search

mmanela / chutzpah

Chutzpah is an open source JavaScript test runner which enables you to run unit tests using QUnit, Jasmine, Mocha and TypeScript.
http://mmanela.github.io/chutzpah/
Apache License 2.0
550 stars 142 forks source link

Updating version of lodash to 14.17.15 #772

Closed carl-tanner closed 5 years ago

carl-tanner commented 5 years ago

Version of jsdom depends transitively on lodash 4.17.11 which has security vulnerabilities. The latest version of jsdom no longer has this problem.

mmanela commented 5 years ago

@carl-tanner This is a breaking change and can't be merged without a bunch more work. The newer versions of JSDOM have a brand new api which is a large change.

chutzpah.console.exe /engine JsDom /path Samples\Basic\Jasmine\chutzpah.json

fails with this change.

carl-tanner commented 5 years ago

I tried a more minimal change that just updates the lodash dependency to one without the vulnerability. Unit tests passed but I'm not sure how to fully test the change.

mmanela commented 5 years ago

Looks good to me