twilio / twilio-voice-notification-app

Reference app built in ReactJS that demonstrates how to leverage Twilio Programmable Voice and Twilio SDKs to create a voice notification system.
Apache License 2.0
36 stars 26 forks source link

[Snyk] Security upgrade mocha from 8.2.0 to 9.1.2 #87

Closed twilio-product-security closed 2 years ago

twilio-product-security commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: mocha The new version differs by 109 commits.
  • 18a1055 build(v9.1.2): release
  • 011a5a4 fix: regex in 'update-authors.js'
  • 06f3f63 build(v9.1.2): update CHANGELOG [ci skip]
  • a87461c chore(deps): remove 'wide-align' (#4754)
  • c7f56d1 docs: how to use 'rootHooks' in the browser (#4755) [ci skip]
  • 8421974 fix(browser): stop using all global vars in 'browser-entry' (#4746)
  • 27bfc74 docs: add complete '--delay' example (#4744) [ci skip]
  • 4860738 chore(devDeps): update 'eslint' and its plugins (#4737)
  • abfddf8 docs: fix broken table width under 450 screen width (#4734)
  • 97b8470 chore(esm): remove code for Node versions <10 (#4736)
  • 654b5df build(v9.1.1): release
  • a26cca9 build(v9.1.1): update CHANGELOG [ci skip]
  • e975675 chore: update some devDependencies (#4733)
  • 9e0369b fix(parallel): 'XUNIT' and 'JSON' reporter crash (#4623)
  • 014e47a build(v9.1.0): release
  • 3a14b28 build(v9.1.0): update CHANGELOG [ci skip]
  • 171e211 feat(reporter): add output option to 'JSON' (#4607)
  • bbf0c11 feat: add new option 'fail-zero' (#4716)
  • 757b85d docs: improve 'grep()' and clarify docs (#4714)
  • f19d3ca docs: remove unsupported 'no-timeout' option (#4719) [ci skip]
  • 9f82ccb chore(gha): update 'stale.yml' (#4718) [ci skip]
  • 09ffc30 Set CSP on karma to prevent 'evalError' regression (#4706)
  • 02bf13d Update devDep '@ babel/preset-env' and pin 'regenerator-runtime' (#4707)
  • 54a5788 Add new option "node-option" (#4691)
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

ricardotwilio commented 2 years ago

Will update dependencies manually