Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

deps: mocha@9.2.2 #115

Merged
merged 3 commits into from
Dec 20, 2024
Merged

deps: mocha@9.2.2 #115

merged 3 commits into from
Dec 20, 2024

Conversation

masterkey-07
Copy link
Contributor

Seing that the mocha and cookie packages has a vulnerability on older versions, i decided to upgraded the packages to remove the vulnerabilities, and decided to change the version text adding a "^" so that in the future, new updates of this packages will be installed instead of a fixed version, it may be better to use "~" for only bug fixes.

Seing that the mocha and cookie packages has a vulnerability on older versions, i decided to upgraded the packages to remove the vulnerabilities, and decided to change the version text adding a "^" so that in the future, new updates of this packages will be installed instead of a fixed version, it may be better to use "~" for only bug fixes
@UlisesGascon
Copy link
Member

Hey @masterkey-07! Thanks for creating this PR and helping the project ❤️

Can you create a new PR or recycle this one just for mocha upgrade?

Currently cookie was upgraded in https://www.npmjs.com/package/cookie-parser/v/1.4.7, also regarding caret there is an open discussion in expressjs/discussions#279. I prefer anchored versions until we have a consensus on the caret policy 😉

@UlisesGascon UlisesGascon marked this pull request as draft October 8, 2024 18:30
@masterkey-07 masterkey-07 marked this pull request as ready for review October 8, 2024 22:51
@masterkey-07
Copy link
Contributor Author

Hi @UlisesGascon!

I made the change only for the mocha package, but it still has the caret.

@UlisesGascon UlisesGascon changed the title package: updated mocha and cookie versions to remove vulnerability deps: mocha@9.2.2 Oct 9, 2024
@UlisesGascon UlisesGascon self-assigned this Oct 9, 2024
Copy link
Member

@bjohansebas bjohansebas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@UlisesGascon UlisesGascon merged commit 53edbda into expressjs:master Dec 20, 2024
26 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants