Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade mocha from 2.5.3 to 3.5.0 #7

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade mocha from 2.5.3 to 3.5.0 #7

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
low severity 399/1000
Why? Has a fix available, CVSS 3.7		 Regular Expression Denial of Service (ReDoS)
npm:ms:20170412		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: mocha The new version differs by 250 commits.
  • 82d879f Release v3.5.0
  • bf687ce update mocha.js for v3.5.0
  • ec73c9a update date for release of v3.5.0 in CHANGELOG [ci skip]
  • 1ba2cfc update CHANGELOG.md for v3.5.0 [ci skip]
  • 065e14e remove custom install script from travis (no longer needed)
  • 4e87046 update karma-sauce-launcher URL for npm@5
  • 6886ccc increase timeout for slow-grepping test
  • 2408d90 Make dependencies use older version of readable-stream to work around incompatibilities introduced by 2.3.0 on June 19th
  • 68a1466 Try not clearing the env for debug in the integration test and see if that fixes Node 0.10 on AppVeyor; if need be, some other fix/workaround can be applied to handle whatever was up with debug without causing this issue
  • 958fbb4 Update new tests to work in browser per test hierarchy reorganization
  • 1df7c94 Merge pull request #2704 from seppevs/increase_test_coverage_of_mocha_js
  • 1f270cd Stop timing out (#2889)
  • 27c7496 upgrade to [email protected]; closes #2859 (#2860)
  • 50fc47d fix CI; closes #2867 (#2868)
  • 1b1377c Add test for ignoreLeaks and fix descriptions
  • a763592 Linting
  • ebb7b48 increase test coverage of mocha.js
  • 7647e18 Linting: enforce unix line endings. Closes #2800
  • f20de56 reorganize test hierarchy; closes #2838
  • 2bc9c4d Add --forbid-only and --forbid-pending options (#2696)
  • 2928b38 ignore lockfiles for now
  • 95cf2c4 fixed array test name in mocha/test/browser/index.html
  • c0b5990 Pass flags for NAPI modules
  • e00d27b Set Node.js v.8 as a default version

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

@snyk-bot
fix: package.json to reduce vulnerabilities
302847b 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/npm:ms:20170412
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot