[Snyk] Upgrade mocha from 10.3.0 to 10.6.0 #2

hashim21223445 · 2024-07-29T04:18:52Z

Snyk has created this PR to upgrade mocha from 10.3.0 to 10.6.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 5 versions ahead of your current version.
The recommended version was released on a month ago.

Issues fixed by the recommended upgrade:

Issue	Score	Exploit Maturity
Uncaught Exception SNYK-JS-SOCKETIO-7278048	142	No Known Exploit
Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	142	Proof of Concept
Denial of Service (DoS) SNYK-JS-SOCKETIOPARSER-5596892	142	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536528	142	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536531	142	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579147	142	No Known Exploit
Uncaught Exception SNYK-JS-ENGINEIO-5496331	142	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-ES5EXT-6095076	142	Proof of Concept
Arbitrary File Write SNYK-JS-TAR-1579152	142	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579155	142	No Known Exploit
Denial of Service (DoS) SNYK-JS-WS-7266574	142	Proof of Concept
Denial of Service (DoS) SNYK-JS-WS-7266574	142	Proof of Concept
Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	142	Proof of Concept
Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	142	Proof of Concept
Open Redirect SNYK-JS-EXPRESS-6474509	142	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	142	No Known Exploit

Release notes

Package name: mocha

10.6.0 - 2024-07-02
What's Changed
- feat: allow ^ versions for character encoding packages by @ JoshuaKGoldberg in #5150
- feat: allow ^ versions for yargs packages by @ JoshuaKGoldberg in #5152
- feat: allow ^ versions for file matching packages by @ JoshuaKGoldberg in #5151
- feat: allow ^ versions for data serialization packages by @ JoshuaKGoldberg in #5153
- feat: allow ^ versions for miscellaneous packages by @ JoshuaKGoldberg in #5154
Full Changelog: v10.5.2...v10.6.0
10.5.2 - 2024-06-26
What's Changed
- fix: better tracking of seen objects in error serialization by @ sam-super in #5032
New Contributors
- @ sam-super made their first contribution in #5032
Full Changelog: v10.5.1...v10.5.2
10.5.1 - 2024-06-25
What's Changed
- fix: Add error handling for nonexistent file case with --file option by @ khoaHyh in #5086
New Contributors
- @ khoaHyh made their first contribution in #5086
Full Changelog: v10.5.0...v10.5.1
10.5.0 - 2024-06-24
🎉 Enhancements
- #5015 feat: use <progress> and <svg> for browser progress indicator instead of <canvas> (@ yourWaifu)
- #5143 feat: allow using any 3.x chokidar dependencies (@ simhnna)
- #4835 feat: add MOCHA_OPTIONS env variable (@ icholy)
🐛 Fixes
- #5107 fix: include stack in browser uncaught error reporting (@ JoshuaKGoldberg)
🔩 Other
- #5110 chore: switch two-column list styles to be opt-in (@ marjys)
- #5135 chore: fix some typos in comments (@ StevenMia)
- #5130 chore: rename 'master' to 'main' in docs and tooling (@ JoshuaKGoldberg)
10.4.0 - 2024-03-26
10.4.0 / 2024-03-26

🎉 Enhancements
- #4829 feat: include .cause stacks in the error stack traces (@ voxpelli)
- #4985 feat: add file path to xunit reporter (@ bmish)
🐛 Fixes
- #5074 fix: harden error handling in lib/cli/run.js (@ stalet)
🔩 Other
- #5077 chore: add mtfoley/pr-compliance-action (@ JoshuaKGoldberg)
- #5060 chore: migrate ESLint config to flat config (@ JoshuaKGoldberg)
- #5095 chore: revert #5069 to restore Netlify builds (@ voxpelli)
- #5097 docs: add sponsored to sponsorship link rels (@ JoshuaKGoldberg)
- #5093 chore: add 'status: in triage' label to issue templates and docs (@ JoshuaKGoldberg)
- #5083 docs: fix CHANGELOG.md headings to start with a root-level h1 (@ JoshuaKGoldberg)
- #5100 chore: fix header generation and production build crashes (@ JoshuaKGoldberg)
- #5104 chore: bump ESLint ecmaVersion to 2020 (@ JoshuaKGoldberg)
- #5116 fix: eleventy template builds crash with 'unexpected token at ": string, msg..."' (@ LcsK)
- #4869 docs: fix documentation concerning glob expansion on UNIX (@ binki)
- #5122 test: fix xunit integration test (@ voxpelli)
- #5123 chore: activate dependabot for workflows (@ voxpelli)
- #5125 build(deps): bump the github-actions group with 2 updates (@ dependabot)
10.3.0 - 2024-02-08
This is a stable release equivalent to v10.3.0-preminor.0.

What's Changed
- Fix deprecated warn gh actions by @ outsideris in #4962
- fix #4837 Update glob due to vulnerability in dep by @ jb2311 in #4970
- Add Node v19 to test matrix by @ juergba in #4974
- chore: fix the ci by @ Uzlopak in #5020
- update can-i-use by @ Uzlopak in #5021
- chore: remove uuid dev dependency by @ Uzlopak in #5022
- chore: remove nanoid as dependency by @ Uzlopak in #5024
- chore: remove touch as dev dependency by @ Uzlopak in #5023
- chore: remove stale workflow by @ JoshuaKGoldberg in #5029
- docs: fix fragment ID for yargs' "extends" documentation by @ Spencer-Doak in #4918
- docs: use mocha.js instead of mocha in the example run by @ nikolas in #4927
- docs: fix jsdoc return type of titlePath method by @ F3n67u in #4886
- docs: overhaul contributing and maintenance docs for end-of-year 2023 by @ JoshuaKGoldberg in #5038
- docs: touchups to labels and a template title post-revamp by @ JoshuaKGoldberg in #5050
- fix: add alt text to Built with Netlify badge by @ JoshuaKGoldberg in #5068
- chore: inline nyan reporter's write function by @ JoshuaKGoldberg in #5056
- chore: remove unnecessary canvas dependency by @ JoshuaKGoldberg in #5069
New Contributors
- @ jb2311 made their first contribution in #4970
- @ Uzlopak made their first contribution in #5020
- @ Spencer-Doak made their first contribution in #4918
- @ nikolas made their first contribution in #4927
- @ F3n67u made their first contribution in #4886
Full Changelog: v10.2.0...v10.3.0

from mocha GitHub release notes

Important

Check the changes in this PR to ensure they won't cause issues with your project.
This PR was automatically created by Snyk using the credentials of a real user.
Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

📜 Customise PR templates

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade mocha from 10.3.0 to 10.6.0. See this package in npm: mocha See this project in Snyk: https://app.snyk.io/org/hashim21223445/project/543b602b-7a0f-494e-9c69-555edfc5bc04?utm_source=github&utm_medium=referral&page=upgrade-pr

hashim21223445 merged commit 5429c6d into v1.x Aug 6, 2024
2 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade mocha from 10.3.0 to 10.6.0 #2

[Snyk] Upgrade mocha from 10.3.0 to 10.6.0 #2

hashim21223445 commented Jul 29, 2024

What's Changed

What's Changed

New Contributors

What's Changed

New Contributors

🎉 Enhancements

🐛 Fixes

🔩 Other

10.4.0 / 2024-03-26

🎉 Enhancements

🐛 Fixes

🔩 Other

What's Changed

New Contributors

[Snyk] Upgrade mocha from 10.3.0 to 10.6.0 #2

[Snyk] Upgrade mocha from 10.3.0 to 10.6.0 #2

Conversation

hashim21223445 commented Jul 29, 2024

Snyk has created this PR to upgrade mocha from 10.3.0 to 10.6.0.

Issues fixed by the recommended upgrade:

What's Changed

What's Changed

New Contributors

What's Changed

New Contributors

🎉 Enhancements

🐛 Fixes

🔩 Other

10.4.0 / 2024-03-26

🎉 Enhancements

🐛 Fixes

🔩 Other

What's Changed

New Contributors