Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade mocha from 7.1.2 to 9.2.2 #64

Open
wants to merge 42 commits into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade mocha from 7.1.2 to 9.2.2 #64

wants to merge 42 commits into from

Conversation

MarcelRaschke
Copy link
Member

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
⚠️ Warning 
Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 551/1000
Why? Recently disclosed, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-3050818		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: mocha The new version differs by 250 commits.
  • 24b5243 build(v9.2.2): release
  • 22a1560 build(v9.2.2): update CHANGELOG [ci skip]
  • 632e602 chore: update dependencies (#4843)
  • 241964b fix: wrong error thrown while loading reporter (#4842)
  • 22f9306 fix(dry-run): potential call-stack crash with 'dry-run' option (#4839)
  • 547ffd7 build(v9.2.1): release
  • ca7432a build(v9.2.1): update CHANGELOG [ci skip]
  • 86305cf fix: wrong error thrown while loading config files (#4832)
  • 11c4560 fix: configurable max diff size (#4799)
  • 509938d doc: fix to show sponsors in narrow view (#4793)
  • cc51b8f build(v9.2.0): release
  • dea3115 build(v9.2.0): update CHANGELOG [ci skip]
  • 1825645 chore: update dependencies (#4818)
  • bc0fda2 chore: update some devDependencies (#4816)
  • 8b089a2 feat(parallel): assign each worker a worker-id (#4813)
  • 9fbf3ae chore: run Netlify deploy on Node v16 (#4778) [ci skip]
  • f297790 chore: switch 'linkify-changelog.js' to ESM (#4812) [ci skip]
  • 0a1b7f8 build(v9.1.4): release
  • a04d050 build(v9.1.4): update CHANGELOG [ci skip]
  • baa12fd fix: wrong error thrown if loader is used (#4807)
  • 60fafa4 Update copyright year in LICENSE (#4804)
  • 3b4cc05 chore(devDeps): remove 'cross-spawn' (#4779)
  • a99d40c chore(ci): add Node v17 to test matrix (#4777)
  • ac43029 chore(devDeps): update 'prettier' (#4776)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

snyk-bot and others added 30 commits August 20, 2022 00:26
@snyk-bot
fix: package.json to reduce vulnerabilities
1be0202 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1021884
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1041745
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1047306
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1050882
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1050999
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1070013
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1085705
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1088600
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1252279
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1257943
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1296559
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1312314
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1313765
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1315668
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1534883
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1536581
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1656743
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1910985
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1911949
- https://snyk.io/vuln/SNYK-JS-ELECTRON-1912085
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2322001
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2332173
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2414027
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2434822
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2946881
@snyk-bot
feat: upgrade ipfs-http-client from 47.0.1 to 57.0.3
713e483 
Snyk has created this PR to upgrade ipfs-http-client from 47.0.1 to 57.0.3.

See this package in npm:
https://www.npmjs.com/package/ipfs-http-client

See this project in Snyk:
https://app.snyk.io/org/marcelraschke/project/c43862e2-04e0-46c7-9027-49ad8d871d46?utm_source=github&utm_medium=referral&page=upgrade-pr
@snyk-bot
feat: upgrade i18next from 19.4.4 to 21.8.14
4f80393 
Snyk has created this PR to upgrade i18next from 19.4.4 to 21.8.14.

See this package in npm:
https://www.npmjs.com/package/i18next

See this project in Snyk:
https://app.snyk.io/org/marcelraschke/project/c43862e2-04e0-46c7-9027-49ad8d871d46?utm_source=github&utm_medium=referral&page=upgrade-pr
@snyk-bot
feat: upgrade multiple dependencies with Snyk
916eb76 
Snyk has created this PR to upgrade:
  - electron-builder from 22.8.1 to 23.3.3.
    See this package in npm: https://www.npmjs.com/package/electron-builder
  - electron-updater from 4.3.5 to 5.2.1.
    See this package in npm: https://www.npmjs.com/package/electron-updater

See this project in Snyk:
https://app.snyk.io/org/marcelraschke/project/c43862e2-04e0-46c7-9027-49ad8d871d46?utm_source=github&utm_medium=referral&page=upgrade-pr
@snyk-bot
feat: upgrade yargs from 15.3.1 to 17.5.1
ac77eb4 
Snyk has created this PR to upgrade yargs from 15.3.1 to 17.5.1.

See this package in npm:
https://www.npmjs.com/package/yargs

See this project in Snyk:
https://app.snyk.io/org/marcelraschke/project/c43862e2-04e0-46c7-9027-49ad8d871d46?utm_source=github&utm_medium=referral&page=upgrade-pr
@snyk-bot
feat: upgrade dotenv from 8.2.0 to 16.0.1
36d28ed 
Snyk has created this PR to upgrade dotenv from 8.2.0 to 16.0.1.

See this package in npm:
https://www.npmjs.com/package/dotenv

See this project in Snyk:
https://app.snyk.io/org/marcelraschke/project/c43862e2-04e0-46c7-9027-49ad8d871d46?utm_source=github&utm_medium=referral&page=upgrade-pr
@snyk-bot
feat: upgrade mocha from 7.1.2 to 10.0.0
9e58615 
Snyk has created this PR to upgrade mocha from 7.1.2 to 10.0.0.

See this package in npm:
https://www.npmjs.com/package/mocha

See this project in Snyk:
https://app.snyk.io/org/marcelraschke/project/c43862e2-04e0-46c7-9027-49ad8d871d46?utm_source=github&utm_medium=referral&page=upgrade-pr
@snyk-bot
fix: upgrade go-ipfs from 0.7.0 to 0.14.0
b55e893 
Snyk has created this PR to upgrade go-ipfs from 0.7.0 to 0.14.0.

See this package in npm:
https://www.npmjs.com/package/go-ipfs

See this project in Snyk:
https://app.snyk.io/org/marcelraschke/project/c43862e2-04e0-46c7-9027-49ad8d871d46?utm_source=github&utm_medium=referral&page=upgrade-pr
@snyk-bot
feat: upgrade ipfsd-ctl from 7.0.0 to 12.0.0
c80afe5 
Snyk has created this PR to upgrade ipfsd-ctl from 7.0.0 to 12.0.0.

See this package in npm:
https://www.npmjs.com/package/ipfsd-ctl

See this project in Snyk:
https://app.snyk.io/org/marcelraschke/project/c43862e2-04e0-46c7-9027-49ad8d871d46?utm_source=github&utm_medium=referral&page=upgrade-pr
@snyk-bot
fix: package.json to reduce vulnerabilities
615f237 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ELECTRON-2805803
@snyk-bot
fix: package.json to reduce vulnerabilities
081778c 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-GOT-2932019
@dependabot
chore(deps): bump ejs from 3.1.5 to 3.1.8
0058078 
Bumps [ejs](https://github.com/mde/ejs) from 3.1.5 to 3.1.8.
- [Release notes](https://github.com/mde/ejs/releases)
- [Changelog](https://github.com/mde/ejs/blob/main/CHANGELOG.md)
- [Commits](mde/ejs@v3.1.5...v3.1.8)

---
updated-dependencies:
- dependency-name: ejs
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
chore(deps): bump nanoid from 3.1.12 to 3.3.4
ed59502 
Bumps [nanoid](https://github.com/ai/nanoid) from 3.1.12 to 3.3.4.
- [Release notes](https://github.com/ai/nanoid/releases)
- [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md)
- [Commits](ai/nanoid@3.1.12...3.3.4)

---
updated-dependencies:
- dependency-name: nanoid
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@snyk-bot
fix: package.json to reduce vulnerabilities
7027b3e 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ELECTRON-3014407
@MarcelRaschke
Merge pull request #45 from 47-studio-org/master
5f2f8ba 
[pull] master from 47-studio-org:master
@MarcelRaschke
Merge branch 'master' into snyk-fix-89145fc9f6b2a778813d5dcf6690cef3
05297b2
@dependabot
chore(deps): bump ws from 7.3.1 to 7.5.9
7bc27a1 
Bumps [ws](https://github.com/websockets/ws) from 7.3.1 to 7.5.9.
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@7.3.1...7.5.9)

---
updated-dependencies:
- dependency-name: ws
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@MarcelRaschke
Merge pull request #47 from devcode1981/snyk-fix-89145fc9f6b2a778813d…
29f348e 
…5dcf6690cef3

[Snyk] Security upgrade electron from 9.3.2 to 18.3.12
@MarcelRaschke
Merge pull request #52 from devcode1981/dependabot/npm_and_yarn/ws-7.5.9
c7ee9eb 
chore(deps): bump ws from 7.3.1 to 7.5.9
@MarcelRaschke
Merge branch 'master' into snyk-fix-7805b70d54e5a862b0e266fcf9339667
4ae3802
@MarcelRaschke
Merge pull request #30 from devcode1981/snyk-fix-7805b70d54e5a862b0e2…
59c6b74 
…66fcf9339667

[Snyk] Security upgrade electron from 9.3.2 to 17.4.11
@MarcelRaschke
Merge pull request #44 from devcode1981/dependabot/npm_and_yarn/nanoi…
03f78f1 
…d-3.3.4

chore(deps): bump nanoid from 3.1.12 to 3.3.4
@MarcelRaschke
Merge pull request #43 from devcode1981/dependabot/npm_and_yarn/ejs-3…
cc95115 
….1.8

chore(deps): bump ejs from 3.1.5 to 3.1.8
@MarcelRaschke
Merge branch 'master' into snyk-fix-c9c39c38b507e852a614330e9ff545e0
70f4cde
@MarcelRaschke
Merge pull request #41 from devcode1981/snyk-fix-c9c39c38b507e852a614…
2407de6 
…330e9ff545e0

[Snyk] Security upgrade electron-builder from 22.8.1 to 23.5.0
@MarcelRaschke
Merge branch 'master' into snyk-fix-21d68bdbe82082f6bb64d70c99e2a0b3
c372a96
@MarcelRaschke
Merge pull request #40 from devcode1981/snyk-fix-21d68bdbe82082f6bb64…
5325dd9 
…d70c99e2a0b3

[Snyk] Security upgrade electron from 9.3.2 to 15.5.3
@dependabot
chore(deps): bump color-string from 1.5.3 to 1.9.1
6cad119 
Bumps [color-string](https://github.com/Qix-/color-string) from 1.5.3 to 1.9.1.
- [Release notes](https://github.com/Qix-/color-string/releases)
- [Changelog](https://github.com/Qix-/color-string/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Qix-/color-string/commits/1.9.1)

---
updated-dependencies:
- dependency-name: color-string
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@MarcelRaschke
Merge pull request #39 from devcode1981/snyk-upgrade-739b227ce3012acf…
609c2f0 
…92ac5b9b263c7bdc

[Snyk] Upgrade ipfsd-ctl from 7.0.0 to 12.0.0
@MarcelRaschke
Merge pull request #53 from devcode1981/dependabot/npm_and_yarn/color…
223af26 
…-string-1.9.1

chore(deps): bump color-string from 1.5.3 to 1.9.1
MarcelRaschke and others added 12 commits September 29, 2022 01:27
@MarcelRaschke
Merge pull request #38 from devcode1981/snyk-upgrade-efe51cb8782e83b3…
edb38fc 
…3971876f99e17817

[Snyk] Upgrade go-ipfs from 0.7.0 to 0.14.0
@MarcelRaschke
Merge pull request #37 from devcode1981/snyk-upgrade-73b7077cf52a2dbe…
708e66a 
…5e05192124953a87

[Snyk] Upgrade mocha from 7.1.2 to 10.0.0
@MarcelRaschke
Merge branch 'master' into snyk-upgrade-d5cd3145200b3bf33d71f9255dce7a66
f17e15d
@MarcelRaschke
Merge pull request #36 from devcode1981/snyk-upgrade-d5cd3145200b3bf3…
7bb82c2 
…3d71f9255dce7a66

[Snyk] Upgrade dotenv from 8.2.0 to 16.0.1
@MarcelRaschke
Merge pull request #35 from devcode1981/snyk-upgrade-1383b5f2ea226bb8…
1bfeabd 
…16e9be90d79e1c63

[Snyk] Upgrade yargs from 15.3.1 to 17.5.1
@MarcelRaschke
Merge branch 'master' into snyk-upgrade-142144d9df93ee2aed44409fd305138c
f7b4ec2
@MarcelRaschke
Merge pull request #34 from devcode1981/snyk-upgrade-142144d9df93ee2a…
1830f40 
…ed44409fd305138c

[Snyk] Upgrade: electron-builder, electron-updater
@MarcelRaschke
Merge branch 'master' into snyk-upgrade-a9b349a8e1efaef4faca25ef8f2fc106
4229d90
@MarcelRaschke
Merge pull request #33 from devcode1981/snyk-upgrade-a9b349a8e1efaef4…
89a3bef 
…faca25ef8f2fc106

[Snyk] Upgrade i18next from 19.4.4 to 21.8.14
@MarcelRaschke
Merge branch 'master' into snyk-upgrade-48086ea1028ad3b19b5501d4ffd996a0
b7b553a
@MarcelRaschke
Merge pull request #32 from devcode1981/snyk-upgrade-48086ea1028ad3b1…
1ee9693 
…9b5501d4ffd996a0

[Snyk] Upgrade ipfs-http-client from 47.0.1 to 57.0.3
@snyk-bot
fix: package.json to reduce vulnerabilities
c375dcd 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818
This was referenced Oct 26, 2022
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
@ai
Status: Todo
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@MarcelRaschke @snyk-bot