[Snyk] Upgrade mocha from 5.0.1 to 5.2.0

[snyk-bot]

Snyk has created this PR to upgrade mocha from 5.0.1 to 5.2.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 7 versions ahead of your current version.
• The recommended version was released 2 years ago, on 2018-05-18.

The recommended version fixes:

Severity	Issue	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) npm:diff:20180305	Proof of Concept

Release notes

Package name: mocha

• 5.2.0 - 2018-05-18
  

  5.2.0 / 2018-05-18

  🎉 Enhancements

  • #3375: Add support for comments in mocha.opts (@plroebuck)

  🐛 Fixes

  • #3346: Exit correctly from before hooks when using --bail (@outsideris)

  📖 Documentation

  • #3328: Mocha-flavored API docs! (@Munter)

  🔩 Other

  • #3330: Use Buffer.from() (@harrysarson)
  • #3295: Remove redundant folder (@DavNej)
  • #3356: Refactoring (@plroebuck)
• 5.1.1 - 2018-04-18
  

  5.1.1 / 2018-04-18

  🐛 Fixes

  • #3325: Revert change which broke --watch (@boneskull)
• 5.1.0 - 2018-04-12
  

  5.1.0 / 2018-04-12

  🎉 Enhancements

  • #3210: Add --exclude option (@metalex9)

  🐛 Fixes

  • #3318: Fix failures in circular objects in JSON reporter (@jeversmann, @boneskull)

  📖 Documentation

  • #3323: Publish actual API documentation! (@dfberry, @Munter)
  • #3299: Improve docs around exclusive tests (@nicgirault)

  🔩 Other

  • #3302, #3308, #3310, #3315, #3316: Build matrix improvements (more info) (@outsideris, @boneskull)
  • #3272: Refactor reporter tests (@jMuzsik)
• 5.0.5 - 2018-03-23
  

  5.0.5 / 2018-03-22

  Welcome @outsideris to the team!

  🐛 Fixes

  • #3096: Fix --bail failing to bail within hooks (@outsideris)
  • #3184: Don't skip too many suites (using describe.skip()) (@outsideris)

  📖 Documentation

  • #3133: Improve docs regarding "pending" behavior (@ematicipo)
  • #3276, #3274: Fix broken stuff in CHANGELOG.md (@tagoro9, @honzajavorek)

  🔩 Other

  • #3208: Improve test coverage for AMD users (@outsideris)
  • #3267: Remove vestiges of PhantomJS from CI (@anishkny)
  • #2952: Fix a debug message (@boneskull)
• 5.0.4 - 2018-03-07
  

  5.0.4 / 2018-03-07

  🐛 Fixes

  • #3265: Fixes regression in "watch" functionality introduced in v5.0.2 (@outsideris)
• 5.0.3 - 2018-03-07
  

  5.0.3 / 2018-03-06

  This patch features a fix to address a potential "low severity" ReDoS vulnerability in the diff package (a dependency of Mocha).

  🔒 Security Fixes

  • #3266: Bump diff to v3.5.0 (@anishkny)

  🔩 Other

  • #3011: Expose generateDiff() in Base reporter (@harrysarson)
• 5.0.2 - 2018-03-06
  

  5.0.2 / 2018-03-05

  This release fixes a class of tests which report as false positives. Certain tests will now break, though they would have previously been reported as passing. Details below. Sorry for the inconvenience!

  🐛 Fixes

  • #3226: Do not swallow errors that are thrown asynchronously from passing tests (@boneskull). Example:

    it('should actually fail, sorry!', function (done) {
      // passing assertion
      assert(true === true);
    // test complete & is marked as passing
    
    done();
    // ...but something evil lurks within
    
    setTimeout(() => {
    
    throw new Error('chaos!');
    
    }, 100);
    
    });

    Previously to this version, Mocha would have silently swallowed the chaos! exception, and you wouldn't know. Well, now you know. Mocha cannot recover from this gracefully, so it will exit with a nonzero code.

    Maintainers of external reporters: If a test of this class is encountered, the Runner instance will emit the end event twice; you may need to change your reporter to use runner.once('end') intead of runner.on('end').

  • #3093: Fix stack trace reformatting problem (@outsideris)

  🔩 Other

  • #3248: Update browser-stdout to v1.3.1 (@honzajavorek)
• 5.0.1 - 2018-02-13
  

  5.0.1 / 2018-02-07

  ...your garden-variety patch release.

  Special thanks to Wallaby.js for their continued support! ❤️

  🐛 Fixes

  • #1838: --delay now works with .only() (@silviom)
  • #3119: Plug memory leak present in v8 (@boneskull)

  📖 Documentation

  • #3132, #3098: Update --glob docs (@outsideris)
  • #3212: Update Wallaby.js-related docs (@ArtemGovorov)
  • #3205: Remove outdated cruft (@boneskull)

  🔩 Other

  • #3224: Add proper Wallaby.js config (@ArtemGovorov)
  • #3230: Update copyright year (@josephlin55555)

from mocha GitHub release notes

Commit messages

Package name: mocha

• 5bd33a0 Release v5.2.0
• 0a5604f reformat missed files
• 7c8f551 ensure scripts/*.js gets prettiered
• d8ea2ba update CHANGELOG.md for v5.2.0 [ci skip]
• 7203ed7 update all dependencies
• fb5393b migrate Mocha's tests to Unexpected assertion library (#3343)
• fae9af2 docs(docs/index.md): Update "mocha.opts" documentation
• 9d9e6c6 feat(bin/options.js): Add support for comment lines in "mocha.opts"
• e0306ff fix busted lint-staged config
• f2be6d4 Annotate when exceptions are caught but ignored; closes #3354 (#3356)
• 889e681 remove dead code in bin/_mocha
• 8712b95 fix(ocd): re-order Node.js tests in .travis.yml (descending)
• 3ab0e7e fix to exit correctly when using bail flag
• d87b12e add Node.js v10 to build; fix win32 issues (#3350)
• b392af5 update package-lock.json for npm@6 [ci skip]
• 087dad1 fix(bin/_mocha): Make `--watch-extensions` default to 'js'
• 697952b reformat everything with Prettier
• 11b6867 add Prettier, ESLint and githook integrations
• 933baa7 use custom docs/API.md instead of broken README.md
• dd45d0a use renamed @mocha/docdash
• 9dc45a0 Remove a bunch of jsdoc comments that introduced wrong output
• f4c2bf9 Fix dual class + module exposition of Mocha
• 2f39794 Fix missing LICENSE
• b92c2c7 Replace documentation with jsdoc and use mocha-docdash pretty layout

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs