[Snyk] Upgrade mocha from 3.5.3 to 11.0.2 by snyk-io[bot] · Pull Request #22 · hashim21223445/eventsource

snyk-io · 2025-01-17T20:25:38Z

Snyk has created this PR to upgrade mocha from 3.5.3 to 11.0.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

The recommended version is 77 versions ahead of your current version.
The recommended version was released a month ago.

Issues fixed by the recommended upgrade:

Issue	Score	Exploit Maturity
Regular Expression Denial of Service (ReDoS) npm:diff:20180305	134	Proof of Concept
Prototype Pollution SNYK-JS-SETVALUE-1540541	134	Proof of Concept
Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	134	Proof of Concept
Remote Code Execution (RCE) SNYK-JS-HANDLEBARS-1056767	134	Proof of Concept
Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-8172694	134	No Known Exploit
Prototype Pollution SNYK-JS-LOADERUTILS-3043105	134	No Known Exploit
Prototype Pollution SNYK-JS-HANDLEBARS-173692	134	No Known Exploit
Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-8187303	134	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-ES5EXT-6095076	134	Proof of Concept
Prototype Pollution SNYK-JS-HANDLEBARS-174183	134	No Known Exploit
Prototype Pollution SNYK-JS-HANDLEBARS-469063	134	No Known Exploit
Code Injection SNYK-JS-LODASH-1040724	134	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-450202	134	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-567746	134	Proof of Concept
Denial of Service (DoS) SNYK-JS-HANDLEBARS-480388	134	No Known Exploit
Prototype Pollution SNYK-JS-LODASH-608086	134	Proof of Concept
Arbitrary Code Execution SNYK-JS-HANDLEBARS-534478	134	Proof of Concept
Prototype Pollution SNYK-JS-MIXINDEEP-450212	134	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-6139239	134	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-MOCHA-2863123	134	No Known Exploit
Prototype Pollution SNYK-JS-LODASH-73638	134	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-MOCHA-561476	134	No Known Exploit
Prototype Pollution SNYK-JS-SETVALUE-450213	134	Proof of Concept
Prototype Poisoning SNYK-JS-QS-3153490	134	Proof of Concept
Prototype Pollution SNYK-JS-Y18N-1021887	134	Proof of Concept
Prototype Pollution SNYK-JS-SETVALUE-1540541	134	Proof of Concept
Prototype Pollution SNYK-JS-SETVALUE-450213	134	Proof of Concept
Prototype Pollution SNYK-JS-ASYNC-2441827	134	Proof of Concept
Asymmetric Resource Consumption (Amplification) SNYK-JS-BODYPARSER-7926860	134	No Known Exploit
Improper Verification of Cryptographic Signature SNYK-JS-BROWSERIFYSIGN-6037026	134	No Known Exploit
Prototype Pollution SNYK-JS-HANDLEBARS-567742	134	Proof of Concept
Cross-site Scripting SNYK-JS-EXPRESS-7926867	134	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHTOREGEXP-8482416	134	Proof of Concept
Regular Expression Denial of Service (ReDoS) npm:debug:20170905	134	Proof of Concept
Arbitrary Code Injection npm:growl:20160721	134	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHTOREGEXP-7925106	134	Proof of Concept
Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577916	134	Proof of Concept
Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577917	134	Proof of Concept
Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577918	134	Proof of Concept
Prototype Pollution SNYK-JS-HANDLEBARS-1279029	134	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	134	No Known Exploit
Open Redirect SNYK-JS-EXPRESS-6474509	134	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	134	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	134	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	134	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-559764	134	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	134	Proof of Concept
Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088	134	No Known Exploit
Prototype Pollution SNYK-JS-JSONPOINTER-1577288	134	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	134	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	134	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	134	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	134	No Known Exploit
Cross-site Scripting (XSS) SNYK-JS-COOKIE-8163060	134	No Known Exploit
Prototype Pollution SNYK-JS-MINIMIST-2429795	134	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-2429795	134	Proof of Concept
Prototype Pollution SNYK-JS-HANDLEBARS-534988	134	No Known Exploit
Validation Bypass SNYK-JS-KINDOF-537849	134	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-WORDWRAP-3149973	134	Proof of Concept
Cross-site Scripting SNYK-JS-SEND-7926862	134	No Known Exploit
Cross-site Scripting SNYK-JS-SERVESTATIC-7926865	134	No Known Exploit
Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962463	134	Proof of Concept

Release notes

Package name: mocha

11.0.2 - 2024-12-09
11.0.2 (2024-12-09)

🩹 Fixes
- catch exceptions setting Error.stackTraceLimit (#5254) (259f8f8)
- error handling for unexpected numeric arguments passed to cli (#5263) (210d658)
📚 Documentation
- correct outdated status: accepting prs link (#5268) (f729cd0)
- replace "New in" with "Since" in version annotations (#5262) (6f10d12)
11.0.1 - 2024-12-02
11.0.1 (2024-12-02)

🌟 Features
- bumped glob dependency from 8 to 10 (#5250) (43c3157)
📚 Documentation
- fix examples for linkPartialObjects methods (#5255) (34e0e52)
11.0.0 - 2024-11-11
11.0.0 (2024-11-11)

⚠ BREAKING CHANGES
- adapt new engine range for Mocha 11 (#5216)
🌟 Features
- allow calling hook methods (#5231) (e3da641)
🩹 Fixes
- adapt new engine range for Mocha 11 (#5216) (80da25a)
📚 Documentation
- downgrade example/tests chai to 4.5.0 (#5245) (eac87e1)
11.0.0-beta - 2024-11-23
10.8.2 - 2024-10-30
10.8.2 (2024-10-30)

🩹 Fixes
- support errors with circular dependencies in object values with --parallel (#5212) (ba0fefe)
- test link in html reporter (#5224) (f054acc)
📚 Documentation
- indicate 'exports' interface does not work in browsers (#5181) (14e640e)
🧹 Chores
- fix docs builds by re-adding eleventy and ignoring gitignore again (#5240) (881e3b0)
🤖 Automation
- deps: bump the github-actions group with 1 update (#5132) (e536ab2)
10.8.1 - 2024-10-29
10.8.1 (2024-10-29)

🩹 Fixes
- handle case of invalid package.json with no explicit config (#5198) (f72bc17)
- Typos on mochajs.org (#5237) (d8ca270)
- use accurate test links in HTML reporter (#5228) (68803b6)
10.8.0 - 2024-10-29
10.8.0 (2024-10-29)

🌟 Features
- highlight browser failures (#5222) (8ff4845)
🩹 Fixes
- remove :is() from mocha.css to support older browsers (#5225) (#5227) (0a24b58)
📚 Documentation
- add SECURITY.md pointing to Tidelift (#5210) (bd7e63a)
- adopt Collective Funds Guidelines 0.1 (#5199) (2b03d86)
- update README, LICENSE and fix outdated (#5197) (1203e0e)
🧹 Chores
- fix npm scripts on windows (#5219) (1173da0)
- remove trailing whitespace in SECURITY.md (7563e59)
10.7.3 - 2024-08-09
10.7.3 (2024-08-09)

🩹 Fixes
- make release-please build work (#5194) (afd66ef)
10.7.0 - 2024-07-20
What's Changed
- feat: add option to not fail on failing test suite by @ ilgonmic in #4771
New Contributors
- @ ilgonmic made their first contribution in #4771
Full Changelog: v10.6.1...v10.7.0
10.6.1 - 2024-07-20
10.6.0 - 2024-07-02
10.5.2 - 2024-06-26
10.5.1 - 2024-06-25
10.5.0 - 2024-06-24
10.4.0 - 2024-03-26
10.3.0 - 2024-02-08
10.3.0-preminor.0 - 2024-01-30
10.2.0 - 2022-12-11
10.1.0 - 2022-10-15
10.0.0 - 2022-05-01
9.2.2 - 2022-03-11
9.2.1 - 2022-02-19
9.2.0 - 2022-01-24
9.1.4 - 2022-01-14
9.1.3 - 2021-10-15
9.1.2 - 2021-09-25
9.1.1 - 2021-08-28
9.1.0 - 2021-08-20
9.0.3 - 2021-07-25
9.0.2 - 2021-07-03
9.0.1 - 2021-06-18
9.0.0 - 2021-06-07
8.4.0 - 2021-05-07
8.3.2 - 2021-03-12
8.3.1 - 2021-03-06
8.3.0 - 2021-02-11
8.2.1 - 2020-11-02
8.2.0 - 2020-10-16
8.1.3 - 2020-08-28
8.1.2 - 2020-08-25
8.1.1 - 2020-08-04
8.1.0 - 2020-07-30
8.0.1 - 2020-06-10
8.0.0 - 2020-06-10
7.2.0 - 2020-05-23
7.1.2 - 2020-04-26
7.1.1 - 2020-03-18
7.1.0 - 2020-02-26
7.0.1 - 2020-01-26
7.0.0 - 2020-01-04
7.0.0-esm1 - 2020-01-12
6.2.3 - 2020-03-25
6.2.2 - 2019-10-18
6.2.1 - 2019-09-29
6.2.0 - 2019-07-18
6.1.4 - 2019-04-18
6.1.3 - 2019-04-12
6.1.2 - 2019-04-08
6.1.1 - 2019-04-07
6.1.0 - 2019-04-07
6.0.2 - 2019-02-25
6.0.1 - 2019-02-21
6.0.0 - 2019-02-18
6.0.0-1 - 2019-01-02
6.0.0-0 - 2019-01-01
5.2.0 - 2018-05-18
5.1.1 - 2018-04-18
5.1.0 - 2018-04-12
5.0.5 - 2018-03-23
5.0.4 - 2018-03-07
5.0.3 - 2018-03-07
5.0.2 - 2018-03-06
5.0.1 - 2018-02-13
5.0.0 - 2018-01-18
4.1.0 - 2017-12-29
4.0.1 - 2017-10-06
4.0.0 - 2017-10-03
3.5.3 - 2017-09-11

from mocha GitHub release notes

Important

Warning: This PR contains a major version upgrade, and may be a breaking change.
Check the changes in this PR to ensure they won't cause issues with your project.
This PR was automatically created by Snyk using the credentials of a real user.
Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

📜 Customise PR templates

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade mocha from 3.5.3 to 11.0.2. See this package in npm: mocha See this project in Snyk: https://app.snyk.io/org/hashimmohammad881-TrGTrpdUyGorMuF38nmW8P/project/e6715d82-c41b-4ec4-9520-3b5ae1a13f2e?utm_source=github-cloud-app&utm_medium=referral&page=upgrade-pr

semanticdiff-com · 2025-01-17T20:25:41Z

Review changes with

Changed Files

File	Status
package.json	0% smaller

Conversation

snyk-io bot commented Jan 17, 2025

Snyk has created this PR to upgrade mocha from 3.5.3 to 11.0.2.

Issues fixed by the recommended upgrade:

11.0.2 (2024-12-09)

🩹 Fixes

📚 Documentation

11.0.1 (2024-12-02)

🌟 Features

📚 Documentation

11.0.0 (2024-11-11)

⚠ BREAKING CHANGES

🌟 Features

🩹 Fixes

📚 Documentation

10.8.2 (2024-10-30)

🩹 Fixes

📚 Documentation

🧹 Chores

🤖 Automation

10.8.1 (2024-10-29)

🩹 Fixes

10.8.0 (2024-10-29)

🌟 Features

🩹 Fixes

📚 Documentation

🧹 Chores

10.7.3 (2024-08-09)

🩹 Fixes

What's Changed

New Contributors

Uh oh!

semanticdiff-com bot commented Jan 17, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

semanticdiff-com bot commented Jan 17, 2025 •

edited

Loading