Any reason for mocha to be in `dependencies`

[prabinv]

We are using material-icons-react in our project, on which we run the security tool Snyk. We see reports of High Severity Vulnerability of a dependency of mocha@2.5.3 (growl@1.9.2). The mocha dependency, although only used for testing, is added both in the dependencies and devDependencies section. Is there a reason for mocha to be a source dependency?

[sithumn]

Hi,

There's no reason at all. Thanks for pointing out.

I'll fix it and release the component. Also there will be some spelling mistake corrections. For an example

colorPalett will be

colorPalette

On Mon, Jul 23, 2018 at 9:05 PM Prabin Varma notifications@github.com wrote:

We are using material-icons-react in our project, on which we run the security tool Snyk https://snyk.io/. We see reports of High Severity Vulnerability of a dependency of mocha@2.5.3 (growl@1.9.2). The mocha dependency, although only used for testing, is added both in the dependencies and devDependencies section. Is there a reason for mocha to be a source dependency?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/logtrace/material-icons-react/issues/14, or mute the thread https://github.com/notifications/unsubscribe-auth/ALOVe_WqLUoDQ4YO5JIYWoP9zF16HThKks5uJh5mgaJpZM4Vbh6r .

[prabinv]

Thank you @sithumn for your quick response. Appreciate your work on this, and thanks again for fixing this issue for us. I should have put in a PR, but I thought I'd check if there is any reason to have mocha in the dependencies. Thanks again for the fix.

[sithumn]

@prabinv I've removed the unnecessary dependencies and released the module. Please get v1.0.1 from npm.