[Snyk] Fix for 1 vulnerabilities #131
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/npm:debug:20170905
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00296, Social Trends: No, Days since published: 2262, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Low, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.43, Score Version: V5
npm:debug:20170905
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: @cypress/browserify-preprocessor
-
3.0.2 - 2021-11-04
- deps: update dependency glob-parent to version 5.1.2 🌟 (#84) (61dae70)
-
3.0.1 - 2020-07-14
- Handle function transforms when
-
3.0.0 - 2020-05-21
- This plugin now requires Node.js 8+
- Validate type of typescript option and its existence as a path (3fb7b2c)
- Improve error when attempting to preprocess a TypeScript file but the typescript option is not set (36d77a8)
-
2.2.4 - 2020-05-11
- generate sourcemaps on .ts and .tsx files (#51) (d64122c)
-
2.2.3 - 2020-05-08
- Only enable TypeScript jsx compiling for
-
2.2.2 - 2020-04-23
- Fix TypeScript iterator support. (#43) (f549896)
-
2.2.1 - 2020-04-04
- Fix lib files not being published (#40) (24117d0)
-
2.2.0 - 2020-04-03
- Add out-of-the-tbox typescript support (#38) (344a057)
-
2.1.4 - 2020-02-11
- Fix non-top-level requires (#37) (642a671)
-
2.1.3 - 2020-02-05
- use newer module exports plugin (#35) (8601521)
-
2.1.2 - 2020-02-05
-
2.1.1 - 2019-06-07
from @cypress/browserify-preprocessor GitHub release notes3.0.2 (2021-11-04)
Miscellaneous
3.0.1 (2020-07-14)
Bug Fixes
typescriptis set (#57) (fb2f417), closes #563.0.0 (2020-05-21)
Breaking Changes
Bug Fixes
2.2.4 (2020-05-11)
Bug Fixes
2.2.3 (2020-05-08)
Bug Fixes
.js,.jsx, and.tsxfiles (#45) (00e9be9)2.2.2 (2020-04-23)
Bug Fixes
2.2.1 (2020-04-04)
Bug Fixes
2.2.0 (2020-04-03)
Features
2.1.4 (2020-02-11)
Bug Fixes
2.1.3 (2020-02-05)
Bug Fixes
Package name: mocha
-
8.3.0 - 2021-02-11
- #4506: Add error code for test timeout errors (@ boneskull)
- #4112: Add BigInt support to stringify util function (@ JosejeSinohui)
- #4557: Add file location when SyntaxError happens in ESM (@ giltayar)
- #4521: Fix
- #4507: Add support for typescript-style docstrings (@ boneskull)
- #4503: Add GH Actions workflow status badge (@ outsideris)
- #4494: Add example of generating tests dynamically with a closure (@ maxwellgerber)
- #4556: Upgrade all dependencies to latest stable (@ AviVahl)
- #4543: Update dependencies yargs and yargs-parser (@ juergba)
-
8.2.1 - 2020-11-02
- #4489: Fix problematic handling of otherwise-unhandled
- #4496: Avoid
-
8.2.0 - 2020-10-16
// fixtures.js
- #4308: Support run-once global setup & teardown fixtures (@ boneskull)
- #4442: Multi-part extensions (e.g.,
- #4472: Leading dots (e.g.,
- #4434: Output of
- #4464: Errors thrown by serializer in parallel mode now have error codes (@ evaline-ju)
- #4409: Parallel mode and custom reporter improvements (@ boneskull):
- Support custom worker-process-only reporters (
- Allow opt-in of object reference matching for "sufficiently advanced" custom reporters (
- Enable detection of parallel mode (
- #4476: Workaround for profoundly bizarre issue affecting
- #4465: Worker processes guaranteed (as opposed to "very likely") to exit before Mocha does; fixes a problem when using
- #4419: Restore
-
8.1.3 - 2020-08-28
- #4425: Restore
-
8.1.2 - 2020-08-25
- #4418: Fix command-line flag incompatibility in forthcoming Node.js v14.9.0 (@ boneskull)
- #4401: Fix missing global variable in browser (@ irrationnelle)
- #4396: Update many dependencies (@ GChuf)
- Various fixes by @ sujin-park, @ wwhurin & @ Donghoon759
-
8.1.1 - 2020-08-04
- #4394: Fix regression wherein certain reporters did not correctly detect terminal width (@ boneskull)
-
8.1.0 - 2020-07-30
- #4287: Use background colors with inline diffs for better visual distinction (@ michael-brade)
- #4328: Fix "watch" mode when Mocha run in parallel (@ boneskull)
- #4382: Fix root hook execution in "watch" mode (@ indieisaconcept)
- #4383: Consistent auto-generated hook titles (@ cspotcode)
- #4359: Better errors when running
- #4341: Fix weirdness when using
- #4378, #4333: Update javascript-serialize (@ martinoppitz, @ wnghdcjfe)
- #4354: Update yargs-unparser (@ martinoppitz)
- #4173: Document how to use
- #4343: Clean up some API docs (@ craigtaub)
- #4318: Sponsor images are now self-hosted (@ Munter)
- #4293: Use Rollup and Babel in build pipeline; add source map to published files (@ Munter)
-
8.0.1 - 2020-06-10
- #4328: Fix
-
8.0.0 - 2020-06-10
-
-
-
-
-
-
-
-
-
-
-
- #4246: Add documentation for parallel mode and Root Hook plugins (@ boneskull)
- #4200: Drop mkdirp and replace it with fs.mkdirSync (@ HyunSangHan)
-
7.2.0 - 2020-05-23
- #4234: Add ability to run tests in a mocha instance multiple times (@ nicojs)
- #4219: Exposing filename in JSON, doc, and json-stream reporters (@ Daniel0113)
- #4244: Add Root Hook Plugins (@ boneskull)
- #4258: Fix missing dot in name of configuration file (@ sonicdoe)
- #4194: Check if module.paths really exists (@ ematipico)
- #4256:
- #4152: Bug with multiple async done() calls (@ boneskull)
- #4275: Improper warnings for invalid reporters (@ boneskull)
- #4288: Broken hook.spec.js test for IE11 (@ boneskull)
- #4081: Insufficient white space for API docs in view on mobile (@ HyunSangHan)
- #4255: Update mocha-docdash for UI fixes on API docs (@ craigtaub)
- #4235: Enable emoji on website; enable normal ul elements (@ boneskull)
- #4272: Fetch sponsors at build time, show ALL non-skeevy sponsors (@ boneskull)
- #4249: Refactoring improving encapsulation (@ arvidOtt)
- #4242: CI add job names, add Node.js v14 to matrix (@ boneskull)
- #4237: Refactor validatePlugins to throw coded errors (@ boneskull)
- #4236: Better debug output (@ boneskull)
-
7.1.2 - 2020-04-26
-
7.1.1 - 2020-03-18
-
7.1.0 - 2020-02-26
-
7.0.1 - 2020-01-26
-
7.0.0 - 2020-01-04
-
7.0.0-esm1 - 2020-01-12
-
6.2.3 - 2020-03-25
from mocha GitHub release notes8.3.0 / 2021-02-11
🎉 Enhancements
🐛 Fixes
requireerror when bundling Mocha with Webpack (@ devhazem)📖 Documentation
🔩 Other
Also thanks to @ outsideris and @ HyunSangHan for various fixes to our website and documentation.
8.2.1 / 2020-11-02
Fixed stuff.
🐛 Fixes
Promiserejections and erroneous "done()called twice" errors (@ boneskull)MaxListenersExceededWarningin watch mode (@ boneskull)Also thanks to @ akeating for a documentation fix!
8.2.0 / 2020-10-16
The major feature added in v8.2.0 is addition of support for global fixtures.
While Mocha has always had the ability to run setup and teardown via a hook (e.g., a
before()at the top level of a test file) when running tests in serial, Mocha v8.0.0 added support for parallel runs. Parallel runs are incompatible with this strategy; e.g., a top-levelbefore()would only run for the file in which it was defined.With global fixtures, Mocha can now perform user-defined setup and teardown regardless of mode, and these fixtures are guaranteed to run once and only once. This holds for parallel mode, serial mode, and even "watch" mode (the teardown will run once you hit Ctrl-C, just before Mocha finally exits). Tasks such as starting and stopping servers are well-suited to global fixtures, but not sharing resources--global fixtures do not share context with your test files (but they do share context with each other).
Here's a short example of usage:
// can be async or not
exports.mochaGlobalSetup = async function() {
this.server = await startSomeServer({port: process.env.TEST_PORT});
console.log(
server running on port <span class="pl-s1"><span class="pl-kos">${</span><span class="pl-smi">this</span><span class="pl-kos">.</span><span class="pl-c1">server</span><span class="pl-kos">.</span><span class="pl-c1">port</span><span class="pl-kos">}</span></span>);};
exports.mochaGlobalTeardown = async function() {
// the context (
this) is shared, but not with the test filesawait this.server.stop();
console.log(
server on port <span class="pl-s1"><span class="pl-kos">${</span><span class="pl-smi">this</span><span class="pl-kos">.</span><span class="pl-c1">server</span><span class="pl-kos">.</span><span class="pl-c1">port</span><span class="pl-kos">}</span></span> stopped);};
// this file can contain root hook plugins as well!
// exports.mochaHooks = { ... }
Fixtures are loaded with
--require, e.g.,mocha --require fixtures.js.For detailed information, please see the documentation and this handy-dandy flowchart to help understand the differences between hooks, root hook plugins, and global fixtures (and when you should use each).
🎉 Enhancements
test.js) now usable with--extensionoption (@ jordanstephens).js,.test.js) now usable with--extensionoption (@ boneskull)jsonreporter now containsspeed("fast"/"medium"/"slow") property (@ wwhurin)For implementors of custom reporters:
Runner.prototype.workerReporter()); reporters should subclassParallelBufferedReporterinmocha/lib/nodejs/reporters/parallel-bufferedRunner.prototype.linkPartialObjects()); use if strict object equality is needed when consumingRunnerevent dataRunner.prototype.isParallelMode())🐛 Fixes
npmv6.x causing some of Mocha's deps to be installed whenmochais present in a package'sdevDependenciesandnpm install --productionis run the package's working copy (@ boneskull)nycwith Mocha in parallel mode (@ boneskull)lookupFiles()inmocha/lib/utils, which was broken/missing in Mocha v8.1.0; it now prints a deprecation warning (useconst {lookupFiles} = require('mocha/lib/cli')instead) (@ boneskull)Thanks to @ AviVahl, @ donghoon-song, @ ValeriaVG, @ znarf, @ sujin-park, and @ majecty for other helpful contributions!
8.1.3 / 2020-08-28
🐛 Fixes
Mocha.utils.lookupFiles()and Webpack compatibility (both broken since v8.1.0);Mocha.utils.lookupFiles()is now deprecated and will be removed in the next major revision of Mocha; userequire('mocha/lib/cli').lookupFilesinstead (@ boneskull)8.1.2 / 2020-08-25
🐛 Fixes
🔒 Security Fixes
📖 Documentation
8.1.1 / 2020-08-04
🐛 Fixes
8.1.0 / 2020-07-30
In this release, Mocha now builds its browser bundle with Rollup and Babel, which will provide the project's codebase more flexibility and consistency.
While we've been diligent about backwards compatibility, it's possible consumers of the browser bundle will encounter differences (other than an increase in the bundle size). If you do encounter an issue with the build, please report it here.
This release does not drop support for IE11.
Other community contributions came from @ Devjeel, @ Harsha509 and @ sharath2106. Thank you to everyone who contributed to this release!
🎉 Enhancements
🐛 Fixes
mocha init(@ boneskull)delayoption in browser (@ craigtaub)🔒 Security Fixes
📖 Documentation & Website
--enable-source-mapswith Mocha (@ bcoe)🔩 Other
8.0.1 / 2020-06-10
The obligatory patch after a major.
🐛 Fixes
--parallelwhen combined with--watch(@ boneskull)8.0.0 / 2020-06-10
In this major release, Mocha adds the ability to run tests in parallel. Better late than never! Please note the breaking changes detailed below.
Let's welcome @ giltayar and @ nicojs to the maintenance team!
💥 Breaking Changes
#4164: Mocha v8.0.0 now requires Node.js v10.12.0 or newer. Mocha no longer supports the Node.js v8.x line ("Carbon"), which entered End-of-Life at the end of 2019 (@ UlisesGascon)
#4175: Having been deprecated with a warning since v7.0.0,
mocha.optsis no longer supported (@ juergba)✨ WORKAROUND: Replace
mocha.optswith a configuration file.#4260: Remove
enableTimeout()(this.enableTimeout()) from the context object (@ craigtaub)✨ WORKAROUND: Replace usage of
this.enableTimeout(false)in your tests withthis.timeout(0).#4315: The
specoption no longer supports a comma-delimited list of files (@ juergba)✨ WORKAROUND: Use an array instead (e.g.,
"spec": "foo.js,bar.js"becomes"spec": ["foo.js", "bar.js"]).#4309: Drop support for Node.js v13.x line, which is now End-of-Life (@ juergba)
#4282:
--forbid-onlywill throw an error even if exclusive tests are avoided via--grepor other means (@ arvidOtt)#4223: The context object's
skip()(this.skip()) in a "before all" (before()) hook will no longer execute subsequent sibling hooks, in addition to hooks in child suites (@ juergba)#4178: Remove previously soft-deprecated APIs (@ wnghdcjfe):
Mocha.prototype.ignoreLeaks()Mocha.prototype.useColors()Mocha.prototype.useInlineDiffs()Mocha.prototype.hideDiff()🎉 Enhancements
#4245: Add ability to run tests in parallel for Node.js (see docs) (@ boneskull)
❗ See also #4244; Root Hook Plugins (docs) -- root hooks must be defined via Root Hook Plugins to work in parallel mode
#4304:
--requirenow works with ES modules (@ JacobLey)#4299: In some circumstances, Mocha can run ES modules under Node.js v10 -- use at your own risk! (@ giltayar)
📖 Documentation
🔩 Other
🐛 Fixes
(All bug fixes in Mocha v8.0.0 are also breaking changes, and are listed above)
7.2.0 / 2020-05-22
🎉 Enhancements
🐛 Fixes
--forbid-onlydoes not recognizeit.onlywhenbeforecrashes (@ arvidOtt)📖 Documentation
🔩 Other
Commit messages
Package name: @cypress/browserify-preprocessor
The new version differs by 59 commits.See the full diff
Package name: mocha
The new version differs by 250 commits.See the full diff
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Regular Expression Denial of Service (ReDoS)