You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Checked next-gen ES issues and syntax problems by using the same environment and/or transpiler configuration without Mocha to ensure it isn't just a feature that actually isn't supported in the environment in question or a bug in your code.
'Smoke tested' the code to be tested by running it outside the real test suite to get a better sense of whether the problem is in the code under test, your usage of Mocha, or Mocha itself
Ensured that there is no discrepancy between the locally and globally installed versions of Mocha. You can find them with: node_modules/.bin/mocha --version(Local) and mocha --version(Global). We recommend that you not install Mocha globally.
Description
minimatch package versions before 3.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS). Fixed version of minimatch (3.0.4) for mocha version 6.2.3 is causing cloud computing scans to fail.
In the past I've seen doing some upgrade for security reasons to older major versions so I wanted to know if I need to upgrade this service that is in maintenance mode or not. Thanks a lot in advance :)
Steps to Reproduce
N/A
Expected behavior: Security scans don't fail.
Actual behavior: N/A
Reproduces how often: 100%
Versions
The output of mocha --version and node_modules/.bin/mocha --version: 6.2.3
The text was updated successfully, but these errors were encountered:
@juergba Thanks for the swift response. Yes, makes total sense and I already pushed for not including dev deps in the scan but they only look at the lock file apparently 🤷🏼 . Have a great day :)
Prerequisites
faq
labelnode_modules/.bin/mocha --version
(Local) andmocha --version
(Global). We recommend that you not install Mocha globally.Description
minimatch package versions before 3.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS). Fixed version of minimatch (3.0.4) for mocha version 6.2.3 is causing cloud computing scans to fail.
In the past I've seen doing some upgrade for security reasons to older major versions so I wanted to know if I need to upgrade this service that is in maintenance mode or not. Thanks a lot in advance :)
Steps to Reproduce
N/A
Expected behavior: Security scans don't fail.
Actual behavior: N/A
Reproduces how often: 100%
Versions
mocha --version
andnode_modules/.bin/mocha --version
: 6.2.3The text was updated successfully, but these errors were encountered: