Snyk has created this PR to upgrade chai from 4.2.0 to 4.3.4.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 5 versions ahead of your current version.
The recommended version was released 2 months ago, on 2021-03-12.
Not many changes have got in since the last release but this one contains a very important change (#1257) which will allow jest users to get better diffs. From this release onwards, jest users will be able to see which operator was used in their diffs. The operator is a property of the AssertionError thrown when assertions fail. This flag indicates what kind of comparison was made.
This is also an important change for plugin maintainers. Plugin maintainers will now have access to the operatorflag, which they can have access to through an utilmethod calledgetOperator`.
Thanks to all the amazing people that contributed to this release.
New Features
Allow contain.oneOf to take an array of possible values (@ voliva)
Snyk has created this PR to upgrade chai from 4.2.0 to 4.3.4.
The recommended version fixes:
SNYK-JS-PATHVAL-596926
Why? Proof of Concept exploit, CVSS 6
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: chai
-
4.3.4 - 2021-03-12
-
4.3.3 - 2021-03-03
-
4.3.2 - 2021-03-03
-
4.3.1 - 2021-03-02
-
4.3.0 - 2021-02-04
- Allow
- Adding operator attribute to assertion error (#1257) (@ rpgeeganage)
- The
- Add contains flag to oneOf documentation (@ voliva)
- Make sure that
- Add tests for
- Update mocha to version 6.1.4
- Add node v10 and v12 to ci (@ vieiralucas)
- Drop support for node v4, v6 and v9 (@ vieiralucas)
- Fix sauce config for headless chrome (@ meeber)
- Update dev dependencies (@ meeber)
- Removed phantomjs dependency (#1204)
-
4.2.0 - 2018-09-26 Read more
from chai GitHub release notesThis fixes broken inspect behavior with bigints (#1321) (#1383) thanks @ vapier
This reintroduces
Assertionas an export in the mjs file. See #1378 & #1375This fixes a regression in IE11. See #1380 & #1379
This releases fixed an engine incompatibility with 4.3.0
The 4.x.x series of releases will be compatible with Node 4.0. Please report any errors found in Node 4 as bugs, and they will be fixed.
The 5.x.x series, when released, will drop support for Node 4.0
This fix also ensures
pathvalis updated to1.1.1to fix CVE-2020-7751This is a minor release.
Not many changes have got in since the last release but this one contains a very important change (#1257) which will allow
jestusers to get better diffs. From this release onwards,jestusers will be able to see which operator was used in their diffs. Theoperatoris a property of theAssertionErrorthrown when assertions fail. This flag indicates what kind of comparison was made.This is also an important change for plugin maintainers. Plugin maintainers will now have access to the
operatorflag, which they can have access to through anutilmethod calledgetOperator`.Thanks to all the amazing people that contributed to this release.
New Features
contain.oneOfto take an array of possible values (@ voliva)closeToerror message will now inform the user when adeltais required (@ eouw0o83hf)Docs
Tests
useProxyconfig is checked inoverwriteProperty(@ vieiralucas)contain.oneOf(@ voliva )Chores
Commit messages
Package name: chai
- ab41ed8 4.3.4
- 5b607a1 fix: support inspecting bigints (#1321) (#1383)
- dc858a0 chai@4.3.3
- b0f50f6 export chai.Assertion (#1378)
- 3b9bc7f chai@4.3.2
- 71245a3 Fixed a regression that caused SyntaxErrors on IE 11
- 8a24666 chai@4.3.1
- 9635906 chore: bump devdeps
- c8449d3 fix: package.json - pathval to 1.1.1 (CVE-2020-7751) (#1377)
- 7bc01d6 fix: bring min node version in line with still supported (#1374)
- 61feee1 docs: add non-nullable modifier to return type of functions never returning null (#1322)
- de12e40 feat: add exists alias (#1227)
- ad385b8 docs: correct doesNotDecreaseBy name (#1285) (#1286)
- 4ce3ca8 feat: add extra aliases for 'most' and 'least' (#1319)
- 77565f7 feat: add `also` language chain (#1324)
- 817284c feat: add "deep" flag in oneOf (#1334)
- 6c963d0 build: drop test for IE10 (#1353)
- f5c19e9 docs: fix missing arguments in `increasesButNotBy` (#1361)
- 6745d8c docs: fix JSDoc identation (#1355)
- 39dd113 chai@4.3.0
- 1044f68 chore: npm audit fix
- 23764f3 Fix JSDoc name (#1354)
- b91d0a8 fix: unbox BigInt primitives in shouldGetter (#1349)
- e54d834 test: replaced arrow function for IE support (#1348)
CompareNote: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs