[Snyk] Security upgrade mocha-jenkins-reporter from 0.4.1 to 0.4.3 - Githubissues

wix-incubator / mocha-env-reporter

10 stars 1 forks source link

[Snyk] Security upgrade mocha-jenkins-reporter from 0.4.1 to 0.4.3 #18

Open snyk-bot opened 4 years ago

snyk-bot commented 4 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change	Exploit Maturity
	Prototype Pollution SNYK-JS-MINIMIST-559764	No	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOCHA-561476	No	No Known Exploit

Commit messages

Package name: mocha-jenkins-reporter

The new version differs by 8 commits.

c4ad366 Update version number to 0.4.3
b12abe1 also update mocha
16c2ba3 update mkdirp to fix security issue
93e5b23 [misc] fix the dependency relation with mocha
d313c64 Update version number to 0.4.2.
cb036cc Upgrade eslint to avoid a vulnerability warning.
da16815 Upgrade diff to the latest version, should be compatible.
70a7625 Remove invalid characters from failure message.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:

🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic