Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk] Security upgrade mocha-junit-reporter from 1.23.3 to 2.1.1 #72

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade mocha-junit-reporter from 1.23.3 to 2.1.1 #72

wants to merge 1 commit into from

Conversation

decompil3d
Copy link

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
low severity 461/1000
Why? Recently disclosed, Has a fix available, CVSS 3.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-DEBUG-3227433		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: mocha-junit-reporter The new version differs by 36 commits.
  • c8b0b35 2.1.1
  • 2fba24b Update dependencies (#177)
  • 67a9764 2.1.0
  • 4c2bc93 Fix bug when truncating testcase.attr.time (#172)
  • 5c240ae Bump ansi-regex from 3.0.0 to 3.0.1 (#175)
  • 5169b0f Bump minimist from 1.2.5 to 1.2.6 (#166)
  • e77a5d8 feature | allow to add jenkinsClassnamePrefix (#138)
  • 3b65764 Merge pull request #159 from gabegorelick/fix-build
  • 07888b3 MINOR: update dependencies, remove travis file
  • 0d42905 Fix test failures when running on older versions of mocha
  • e062836 Test against all supported versions of mocha
  • fc3a735 Ensure that test time attribute is capped at 3 digits after the decimal
  • e406663 Add diff printing support
  • 8e0b9e4 Merge branch 'master' of https://github.com/michaelleeallen/mocha-junit-reporter
  • 4a7cca4 Bump glob-parent from 5.1.1 to 5.1.2
  • 2a321e3 Merge pull request #152 from michaelleeallen/dependabot/npm_and_yarn/glob-parent-5.1.2
  • 5403f63 Merge pull request #155 from pkuczynski/upgrade-strip-ansi
  • 2222692 Upgrade strip-ansi@6.0.1
  • 1c3eb62 Bump glob-parent from 5.1.1 to 5.1.2
  • 88388ee Merge pull request #104 from michaelleeallen/add-actions
  • 2cd514a Merge pull request #133 from michaelleeallen/dependabot/npm_and_yarn/lodash-4.17.19
  • 18ff0f4 Merge pull request #115 from gabegorelick/setup-teardown-time
  • a3ec7b5 Bump lodash from 4.17.15 to 4.17.19
  • d2770c2 Testsuite time should include setup and teardown

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@decompil3d @snyk-bot