Upgrade mocha

[sokra]

(+) 2 vulnerabilities found
 Name    Installed   Patched                        Path                                                                          More Info
 debug   2.6.8       >= 2.6.9 < 3.0.0 || >= 3.1.0   jest-runner-mocha@0.4.0 > mocha@3.5.0 > debug@2.6.8   https://nodesecurity.io/advisories/534
 growl   1.9.2       >=1.10.2                       jest-runner-mocha@0.4.0 > mocha@3.5.0 > growl@1.9.2   https://nodesecurity.io/advisories/146

Maybe you shouldn't use pinned dependencies in your package.json.

[ljharb]

Please don’t use mocha 4+ tho; it drops support for older nodes.

[jehy]

Current mocha version is 7+ already, I suppose it is time to drop support for old node versions and make a major release :)

[ljharb]

I'd prefer not to ever drop support for mocha 3; older nodes still need testing.

[jehy]

I'd prefer not to ever drop support for mocha 3; older nodes still need testing.

Why not leave support for old mocha in 0.x version?

Mocha and jest currently only support node 8+ so dropping support in major versions makes sense to me. And even node 8 is currently running to end of life.

I am not talking about updates for the sake of updates - but mocha 3 misses some really great features - like handling unhandled exceptions, for example.

If you still think that it is not necessary - may be we can add option to inject custom mocha instance, for example? Or use it as a peerDependency and allow user to install any mocha version he wants?

[ljharb]

EOL is irrelevant; node's support of a version has no direct bearing on users' use of it.

(You can handle unhandled exceptions manually using onUncaughtException in node in any mocha version)