In this pull request, I updated mocha to the latest version using npm install mocha@latest. This resolves several vulnerabilities related to outdated dependencies used by Mocha, including:
minimatch: ReDoS vulnerability (GHSA-f8q6-p94x-37v3)
minimist: Prototype Pollution vulnerability (GHSA-vh95-rmgr-6w4m, GHSA-xvch-5gv4-984h)
mkdirp: Dependencies that rely on vulnerable versions of minimist and minimatch.
By updating to the latest version of Mocha, these vulnerabilities are mitigated, improving the overall security of the project.
:x: The email address for the commit (110b577717b8a331907396d25c2c24d7741a3289) is not linked to the GitHub account, preventing the EasyCLA check. Consult this Help Article and GitHub Help to resolve. (To view the commit's email address, add .patch at the end of this PR page's URL.) For further assistance with EasyCLA, please submit a support request ticket.
In this pull request, I updated mocha to the latest version using npm install mocha@latest. This resolves several vulnerabilities related to outdated dependencies used by Mocha, including:
minimatch: ReDoS vulnerability (GHSA-f8q6-p94x-37v3) minimist: Prototype Pollution vulnerability (GHSA-vh95-rmgr-6w4m, GHSA-xvch-5gv4-984h) mkdirp: Dependencies that rely on vulnerable versions of minimist and minimatch. By updating to the latest version of Mocha, these vulnerabilities are mitigated, improving the overall security of the project.