Bump mocha to safe version

cgewecke / eth-gas-reporter

Gas usage per unit test. Average gas usage per method. A mocha reporter.

MIT License

603 stars 94 forks source link

Bump mocha to safe version #289

Closed markus0x1 closed 1 year ago

markus0x1 commented 1 year ago

Motivation

The current version of mocha uses a unsafe version of minimatch

Solution

Bump mocha

verify with

npm audit --production

markus0x1 commented 1 year ago

Hey @cgewecke, is there any way we can merge this? I would like to have these vulnerabilities fixed in my dependency graph. Related PR https://github.com/sc-forks/solidity-coverage/pull/768

milespossing commented 1 year ago

Hey is there an ETA on this? I just read through the PR and it appears sane to me. If there's anything I can do to expedite the process, please let me know

cgewecke commented 1 year ago

Thanks for this. Has been fixed (finally) via #295