chore(deps): upgrade all to latest stable #4556

AviVahl · 2021-01-18T19:43:24Z

Description of the Change

bump all production deps to latest stable versions and regenerate lock file from scratch.

npm audit on master:
found 39 vulnerabilities (30 low, 7 moderate, 2 high) in 2645 scanned packages

npm audit on branch:
found 3 low severity vulnerabilities in 2569 scanned packages

Alternate Designs

Keep old versions?
Setup dependabot or renovate bot.
Use carets.

Why should this be in core?

Any bug fixes and/or improvements in new versions.
Better de-duping for consumers.

Benefits

Improved audit result (for repo itself)

Possible Drawbacks

Any version upgrade is susceptible to regressions, especially in non-tested areas.

Applicable issues

#4533

coveralls · 2021-01-18T19:56:01Z

Coverage remained the same at 94.143% when pulling 3056999 on AviVahl:upgrade-production-deps into c667d10 on mochajs:master.

bump all production deps to latest stable versions and regenerate lock file from scratch. `npm audit` on `master`: `found 39 vulnerabilities (30 low, 7 moderate, 2 high) in 2645 scanned packages` `npm audit` on branch: `found 3 low severity vulnerabilities in 2569 scanned packages`

juergba

@AviVahl I pushed your branch to our repo, in order to run the browser test successfully.
The browser test doesn't work with github actions for PR's of forked repos.

lib/cli/config.js

juergba

@AviVahl thank you.

closes #4533

juergba reviewed Jan 29, 2021

View reviewed changes

lib/cli/config.js Show resolved Hide resolved

juergba approved these changes Jan 29, 2021

View reviewed changes

juergba added dependencies Pull requests that update a dependency file area: security involving vulnerabilities semver-patch implementation requires increase of "patch" version number; "bug fixes" labels Jan 29, 2021

juergba added this to the next milestone Jan 29, 2021

juergba merged commit 1a05ad7 into mochajs:master Jan 29, 2021

juergba mentioned this pull request Jan 29, 2021

[email protected] used in Mocha is creating deprecation warnings #4533

Closed

4 tasks

outsideris mentioned this pull request Feb 6, 2021

Upgrade debug module because of Vulnerability #4533 #4544

Closed

juergba modified the milestones: next, v8.3.0 Feb 11, 2021

Omrisnyk mentioned this pull request Dec 7, 2023

[Snyk] Fix for 1 vulnerabilities Omrisnyk/npm-lockfiles#131

Open

hashim21223445 mentioned this pull request Jul 28, 2024

[Snyk] Upgrade mocha from 8.2.1 to 8.4.0 hashim21223445/broadcast-channel#2

Merged

nscando mentioned this pull request Sep 7, 2024

[Snyk] Upgrade: , bcrypt, dotenv, express, helmet, mocha, mongodb, passport, passport-jwt, sinon nscando/Passport-Authentication#104

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

chore(deps): upgrade all to latest stable #4556

chore(deps): upgrade all to latest stable #4556

Uh oh!

AviVahl commented Jan 18, 2021 •

edited

Loading

Uh oh!

coveralls commented Jan 18, 2021 •

edited

Loading

Uh oh!

juergba left a comment

Uh oh!

Uh oh!

juergba left a comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Uh oh!

chore(deps): upgrade all to latest stable #4556

chore(deps): upgrade all to latest stable #4556

Uh oh!

Conversation

AviVahl commented Jan 18, 2021 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Description of the Change

Alternate Designs

Why should this be in core?

Benefits

Possible Drawbacks

Applicable issues

Uh oh!

coveralls commented Jan 18, 2021 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

juergba left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

juergba left a comment

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

AviVahl commented Jan 18, 2021 •

edited

Loading

coveralls commented Jan 18, 2021 •

edited

Loading