firespring / givesource

Other
13 stars 2 forks source link

[Snyk] Security upgrade mocha from 5.2.0 to 6.0.0 #18

Closed snyk-bot closed 1 year ago

snyk-bot commented 4 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MOCHA-561476
Yes No Known Exploit
Commit messages
Package name: mocha The new version differs by 209 commits.
  • 42303e2 Release v6.0.0
  • a553ca7 punctuation updates for changelog v6.0.0
  • c710792 grammar updates for changelog v6.0.0
  • 9f9293a update changelog for v6.0.0
  • a540eb0 remove "projects" section from MAINTAINERS.md [ci skip]
  • 52b5c42 Uppercased JSON reporter name in `describe` title (#3739)
  • 82307fb Fix `.globals` to remove falsy values (#3737)
  • 56dc28e Remove unnecessary post-processing code having no effect; closes #3708 (#3733)
  • 16b4281 Documentation updates (#3728)
  • 5d9d3eb Update nyc
  • 118c9ae Refactor out usages of Suite#_onlyTests and Suite#_onlyTests (#3689) (#3707)
  • 0dacd1f Add ability to unload files from `require` cache (redux) (#3726)
  • 66a52f2 update release steps [ci skip]
  • 45ae014 Refactor `lookupFiles` and `files` (#3722)
  • 94c9320 fix --reporter-option to allow comma-separated options; closes #3706
  • 0f546fc Refactor checkGlobals() error message creation (#3711)
  • 2d21fd6 add missing user reference in CHANGELOG.md [ci skip]
  • 6cb4e27 add all changes since v6.0.0-1 to CHANGELOG.md [ci skip]
  • 186ca36 add createInvalidArgumentError(); see #3676 (#3677)
  • 3a7fa37 Revert 00ca06b0e957ec4f067268c98053782ac5dcb69f; closes #3414 (#3715)
  • 21ba5ce fix --inspect and its ilk; closes #3681 (#3699)
  • 52b9a5f refactor: use constants for event names instead of string literals
  • 29aa611 Eliminated variable shadowing from test event listeners (runner.spec.js) (#3712)
  • e01a54e update usage info in docs [ci skip]
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:

🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic