update minimist dependency to require a minimum version of 1.2.3

[franktopel]

This addresses https://npmjs.com/advisories/1179, specifically https://github.com/karma-runner/karma-mocha/issues/214

[googlebot]

Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

:memo: Please visit https://cla.developers.google.com/ to sign.

Once you've signed (or fixed any issues), please reply here with @googlebot I signed it! and we'll verify it.

---

What to do if you already signed the CLA

Individual signers

• It's possible we don't have your GitHub username or you're using a different email address on your commit. Check your existing CLA data and verify that your email is set on your git commits.

Corporate signers

• Your company has a Point of Contact who decides which employees are authorized to participate. Ask your POC to be added to the group of authorized contributors. If you don't know who your Point of Contact is, direct the Google project maintainer to go/cla#troubleshoot (Public version).
• The email used to register you as an authorized contributor must be the email used for the Git commit. Check your existing CLA data and verify that your email is set on your git commits.
• The email used to register you as an authorized contributor must also be attached to your GitHub account.

ℹ️ Googlers: Go here for more info.

[franktopel]

@googlebot I signed it!

[googlebot]

CLAs look good, thanks!

ℹ️ Googlers: Go here for more info.

[johnjbarton]

I guess you need to rebase on master to trigger tests on node 10 + 12.

[franktopel]

@johnjbarton I'm not too familiar yet with the processes. Can you elaborate on what I need to do?

What I have done so far:

1. Forked https://github.com/karma-runner/karma-mocha
2. Upped the dependency of minimist to say "^1.2.3" rather than "1.2.0"
3. Upped the version number in package.json in the patch part.
4. Committed this directly to the master branch of my fork.
5. Issued a pull request on this repository.

Does this describe what I need to do?

[johnjbarton]

Those instructions are ok but overkill.
I don't know what happens if you use a master branch on a fork.
So I would create a branch:

# create a branch for the change
$ git checkout -b minimist-update
# go back to master
$ git checkout master
# erase the commit for the PR
$ git reset --hard HEAD~1

That leaves you with your commit on minimist-update and master with no extra commits. Then you need to rebase. I use the name upstream:

# add a repo named upstream
$ git remote add upstream git@github.com:karma-runner/karma-mocha.git
$ git pull -f upstream master

Now your master matches upstream master

# move to change branch
$ git checkout minimist-update
$ git rebase master
$ git push origin minimist-update

Now you have a new PR to create on github.

You might be able to do this without the branch but this is the workflow I know.

[googlebot]

All (the pull request submitter and all commit authors) CLAs are signed, but one or more commits were authored or co-authored by someone other than the pull request submitter.

We need to confirm that all authors are ok with their commits being contributed to this project. Please have them confirm that by leaving a comment that contains only @googlebot I consent. in this pull request.

Note to project maintainer: There may be cases where the author cannot leave a comment, or the comment is not properly detected as consent. In those cases, you can manually confirm consent of the commit author(s), and set the cla label to yes (if enabled on your project).

ℹ️ Googlers: Go here for more info.

[franktopel]

Will try to do the rebasing thingy @johnjbarton suggested.

[franktopel]

@johnjbarton I've succesfully completed a rebased version of the PR: https://github.com/karma-runner/karma-mocha/pull/217

Thanks for your help.

[mbaumgartl]

Sorry for commenting to a closed pull request. But can somebody create a release including the latest changed, please?