[Snyk] Fix for 1 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	461/1000 Why? Recently disclosed, Has a fix available, CVSS 3.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-DEBUG-3227433	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: mocha

The new version differs by 250 commits.

• d69bf14 Release v4.0.0
• 171b9f9 pfix "prepublishOnly" potential portability problem
• 60e39d9 Update link to wiki (GitHub at the leading `--`)
• 804f9d5 Update link because GitHub ate the leading `--`
• 3326c23 update CHANGELOG for v4.0.0 [ci skip]
• 6dd9252 add link to wiki on --compilers deprecation
• 96318e1 Deprecate --compilers
• 92beda9 drop bower support
• 58a4c6a remove unused .npmignore
• 7af6611 kill Date#toISOString shim
• 43501a2 reduce noise about slow tests; make a few tests faster, etc.
• fa228e9 update --exit / --no-exit integration test for new default behavior
• 3fdd3ff Switch default from forced exit to no-exit
• c5d69e0 add integration tests for --exit/--no-exit
• 3a7f8dc enhance runMochaJSON() helper by returning the subprocess instance
• 0690d1a remove unused manual tests which remained in test/misc/
• 49e01d5 move the "only" specs out of test/misc/only/ and into test/only/
• 16ffca2 remove shims to avoid decrease in coverage
• 1f3b39a upgrade diff
• e6e3519 upgrade commander
• f1efc14 remove special treatment of unsupported node version in travis before-install script
• bc50020 upgrade debug
• 1103f9c upgrade coveralls
• f09ebf6 remove readable-stream

See the full diff

Package name: mocha-junit-reporter

The new version differs by 66 commits.

• c8b0b35 2.1.1
• 2fba24b Update dependencies (#177)
• 67a9764 2.1.0
• 4c2bc93 Fix bug when truncating testcase.attr.time (#172)
• 5c240ae Bump ansi-regex from 3.0.0 to 3.0.1 (#175)
• 5169b0f Bump minimist from 1.2.5 to 1.2.6 (#166)
• e77a5d8 feature | allow to add jenkinsClassnamePrefix (#138)
• 3b65764 Merge pull request #159 from gabegorelick/fix-build
• 07888b3 MINOR: update dependencies, remove travis file
• 0d42905 Fix test failures when running on older versions of mocha
• e062836 Test against all supported versions of mocha
• fc3a735 Ensure that test time attribute is capped at 3 digits after the decimal
• e406663 Add diff printing support
• 8e0b9e4 Merge branch 'master' of https://github.com/michaelleeallen/mocha-junit-reporter
• 4a7cca4 Bump glob-parent from 5.1.1 to 5.1.2
• 2a321e3 Merge pull request #152 from michaelleeallen/dependabot/npm_and_yarn/glob-parent-5.1.2
• 5403f63 Merge pull request #155 from pkuczynski/upgrade-strip-ansi
• 2222692 Upgrade strip-ansi@6.0.1
• 1c3eb62 Bump glob-parent from 5.1.1 to 5.1.2
• 88388ee Merge pull request [Snyk] Fix for 1 vulnerabilities #104 from michaelleeallen/add-actions
• 2cd514a Merge pull request #133 from michaelleeallen/dependabot/npm_and_yarn/lodash-4.17.19
• 18ff0f4 Merge pull request [Snyk] Security upgrade tree-sitter from 0.16.0 to 0.20.3 #115 from gabegorelick/setup-teardown-time
• a3ec7b5 Bump lodash from 4.17.15 to 4.17.19
• d2770c2 Testsuite time should include setup and teardown

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)