Skip to content
This repository has been archived by the owner on Mar 25, 2021. It is now read-only.

[enhancement] Update mocha from v3.2.0 to v6.1.3 #4669

Merged
merged 1 commit into from Apr 17, 2019

Conversation

bjornstar
Copy link
Contributor

@bjornstar bjornstar commented Apr 17, 2019

PR checklist

  • New feature, bugfix, or enhancement

Overview of change:

Update mocha from v3.2.0 to v6.1.3
Update @types/mocha from v2.2.35 to v5.2.6

Is there anything you'd like reviewers to focus on?

This addresses the following security audit issues related to mocha:

                       === npm audit security report ===                        
                                                                                
# Run  npm install --save-dev mocha@6.1.3  to resolve 2 vulnerabilities
SEMVER WARNING: Recommended action is a potentially breaking change
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Regular Expression Denial of Service                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ debug                                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ mocha [dev]                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ mocha > debug                                                │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/534                             │
└───────────────┴──────────────────────────────────────────────────────────────┘


┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Critical      │ Command Injection                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ growl                                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ mocha [dev]                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ mocha > growl                                                │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/146                             │
└───────────────┴──────────────────────────────────────────────────────────────┘

CHANGELOG.md entry:

[chore] Update mocha from v3.2.0 to v6.1.3

Copy link
Contributor

@adidahiya adidahiya left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lint and lockfile issues... but otherwise upgrading mocha sounds like a good idea

@bjornstar
Copy link
Contributor Author

Done!

@adidahiya
Copy link
Contributor

nice, thanks!

@adidahiya adidahiya merged commit 2720cf3 into palantir:master Apr 17, 2019
@adidahiya adidahiya mentioned this pull request May 30, 2019
@bjornstar bjornstar deleted the update-mocha branch April 12, 2021 04:49
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants