​depfu rebase

Rebases against your default branch and redoes this update

@​depfu recreate

Recreates this PR, overwriting any edits that you've made to it

@​depfu merge

Merges this PR once your tests are passing and conflicts are resolved

@​depfu cancel merge

Cancels automatic merging of this PR

@​depfu close

Closes this PR and deletes the branch

@​depfu reopen

Restores the branch and reopens this PR (if it's closed)

@​depfu pause

Ignores all future updates for this dependency and closes this PR

@​depfu pause [minor|major]

Ignores all future minor/major updates for this dependency and closes this PR

@​depfu resume

Future versions of this dependency will create PRs again (leaves this PR as is)

[depfu[bot]]

Closed in favor of #361.

[depfu[bot]]

Closed in favor of #361.