build: update vulnerable dependencies

[barrett-schonefeld]

I updated to the latest version of Jest, which removes the dependency on set-value.

[padamstx]

@barrett-schonefeld The two dependabot alerts that we're seeing in the node core indicate that the following dependency upgrades need to be made:

1. semver-regex >=3.1.3 (there's actually a PR open for this change)
2. set-value >=4.0.1 (that would be a major version change, so not sure if that would break anything).

I don't think your proposed changes address either of those, do they? In fact, I'm not really seeing any version # changes at all... looks like the only changes are the removal of the "bundled" lines from package-lock.json.

I'll go ahead and merge in the semver-regex-related PR that was opened up by dependabot automatically, as that will at least address one of the vulnerabilities.

[barrett-schonefeld]

I don't think your proposed changes address either of those, do they?

Not initially, but now I updated Jest to the latest, which removes set-value as a dependency.

I'll go ahead and merge in the semver-regex-related PR that was opened up by dependabot automatically, as that will at least address one of the vulnerabilities.

I rebased after you merged the semver-regex work, so both vulnerabilities should be resolved.

[barrett-schonefeld]

Not initially, but now I updated Jest to the latest, which removes set-value as a dependency.

I need to update some of the tests to work with the latest version of Jest.

[barrett-schonefeld]

Removed the use of done in async tests because Jest@27 does not allow tests to both utilize done and return a promise.

For more information on this change, see this Jest issue.

[padamstx]

LGTM

[dpopp07]

Looks good! Thanks for doing this, Barrett. Glad to finally be rid of the redundant done() calls 🙂

[ibm-devx-sdk]

🎉 This PR is included in version 2.15.0 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀