Update dependency mocha to v6 - autoclosed

[mend-for-github-com]

This PR contains the following updates:

Package	Type	Update	Change
mocha (source)	dependencies	major	^3.5.3 -> ^6.0.0

By merging this PR, the issue #1 will be automatically resolved and closed:

Severity	CVSS Score	CVE	Reachability
Critical	9.8	CVE-2017-16042
Critical	9.8	CVE-2021-44906
High	7.5	CVE-2017-20165
High	7.5	WS-2021-0638
High	7.1	WS-2018-0590
Medium	5.6	CVE-2020-7598
Medium	5.3	WS-2019-0425
Low	3.7	CVE-2017-16137

---

Release Notes

mochajs/mocha (mocha)

v6.2.3

Compare Source

🔒 Security Fixes

• 848d6fb8: Update dependencies mkdirp, yargs-parser and yargs (@​juergba)

v6.2.2

Compare Source

🐛 Fixes

• #​4025: Fix duplicate EVENT_RUN_END events upon uncaught exception (@​juergba)
• #​4051: Fix "unhide" function in html reporter (browser) (@​pec9399)
• #​4063: Fix use of esm in Node.js v8.x (@​boneskull)
• #​4033: Fix output when multiple async exceptions are thrown (@​juergba)

📖 Documentation

• #​4046: Site accessibility fixes (@​Mia-jeong)
• #​4026: Update docs for custom reporters in browser (@​Lindsay-Needs-Sleep)
• #​3971: Adopt new OpenJS Foundation Code of Conduct (@​craigtaub)

v6.2.1

Compare Source

🐛 Fixes

• #​3955: tty.getWindowSize is not a function inside a "worker_threads" worker (@​1999)
• #​3970: remove extraGlobals() (@​juergba)
• #​3984: Update yargs-unparser to v1.6.0 (@​juergba)
• #​3983: Package 'esm': spawn child-process for correct loading (@​juergba)
• #​3986: Update yargs to v13.3.0 and yargs-parser to v13.1.1 (@​juergba)

📖 Documentation

• #​3886: fix styles on mochajs.org (@​outsideris)
• #​3966: Remove jsdoc index.html placeholder from eleventy file structure and fix broken link in jsdoc tutorial (@​Munter)
• #​3765: Add Matomo to website (@​MarioDiaz98)
• #​3947: Clarify effect of .skip() (@​oliversalzburg)

v6.2.0

Compare Source

🎉 Enhancements

• #​3827: Do not fork child-process if no Node flags are present (@​boneskull)
• #​3725: Base reporter store ref to console.log, see mocha/wiki (@​craigtaub)

🐛 Fixes

• #​3942: Fix "No test files found" Error when file is passed via --file (@​gabegorelick)
• #​3914: Modify Mocha constructor to accept options global or globals (@​pascalpp)
• #​3894: Fix parsing of config files with _mocha binary (@​juergba)
• #​3834: Fix CLI parsing with default values (@​boneskull, @​juergba)
• #​3831: Fix --timeout/--slow string values and duplicate arguments (@​boneskull, @​juergba)

📖 Documentation

• #​3906: Document option to define custom report name for XUnit reporter (@​pkuczynski)
• #​3889: Adds doc links for mocha-examples (@​craigtaub)
• #​3887: Fix broken links (@​toyjhlee)
• #​3841: Fix anchors to configuration section (@​trescube)

🔍 Coverage

• #​3915, #​3929: Increase tests coverage for --watch options (@​geigerzaehler)

🔩 Other

• #​3953: Collect test files later, prepares improvements to the --watch mode behavior (@​geigerzaehler)
• #​3939: Upgrade for npm audit (@​boneskull)
• #​3930: Extract runWatch into separate module (@​geigerzaehler)
• #​3922: Add mocha.min.js file to stacktrace filter (@​brian-lagerman)
• #​3919: Update CI config files to use Node-12.x (@​plroebuck)
• #​3892: Rework reporter tests (@​plroebuck)
• #​3872: Rename --exclude to --ignore and create alias (@​boneskull)
• #​3963: Hide stacktrace when cli args are missing (@​outsideris)
• #​3956: Do not redeclare variable in docs array example (@​DanielRuf)
• #​3957: Remove duplicate line-height property in mocha.css (@​DanielRuf)
• #​3960: Don't re-initialize grep option on watch re-run (@​geigerzaehler)

v6.1.4

Compare Source

🔒 Security Fixes

• #​3877: Upgrade js-yaml, addressing code injection vulnerability (@​bjornstar)

v6.1.3

Compare Source

🐛 Fixes

• #​3863: Fix yargs-related global scope pollution (@​inukshuk)
• #​3869: Fix failure when installed w/ pnpm (@​boneskull)

v6.1.2

Compare Source

🐛 Fixes

• #​3867: Re-publish v6.1.1 from POSIX OS to avoid dropped executable flags (@​boneskull)

v6.1.1

Compare Source

🐛 Fixes

• #​3866: Fix Windows End-of-Line publishing issue (@​juergba & @​cspotcode)

v6.1.0

Compare Source

🔒 Security Fixes

• #​3845: Update dependency "js-yaml" to v3.13.0 per npm security advisory (@​plroebuck)

🎉 Enhancements

• #​3766: Make reporter constructor support optional options parameter (@​plroebuck)
• #​3760: Add support for config files with .jsonc extension (@​sstephant)

📠 Deprecations

These are soft-deprecated, and will emit a warning upon use. Support will be removed in (likely) the next major version of Mocha:

• #​3719: Deprecate this.skip() for "after all" hooks (@​juergba)

🐛 Fixes

• #​3829: Use cwd-relative pathname to load config file (@​plroebuck)
• #​3745: Fix async calls of this.skip() in "before each" hooks (@​juergba)
• #​3669: Enable --allow-uncaught for uncaught exceptions thrown inside hooks (@​givanse)

and some regressions:

• #​3848: Fix Suite cloning by copying root property (@​fatso83)
• #​3816: Guard against undefined timeout option (@​boneskull)
• #​3814: Update "yargs" in order to avoid deprecation message (@​boneskull)
• #​3788: Fix support for multiple node flags (@​aginzberg)

📖 Documentation

• mochajs/mocha-examples: New repository of working examples of common configurations using mocha (@​craigtaub)
• #​3850: Remove pound icon showing on header hover on docs (@​jd2rogers2)
• #​3812: Add autoprefixer to documentation page CSS (@​Munter)
• #​3811: Update doc examples "tests.html" (@​DavidLi119)
• #​3807: Mocha website HTML tweaks (@​plroebuck)
• #​3793: Update config file example ".mocharc.yml" (@​cspotcode)

🔩 Other

• #​3830: Replace dependency "findup-sync" with "find-up" for faster startup (@​cspotcode)
• #​3799: Update devDependencies to fix many npm vulnerabilities (@​XhmikosR)

v6.0.2

Compare Source

🐛 Fixes

Two more regressions fixed:

• #​3768: Test file paths no longer dropped from mocha.opts (@​boneskull)
• #​3767: --require does not break on module names that look like certain node flags (@​boneskull)

v6.0.1

Compare Source

The obligatory round of post-major-release bugfixes.

🐛 Fixes

These issues were regressions.

• #​3754: Mocha again finds test.js when run without arguments (@​plroebuck)
• #​3756: Mocha again supports third-party interfaces via --ui (@​boneskull)
• #​3755: Fix broken --watch (@​boneskull)
• #​3759: Fix unwelcome deprecation notice when Mocha run against languages (CoffeeScript) with implicit return statements; returning a non-undefined value from a describe callback is no longer considered deprecated (@​boneskull)

📖 Documentation

• #​3738: Upgrade to @mocha/docdash@2 (@​tendonstrength)
• #​3751: Use preferred names for example config files (@​Szauka)

v6.0.0

Compare Source

🎉 Enhancements

• #​3726: Add ability to unload files from require cache (@​plroebuck)

🐛 Fixes

• #​3737: Fix falsy values from options globals (@​plroebuck)
• #​3707: Fix encapsulation issues for Suite#_onlyTests and Suite#_onlySuites (@​vkarpov15)
• #​3711: Fix diagnostic messages dealing with plurality and markup of output (@​plroebuck)
• #​3723: Fix "reporter-option" to allow comma-separated options (@​boneskull)
• #​3722: Fix code quality and performance of lookupFiles and files (@​plroebuck)
• #​3650, #​3654: Fix noisy error message when no files found (@​craigtaub)
• #​3632: Tests having an empty title are no longer confused with the "root" suite (@​juergba)
• #​3666: Fix missing error codes (@​vkarpov15)
• #​3684: Fix exiting problem in Node.js v11.7.0+ (@​addaleax)
• #​3691: Fix --delay (and other boolean options) not working in all cases (@​boneskull)
• #​3692: Fix invalid command-line argument usage not causing actual errors (@​boneskull)
• #​3698, #​3699: Fix debug-related Node.js options not working in all cases (@​boneskull)
• #​3700: Growl notifications now show the correct number of tests run (@​outsideris)
• #​3686: Avoid potential ReDoS when diffing large objects (@​cyjake)
• #​3715: Fix incorrect order of emitted events when used programmatically (@​boneskull)
• #​3706: Fix regression wherein --reporter-option/--reporter-options did not support comma-separated key/value pairs (@​boneskull)

📖 Documentation

• #​3652: Switch from Jekyll to Eleventy (@​Munter)

🔩 Other

• #​3677: Add error objects for createUnsupportedError and createInvalidExceptionError (@​boneskull)
• #​3733: Removed unnecessary processing in post-processing hook (@​wanseob)
• #​3730: Update nyc to latest version (@​coreyfarrell)
• #​3648, #​3680: Fixes to support latest versions of unexpected and unexpected-sinon (@​sunesimonsen)
• #​3638: Add meta tag to site (@​MartijnCuppens)
• #​3653: Fix parts of test suite failing to run on Windows (@​boneskull)

v5.2.0

Compare Source

🎉 Enhancements

• #​3375: Add support for comments in mocha.opts (@​plroebuck)

🐛 Fixes

• #​3346: Exit correctly from before hooks when using --bail (@​outsideris)

📖 Documentation

• #​3328: Mocha-flavored API docs! (@​Munter)

🔩 Other

• #​3330: Use Buffer.from() (@​harrysarson)
• #​3295: Remove redundant folder (@​DavNej)
• #​3356: Refactoring (@​plroebuck)

v5.1.1

Compare Source

🐛 Fixes

• #​3325: Revert change which broke --watch (@​boneskull)

v5.1.0

Compare Source

🎉 Enhancements

• #​3210: Add --exclude option (@​metalex9)

🐛 Fixes

• #​3318: Fix failures in circular objects in JSON reporter (@​jeversmann, @​boneskull)

📖 Documentation

• #​3323: Publish actual API documentation! (@​dfberry, @​Munter)
• #​3299: Improve docs around exclusive tests (@​nicgirault)

🔩 Other

• #​3302, #​3308, #​3310, #​3315, #​3316: Build matrix improvements (more info) (@​outsideris, @​boneskull)
• #​3272: Refactor reporter tests (@​jMuzsik)

v5.0.5

Compare Source

Welcome @​outsideris to the team!

🐛 Fixes

• #​3096: Fix --bail failing to bail within hooks (@​outsideris)
• #​3184: Don't skip too many suites (using describe.skip()) (@​outsideris)

📖 Documentation

• #​3133: Improve docs regarding "pending" behavior (@​ematicipo)
• #​3276, #​3274: Fix broken stuff in CHANGELOG.md (@​tagoro9, @​honzajavorek)

🔩 Other

• #​3208: Improve test coverage for AMD users (@​outsideris)
• #​3267: Remove vestiges of PhantomJS from CI (@​anishkny)
• #​2952: Fix a debug message (@​boneskull)

v5.0.4

Compare Source

🐛 Fixes

• #​3265: Fixes regression in "watch" functionality introduced in v5.0.2 (@​outsideris)

v5.0.3

Compare Source

This patch features a fix to address a potential "low severity" ReDoS vulnerability in the diff package (a dependency of Mocha).

🔒 Security Fixes

• #​3266: Bump diff to v3.5.0 (@​anishkny)

🔩 Other

• #​3011: Expose generateDiff() in Base reporter (@​harrysarson)

v5.0.2

Compare Source

This release fixes a class of tests which report as false positives. Certain tests will now break, though they would have previously been reported as passing. Details below. Sorry for the inconvenience!

🐛 Fixes

• #​3226: Do not swallow errors that are thrown asynchronously from passing tests (@​boneskull). Example:

  ```js
  it('should actually fail, sorry!', function (done) {
  // passing assertion
  assert(true === true);

  // test complete & is marked as passing
  done();

  // ...but something evil lurks within
  setTimeout(() => {
  throw new Error('chaos!');
  }, 100);
  });
  ```

  Previously to this version, Mocha would have silently swallowed the chaos! exception, and you wouldn't know. Well, now you know. Mocha cannot recover from this gracefully, so it will exit with a nonzero code.

  Maintainers of external reporters: If a test of this class is encountered, the Runner instance will emit the end event twice; you may need to change your reporter to use runner.once('end') intead of runner.on('end').

• #​3093: Fix stack trace reformatting problem (@​outsideris)

🔩 Other

• #​3248: Update browser-stdout to v1.3.1 (@​honzajavorek)

v5.0.1

Compare Source

...your garden-variety patch release.

Special thanks to Wallaby.js for their continued support! ❤️

🐛 Fixes

• #​1838: --delay now works with .only() (@​silviom)
• #​3119: Plug memory leak present in v8 (@​boneskull)

📖 Documentation

• #​3132, #​3098: Update --glob docs (@​outsideris)
• #​3212: Update Wallaby.js-related docs (@​ArtemGovorov)
• #​3205: Remove outdated cruft (@​boneskull)

🔩 Other

• #​3224: Add proper Wallaby.js config (@​ArtemGovorov)
• #​3230: Update copyright year (@​josephlin55555)

v5.0.0

Compare Source

Mocha starts off 2018 right by again dropping support for unmaintained rubbish.

Welcome @​vkarpov15 to the team!

💥 Breaking Changes

• #​3148: Drop support for IE9 and IE10 (@​Bamieh)
  Practically speaking, only code which consumes (through bundling or otherwise) the userland buffer module should be affected. However, Mocha will no longer test against these browsers, nor apply fixes for them.

🎉 Enhancements

• #​3181: Add useful new --file command line argument (documentation) (@​hswolff)

🐛 Fixes

• #​3187: Fix inaccurate test duration reporting (@​FND)
• #​3202: Fix bad markup in HTML reporter (@​DanielRuf)

😎 Developer Experience

• #​2352: Ditch GNU Make for nps to manage scripts (@​TedYav)

📖 Documentation

• #​3137: Add missing --no-timeouts docs (@​dfberry)
• #​3134: Improve done() callback docs (@​maraisr)
• #​3135: Fix cross-references (@​vkarpov15)
• #​3163: Fix tpyos (@​tbroadley)
• #​3177: Tweak README.md organization (@​xxczaki)
• Misc updates (@​boneskull)

🔩 Other

• #​3118: Move TextMate Integration to its own repo (@​Bamieh)
• #​3185: Add Node.js v9 to build matrix; remove v7 (@​xxczaki)
• #​3172: Markdown linting (@​boneskull)
• Test & Netlify updates (@​Munter, @​boneskull)

v4.1.0

Compare Source

4.1.0 / 2017-12-28

This is mainly a "housekeeping" release.

Welcome @​Bamieh and @​xxczaki to the team!

🐛: Fixes

• #​2661: progress reporter now accepts reporter options (@​canoztokmak)
• #​3142: xit in bdd interface now properly returns its Test object (@​Bamieh)
• #​3075: Diffs now computed eagerly to avoid misinformation when reported (@​abrady0)
• #​2745: --help will now help you even if you have a mocha.opts (@​Zarel)

🎉 Enhancements

• #​2514: The --no-diff flag will completely disable diff output (@​CapacitorSet)
• #​3058: All "setters" in Mocha's API are now also "getters" if called without arguments (@​makepanic)

📖 Documentation

• #​3170: Optimization and site speed improvements (@​Munter)
• #​2987: Moved the old site repo into the main repo under docs/ (@​boneskull)
• #​2896: Add maintainer guide (@​boneskull)
• Various fixes and updates (@​xxczaki, @​maty21, @​leedm777)

🔩 Other

• Test improvements and fixes (@​eugenet8k, @​ngeor, @​38elements, @​Gerhut, @​ScottFreeCode, @​boneskull)
• Refactoring and cruft excision (@​38elements, @​Bamieh, @​finnigantime, @​boneskull)

v4.0.1

Compare Source

4.0.1 / 2017-10-05

🐛 Fixes

• #​3051: Upgrade Growl to v1.10.3 to fix its peer dep problems (@​dpogue)

v4.0.0

Compare Source

4.0.0 / 2017-10-02

You might want to read this before filing a new bug! 😝

💥 Breaking Changes

For more info, please read this article.

Compatibility

• #​3016: Drop support for unmaintained versions of Node.js (@​boneskull):
  • 0.10.x
  • 0.11.x
  • 0.12.x
  • iojs (any)
  • 5.x.x
• #​2979: Drop support for non-ES5-compliant browsers (@​boneskull):
  • IE7
  • IE8
  • PhantomJS 1.x
• #​2615: Drop Bower support; old versions (3.x, etc.) will remain available (@​ScottFreeCode, @​boneskull)

Default Behavior

• #​2879: By default, Mocha will no longer force the process to exit once all tests complete. This means any test code (or code under test) which would normally prevent node from exiting will do so when run in Mocha. Supply the --exit flag to revert to pre-v4.0.0 behavior (@​ScottFreeCode, @​boneskull)

Reporter Output

• #​2095: Remove stdout: prefix from browser reporter logs (@​skeggse)
• #​2295: Add separator in "unified diff" output (@​olsonpm)
• #​2686: Print failure message when --forbid-pending or --forbid-only is specified (@​ScottFreeCode)
• #​2814: Indent contexts for better readability when reporting failures (@​charlierudolph)

👎 Deprecations

• #​2493: The --compilers command-line option is now soft-deprecated and will emit a warning on STDERR. Read this for more info and workarounds (@​ScottFreeCode, @​boneskull)

🎉 Enhancements

• #​2628: Allow override of default test suite name in XUnit reporter (@​ngeor)

📖 Documentation

• #​3020: Link to CLA in README.md and CONTRIBUTING.md (@​skeggse)

🔩 Other

• #​2890: Speed up build by (re-)consolidating SauceLabs tests (@​boneskull)

---

• If you want to rebase/retry this PR, check this box