Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add 'Mocha@11' as a peer dependency #108

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

vrubezhny
Copy link

@vrubezhny vrubezhny commented Dec 2, 2024

Also this updates 'eslint' to v8.57.1 and overrides 'cross-spawn' to ^7.0.6 in order to fix the known vulnerabilities:


ajv  <6.12.3
Severity: moderate
Prototype Pollution in Ajv - https://github.com/advisories/GHSA-v88g-cgmw-v5xw
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/ajv
  ajv-keywords  2.1.1
  Depends on vulnerable versions of ajv
  node_modules/ajv-keywords
  eslint  2.5.0 - 2.5.2 || 4.2.0 - 5.0.0-rc.0
  Depends on vulnerable versions of ajv
  Depends on vulnerable versions of cross-spawn
  Depends on vulnerable versions of table
  node_modules/eslint
  table  3.7.10 - 4.0.2
  Depends on vulnerable versions of ajv
  node_modules/table

cross-spawn  <6.0.6
Severity: high
Regular Expression Denial of Service (ReDoS) in cross-spawn - https://github.com/advisories/GHSA-3xgq-45jj-v275
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/cross-spawn

5 vulnerabilities (3 moderate, 2 high)

Fixes: #107

@vrubezhny vrubezhny force-pushed the fix-support-mocha-11 branch from db94206 to 33faefa Compare December 2, 2024 18:46
Also this updates 'eslint' to v8.57.1 and overrides 'cross-spawn' to ^7.0.6 in order to
fix the known vulnerabilities:

```

ajv  <6.12.3
Severity: moderate
Prototype Pollution in Ajv - GHSA-v88g-cgmw-v5xw
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/ajv
  ajv-keywords  2.1.1
  Depends on vulnerable versions of ajv
  node_modules/ajv-keywords
  eslint  2.5.0 - 2.5.2 || 4.2.0 - 5.0.0-rc.0
  Depends on vulnerable versions of ajv
  Depends on vulnerable versions of cross-spawn
  Depends on vulnerable versions of table
  node_modules/eslint
  table  3.7.10 - 4.0.2
  Depends on vulnerable versions of ajv
  node_modules/table

cross-spawn  <6.0.6
Severity: high
Regular Expression Denial of Service (ReDoS) in cross-spawn - GHSA-3xgq-45jj-v275
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/cross-spawn

5 vulnerabilities (3 moderate, 2 high)
```

Fixes: juhovh#107

Signed-off-by: Victor Rubezhny <[email protected]>
@vrubezhny vrubezhny force-pushed the fix-support-mocha-11 branch from 33faefa to ece3465 Compare December 2, 2024 18:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Support for Mocha@11
1 participant