Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade mocha from 4.1.0 to 6.2.1 #5

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

snyk-bot
Copy link

Snyk has created this PR to upgrade mocha from 4.1.0 to 6.2.1.

Warning: This is a major version upgrade, and may be a breaking change.

  • The recommended version is 21 versions ahead of your current version.
  • The recommended version was released a month ago, on 2019-09-29.

The recommended version fixes:

Severity Title Issue ID
Regular Expression Denial of Service (ReDoS) npm:diff:20180305
Release notes
  • Package name: mocha
    • 6.2.1 - 2019-09-29

      6.2.1 / 2019-09-29

      🐛 Fixes

      • #3955: tty.getWindowSize is not a function inside a "worker_threads" worker (@1999)
      • #3970: remove extraGlobals() (@juergba)
      • #3984: Update yargs-unparser to v1.6.0 (@juergba)
      • #3983: Package 'esm': spawn child-process for correct loading (@juergba)
      • #3986: Update yargs to v13.3.0 and yargs-parser to v13.1.1 (@juergba)

      📖 Documentation

    • 6.2.0 - 2019-07-18

      6.2.0 / 2019-07-18

      🎉 Enhancements

      🐛 Fixes

      📖 Documentation

      🔍 Coverage

      🔩 Other

    • 6.1.4 - 2019-04-18

      6.1.4 / 2019-04-18

      🔒 Security Fixes

    • 6.1.3 - 2019-04-12

      6.1.3 / 2019-04-11

      🐛 Fixes

    • 6.1.2 - 2019-04-08

      6.1.2 / 2019-04-08

      🐛 Fixes

      • #3867: Re-publish v6.1.1 from POSIX OS to avoid dropped executable flags (@boneskull)
    • 6.1.1 - 2019-04-07

      6.1.1 / 2019-04-07

      🐛 Fixes

    • 6.1.0 - 2019-04-07

      6.1.0 / 2019-04-07

      🔒 Security Fixes

      • #3845: Update dependency "js-yaml" to v3.13.0 per npm security advisory (@plroebuck)

      🎉 Enhancements

      • #3766: Make reporter constructor support optional options parameter (@plroebuck)
      • #3760: Add support for config files with .jsonc extension (@sstephant)

      📠 Deprecations

      These are soft-deprecated, and will emit a warning upon use. Support will be removed in (likely) the next major version of Mocha:

      🐛 Fixes

      • #3829: Use cwd-relative pathname to load config file (@plroebuck)
      • #3745: Fix async calls of this.skip() in "before each" hooks (@juergba)
      • #3669: Enable --allow-uncaught for uncaught exceptions thrown inside hooks (@givanse)

      and some regressions:

      📖 Documentation

      🔩 Other

      • #3830: Replace dependency "findup-sync" with "find-up" for faster startup (@cspotcode)
      • #3799: Update devDependencies to fix many npm vulnerabilities (@XhmikosR)
    • 6.0.2 - 2019-02-25

      6.0.2 / 2019-02-25

      🐛 Fixes

      Two more regressions fixed:

      • #3768: Test file paths no longer dropped from mocha.opts (@boneskull)
      • #3767: --require does not break on module names that look like certain node flags (@boneskull)
    • 6.0.1 - 2019-02-21

      6.0.1 / 2019-02-21

      The obligatory round of post-major-release bugfixes.

      🐛 Fixes

      These issues were regressions.

      • #3754 - Mocha again finds test.js when run without arguments (@plroebuck)
      • #3756 - Mocha again supports third-party interfaces via --ui (@boneskull)
      • #3755 - Fix broken --watch (@boneskull)
      • #3759 - Fix unwelcome deprecation notice when Mocha run against languages (CoffeeScript) with implicit return statements; returning a non-undefined value from a describe callback is no longer considered deprecated (@boneskull)

      📖 Documentation

    • 6.0.0 - 2019-02-18

      6.0.0 / 2019-02-18

      💥 Breaking Changes

      • #3149: Drop Node.js v4.x support (@outsideris)
      • #3556: Changes to command-line options (@boneskull):
        • --grep and --fgrep are now mutually exclusive; attempting to use both will cause Mocha to fail instead of simply ignoring --grep
        • --compilers is no longer supported; attempting to use will cause Mocha to fail with a link to more information
        • -d is no longer an alias for --debug; -d is currently ignored
        • #3275: --watch-extensions no longer implies js; it must be explicitly added (@TheDancingCode)
      • #2908: tap reporter emits error messages (@chrmod)
      • #2819: When conditionally skipping in a before hook, subsequent before hooks and tests in nested suites are now skipped (@bannmoore)
      • #627: Emit filepath in "timeout exceeded" exceptions where applicable (@boneskull)
      • #3556: lib/template.html has moved to lib/browser/template.html (@boneskull)
      • #2576: An exception is now thrown if Mocha fails to parse or find a mocha.opts at a user-specified path (@plroebuck)
      • #3458: Instantiating a Base-extending reporter without a Runner parameter will throw an exception (@craigtaub)
      • #3125: For consumers of Mocha's programmatic API, all exceptions thrown from Mocha now have a code property (and some will have additional metadata). Some Error messages have changed. Please use the code property to check Error types instead of the message property; these descriptions will be localized in the future. (@craigtaub)

      📠 Deprecations

      These are soft-deprecated, and will emit a warning upon use. Support will be removed in (likely) the next major version of Mocha:

      • -gc users should use --gc-global instead
      • Consumers of the function exported by bin/options should now use the loadMochaOpts or loadOptions (preferred) functions exported by the lib/cli/options module

      Regarding the Mocha class constructor (from lib/mocha):

      • Use property color: false instead of useColors: false
      • Use property timeout: false instead of enableTimeouts: false

      All of the above deprecations were introduced by #3556.

      mocha.opts is now considered "legacy"; please prefer RC file or package.json over mocha.opts.

      🎉 Enhancements

      Enhancements introduced in #3556:

      • Mocha now supports "RC" files in JS, JSON, YAML, or package.json-based (using mocha property) format

        • .mocharc.js, .mocharc.json, .mocharc.yaml or .mocharc.yml are valid "rc" file names and will be automatically loaded
        • Use --config /path/to/rc/file to specify an explicit path
        • Use --package /path/to/package.json to specify an explicit package.json to read the mocha prop from
        • Use --no-config or --no-package to completely disable loading of configuration via RC file and package.json, respectively
        • Configurations are merged as applicable using the priority list:
          1. Command-line arguments
          2. RC file
          3. package.json
          4. mocha.opts
          5. Mocha's own defaults
        • Check out these example config files
      • Node/V8 flag support in mocha executable:

        • Support all allowed node flags as supported by the running version of node (also thanks to @demurgos)
        • Support any V8 flag by prepending --v8- to the flag name
        • All flags are also supported via config files, package.json properties, or mocha.opts
        • Debug-related flags (e.g., --inspect) now imply --no-timeouts
        • Use of e.g., --debug will automatically invoke --inspect if supported by running version of node
      • Support negation of any Mocha-specific command-line flag by prepending --no- to the flag name

      • Interfaces now have descriptions when listed using --interfaces flag

      • Mocha constructor supports all options

      • --extension is now an alias for --watch-extensions and affects non-watch-mode test runs as well. For example, to run only test/*.coffee (not test/*.js), you can do mocha --require coffee-script/register --extensions coffee.

      • #3552: tap reporter is now TAP13-capable (@plroebuck & @mollstam)

      • #3535: Mocha's version can now be queried programmatically via public property Mocha.prototype.version (@plroebuck)

      • #3428: xunit reporter shows diffs (@mlucool)

      • #2529: Runner now emits a retry event when tests are retried (reporters can listen for this) (@catdad)

      • #2962, #3111: In-browser notification support; warn about missing prereqs when --growl supplied (@plroebuck)

      🐛 Fixes

      📖 Documentation

      🔩 Other

    • 6.0.0-1 - 2019-01-02
        </li>
        <li>
          <b>6.0.0-0</b> - <a href="">2019-01-01</a>
          
        </li>
        <li>
          <b>5.2.0</b> - <a href="">2018-05-18</a>
          
        </li>
        <li>
          <b>5.1.1</b> - <a href="">2018-04-18</a>
          
        </li>
        <li>
          <b>5.1.0</b> - <a href="">2018-04-12</a>
          
        </li>
        <li>
          <b>5.0.5</b> - <a href="">2018-03-23</a>
          
        </li>
        <li>
          <b>5.0.4</b> - <a href="">2018-03-07</a>
          
        </li>
        <li>
          <b>5.0.3</b> - <a href="">2018-03-07</a>
          
        </li>
        <li>
          <b>5.0.2</b> - <a href="">2018-03-06</a>
          
        </li>
        <li>
          <b>5.0.1</b> - <a href="">2018-02-13</a>
          
        </li>
        <li>
          <b>5.0.0</b> - <a href="">2018-01-18</a>
          
        </li>
        <li>
          <b>4.1.0</b> - <a href="">2017-12-29</a>
          
        </li>
      </ul>
      
    • from [`mocha` GitHub Release Notes](https://github.com/mochajs/mocha/releases)
------------

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant