[Snyk] Security upgrade mocha from 6.2.3 to 11.1.0 #220

Omrisnyk · 2025-01-22T17:18:57Z

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

large-file/package.json
large-file/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	159

Release notes

Package name: mocha

11.1.0 - 2025-01-02
11.1.0 (2025-01-02)

🌟 Features
- bump yargs to 17 (#5165) (8f1c8d8)
11.0.2 - 2024-12-09
11.0.2 (2024-12-09)

🩹 Fixes
- catch exceptions setting Error.stackTraceLimit (#5254) (259f8f8)
- error handling for unexpected numeric arguments passed to cli (#5263) (210d658)
📚 Documentation
- correct outdated status: accepting prs link (#5268) (f729cd0)
- replace "New in" with "Since" in version annotations (#5262) (6f10d12)
11.0.1 - 2024-12-02
11.0.1 (2024-12-02)

🌟 Features
- bumped glob dependency from 8 to 10 (#5250) (43c3157)
📚 Documentation
- fix examples for linkPartialObjects methods (#5255) (34e0e52)
11.0.0 - 2024-11-11
11.0.0 (2024-11-11)

⚠ BREAKING CHANGES
- adapt new engine range for Mocha 11 (#5216)
🌟 Features
- allow calling hook methods (#5231) (e3da641)
🩹 Fixes
- adapt new engine range for Mocha 11 (#5216) (80da25a)
📚 Documentation
- downgrade example/tests chai to 4.5.0 (#5245) (eac87e1)
11.0.0-beta - 2024-11-23
10.8.2 - 2024-10-30
10.8.2 (2024-10-30)

🩹 Fixes
- support errors with circular dependencies in object values with --parallel (#5212) (ba0fefe)
- test link in html reporter (#5224) (f054acc)
📚 Documentation
- indicate 'exports' interface does not work in browsers (#5181) (14e640e)
🧹 Chores
- fix docs builds by re-adding eleventy and ignoring gitignore again (#5240) (881e3b0)
🤖 Automation
- deps: bump the github-actions group with 1 update (#5132) (e536ab2)
10.8.1 - 2024-10-29
10.8.1 (2024-10-29)

🩹 Fixes
- handle case of invalid package.json with no explicit config (#5198) (f72bc17)
- Typos on mochajs.org (#5237) (d8ca270)
- use accurate test links in HTML reporter (#5228) (68803b6)
10.8.0 - 2024-10-29
10.8.0 (2024-10-29)

🌟 Features
- highlight browser failures (#5222) (8ff4845)
🩹 Fixes
- remove :is() from mocha.css to support older browsers (#5225) (#5227) (0a24b58)
📚 Documentation
- add SECURITY.md pointing to Tidelift (#5210) (bd7e63a)
- adopt Collective Funds Guidelines 0.1 (#5199) (2b03d86)
- update README, LICENSE and fix outdated (#5197) (1203e0e)
🧹 Chores
- fix npm scripts on windows (#5219) (1173da0)
- remove trailing whitespace in SECURITY.md (7563e59)
10.7.3 - 2024-08-09
10.7.3 (2024-08-09)

🩹 Fixes
- make release-please build work (#5194) (afd66ef)
10.7.0 - 2024-07-20
10.6.1 - 2024-07-20
10.6.0 - 2024-07-02
10.5.2 - 2024-06-26
10.5.1 - 2024-06-25
10.5.0 - 2024-06-24
10.4.0 - 2024-03-26
10.3.0 - 2024-02-08
10.3.0-preminor.0 - 2024-01-30
10.2.0 - 2022-12-11
10.1.0 - 2022-10-15
10.0.0 - 2022-05-01
9.2.2 - 2022-03-11
9.2.1 - 2022-02-19
9.2.0 - 2022-01-24
9.1.4 - 2022-01-14
9.1.3 - 2021-10-15
9.1.2 - 2021-09-25
9.1.1 - 2021-08-28
9.1.0 - 2021-08-20
9.0.3 - 2021-07-25
9.0.2 - 2021-07-03
9.0.1 - 2021-06-18
9.0.0 - 2021-06-07
8.4.0 - 2021-05-07
8.3.2 - 2021-03-12
8.3.1 - 2021-03-06
8.3.0 - 2021-02-11
8.2.1 - 2020-11-02
8.2.0 - 2020-10-16
8.1.3 - 2020-08-28
8.1.2 - 2020-08-25
8.1.1 - 2020-08-04
8.1.0 - 2020-07-30
8.0.1 - 2020-06-10
8.0.0 - 2020-06-10
7.2.0 - 2020-05-23
7.1.2 - 2020-04-26
7.1.1 - 2020-03-18
7.1.0 - 2020-02-26
7.0.1 - 2020-01-26
7.0.0 - 2020-01-04
7.0.0-esm1 - 2020-01-12
6.2.3 - 2020-03-25

from mocha GitHub release notes

Important

Check the changes in this PR to ensure they won't cause issues with your project.
Max score is 1000. Note that the real score may have changed since the PR was raised.
This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

… vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908

fix: large-file/package.json & large-file/package-lock.json to reduce…

48b9538

… vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908

[Snyk] Security upgrade mocha from 6.2.3 to 11.1.0 #220

Are you sure you want to change the base?

[Snyk] Security upgrade mocha from 6.2.3 to 11.1.0 #220

Uh oh!

Conversation

Omrisnyk commented Jan 22, 2025

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

Vulnerabilities that will be fixed with an upgrade:

11.1.0 (2025-01-02)

🌟 Features

11.0.2 (2024-12-09)

🩹 Fixes

📚 Documentation

11.0.1 (2024-12-02)

🌟 Features

📚 Documentation

11.0.0 (2024-11-11)

⚠ BREAKING CHANGES

🌟 Features

🩹 Fixes

📚 Documentation

10.8.2 (2024-10-30)

🩹 Fixes

📚 Documentation

🧹 Chores

🤖 Automation

10.8.1 (2024-10-29)

🩹 Fixes

10.8.0 (2024-10-29)

🌟 Features

🩹 Fixes

📚 Documentation

🧹 Chores

10.7.3 (2024-08-09)

🩹 Fixes

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants