[Snyk] Security upgrade mocha from 8.2.0 to 8.3.0

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- assets/vendor/mustache/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: mocha

The new version differs by 34 commits.

e1194ab Release v8.3.0
9e75153 update CHANGELOG for v8.3.0 [ci skip]
6dd12be match supporter's properties with supporter.js (#4569)
9f2dd41 docs: add example of generating tests with a closure (#4494)
9122909 Adds BigInt support to stringify util function (#4112)
9878f32 Add file location when SyntaxError happens in ESM (#4557)
84d0c96 Deps: update workerpool (#4566)
3c2f82f GH actions: purge-expired-artifacts.yml (#4565)
1a05ad7 chore(deps): upgrade all to latest stable (#4556)
c667d10 docs: fix javascript syntax errors (#4555)
6eb3c3c Update dependencies yargs and yargs-parser (#4543)
30d5b66 Fix workflow filter on pull-request event (#4550)
6bcb89e Improve CI tests workflow (#4547)
c21a90f Fix present year in LICENSE (#4542)
c3c976b fixes require path
bc8ce05 add test for this.test.error() behavior in "after each" hooks
78a41d1 Add GH Actions workflow status badge (#4503)
c6856ba add error code for test timeout errors
6d3fe26 add support for typescript-style docstrings
025fc2e run browser tests on GHA
b1f26e2 handful of improvements to integration tests
59f31e3 fix typo in comment [ci skip]
d1781b3 refactor collect-files to be a little more simple
185cada Release v8.2.1

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

mistaken-pull-closer[bot] commented 3 years ago

Thanks for your submission.

It appears that you've created a pull request using one of our repository's branches. Since this is almost always a mistake, we're going to go ahead and close this. If it was intentional, please let us know what you were intending and we can see about reopening it.

Thanks again!

pull-dog[bot] commented 3 years ago

*Ruff* :dog: I wasn't able to find any Docker Compose files in your repository at any of the given paths in the pull-dog.json configuration file, or the default docker-compose.yml file :weary: Make sure the given paths are correct.

Files checked:

docker-compose.yml

What is this?

Pull Dog is a GitHub app that makes test environments for your pull requests using Docker, from a `docker-compose.yml` file you specify. It takes 19 seconds to set up (we counted!) and there's a free plan available. Visit our website to learn more.

Commands

- `@pull-dog up` to reprovision or provision the server. - `@pull-dog down` to delete the provisioned server.

Troubleshooting

Need help? Don't hesitate to file an issue in our repository **Configuration** ```json { "isLazy": false, "dockerComposeYmlFilePaths": [ "docker-compose.yml" ], "expiry": "00:00:00", "conversationMode": "singleComment" } ``` **Trace ID** 581fc370-1772-11ec-858c-1ad889ba2e3a