[Snyk] Upgrade: , c8, chai, mocha #2652

WontonSam · 2024-09-10T08:04:53Z

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

Name	Versions	Released on

@google-apps/meet
from 0.1.1 to 0.3.0 | 2 versions ahead of your current version | 4 months ago
on 2024-05-21
c8
from 8.0.1 to 10.1.2 | 6 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 3 months ago
on 2024-06-13
chai
from 4.5.0 to 5.1.1 | 9 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 4 months ago
on 2024-05-09
mocha
from 8.4.0 to 10.7.3 | 25 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a month ago
on 2024-08-09

Issues fixed by the recommended upgrade:

Issue	Score	Exploit Maturity
Regular Expression Denial of Service (ReDoS) SNYK-JS-MOCHA-2863123	45	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	45	No Known Exploit
Information Exposure SNYK-JS-NANOID-2332193	45	Proof of Concept
Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-6147607	45	Proof of Concept

Release notes

Package name: @google-apps/meet

0.3.0 - 2024-05-21
0.2.0 - 2024-04-16
0.1.1 - 2024-03-12

from @google-apps/meet GitHub release notes

Package name: c8

10.1.2 - 2024-06-13
10.1.2 (2024-06-13)

Bug Fixes
- deps: make monocart-coverage-reports an optional with meta defined (3b91fda)
10.1.1 - 2024-06-11
10.1.1 (2024-06-11)

Bug Fixes
- stop installing monocart-coverage-reports (#535) (13979a7)
10.1.0 - 2024-06-11
10.1.0 (2024-06-11)

Features
- add experimental monocart reports (#521) (2e5e297)
10.0.0 - 2024-06-10
10.0.0 (2024-06-10)

⚠ BREAKING CHANGES
- deps: Node 18 is now the minimum supported Node.js version
Bug Fixes
- deps: update test-exclude with new glob / minimatch (#531) (e33cf30)
9.1.0 - 2024-01-12
9.1.0 (2024-01-11)

Features
- support passing reporter options from config (#459) (88db5db)
Bug Fixes
- refactor: remove stale check for createDynamicModule (5e18365)
9.0.0 - 2024-01-03
9.0.0 (2024-01-03)

⚠ BREAKING CHANGES
- build: minimum Node.js version is now 14.14.0
Features
- build: minimum Node.js version is now 14.14.0 (2cdc86b)
- deps: update foreground-child to promise API (#512) (b46b640)
- deps: use Node.js built in rm (2cdc86b)
8.0.1 - 2023-07-25
8.0.1 (2023-07-25)

Bug Fixes
- deps: update istanbul deps (#485) (3be8bd9), closes #478

from c8 GitHub release notes

Package name: chai

5.1.1 - 2024-05-09
What's Changed
- Set up ESLint for JSDoc comments by @ koddsson in #1605
- build(deps-dev): bump ip from 1.1.8 to 1.1.9 by @ dependabot in #1608
- Correct Mocha import instructions by @ MattiSG in #1611
- fix: support some virtual contexts in toThrow by @ 43081j in #1609
New Contributors
- @ MattiSG made their first contribution in #1611
Full Changelog: v5.1.0...v5.1.1
5.1.0 - 2024-02-12
What's Changed
- Remove useless guards and add parentheses to constuctors by @ koddsson in #1593
- Cleanup jsdoc comments by @ koddsson in #1596
- Convert comments in "legal comments" format to jsdoc or normal comments by @ koddsson in #1598
- Implement iterable assertion by @ koddsson in #1592
- Assert interface fix by @ developer-bandi in #1601
- Set support in same members by @ koddsson in #1583
- Fix publish script by @ koddsson in #1602
New Contributors
- @ developer-bandi made their first contribution in #1601
Full Changelog: v5.0.3...v5.1.0
5.0.3 - 2024-01-25
Fix bad v5.0.2 publish.

Full Changelog: v5.0.2...v5.0.3
5.0.2 - 2024-01-25
What's Changed
- build(deps): bump nanoid and mocha by @ dependabot in #1558
- remove bump-cli by @ koddsson in #1559
- Update developer dependencies by @ koddsson in #1560
- fix: removes ?? for node compat (5.x) by @ 43081j in #1576
- Update loupe to latest version by @ koddsson in #1579
- Re-enable some webkit tests by @ koddsson in #1580
- Remove a bunch of if statements in test/should.js by @ koddsson in #1581
- Remove a bunch of unused files by @ koddsson in #1582
- Fix 1564 by @ koddsson in #1566
Full Changelog: v5.0.1...v5.0.2
5.0.0 - 2023-12-28
BREAKING CHANGES
- Chai now only supports EcmaScript Modules (ESM). This means your tests will need to either have import {...} from 'chai' or import('chai'). require('chai') will cause failures in nodejs. If you're using ESM and seeing failures, it may be due to a bundler or transpiler which is incorrectly converting import statements into require calls.
- Dropped support for Internet Explorer.
- Dropped support for NodeJS < 18.
- Minimum supported browsers are now Firefox 100, Safari 14.1, Chrome 100, Edge 100. Support for browsers prior to these versions is "best effort" (bug reports on older browsers will be assessed individually and may be marked as wontfix).
What's Changed
- feat: use chaijs/loupe for inspection by @ pcorpet in #1401
- docs: fix URL in README by @ Izzur in #1413
- Remove get-func-name dependency by @ koddsson in #1416
- Convert Makefile script to npm scripts by @ koddsson in #1424
- Clean up README badges by @ koddsson in #1422
- fix: package.json - deprecation warning on exports field by @ stevenjoezhang in #1400
- fix: deep-eql bump package to support symbols by @ snewcomer in #1458
- ES module conversion PoC by @ 43081j in #1498
- chore: drop commonjs support by @ 43081j in #1503
- Update pathval by @ koddsson in #1527
- Update check-error by @ koddsson in #1528
- update deep-eql to latest version by @ koddsson in #1542
- Inline type-detect as a simple function by @ koddsson in #1544
- Update loupe by @ koddsson in #1545
- Typo 'Test an object' not 'Test and object' by @ mavaddat in #1460
- Update assertion-error to it's latest major version! by @ koddsson in #1543
- Replacing Karma with Web Test Runner by @ koddsson in #1546
New Contributors
- @ Izzur made their first contribution in #1413
- @ stevenjoezhang made their first contribution in #1400
- @ 43081j made their first contribution in #1498
Full Changelog: 4.3.1...v5.0.0
5.0.0-rc.0 - 2023-12-06
The first Release Candidate of chai@v5 is here!

We've put out a few alpha versions and tested them out in various projects with good success. This RC includes all those changes plus any fixes that we've discovered since then.

Please try it out in your projects and let us know if you run into any issues so we can make fixes before version 5!

Thanks for using Chai 🙏🏻

What's Changed
- feat: use chaijs/loupe for inspection by @ pcorpet in #1401
- docs: fix URL in README by @ Izzur in #1413
- Remove get-func-name dependency by @ koddsson in #1416
- Convert Makefile script to npm scripts by @ koddsson in #1424
- Clean up README badges by @ koddsson in #1422
- fix: package.json - deprecation warning on exports field by @ stevenjoezhang in #1400
- fix: deep-eql bump package to support symbols by @ snewcomer in #1458
- ES module conversion PoC by @ 43081j in #1498
- chore: drop commonjs support by @ 43081j in #1503
- Update pathval by @ koddsson in #1527
- Update check-error by @ koddsson in #1528
- update deep-eql to latest version by @ koddsson in #1542
- Inline type-detect as a simple function by @ koddsson in #1544
- Update loupe by @ koddsson in #1545
- Typo 'Test an object' not 'Test and object' by @ mavaddat in #1460
- Update assertion-error to it's latest major version! by @ koddsson in #1543
- Replacing Karma with Web Test Runner by @ koddsson in #1546
- remove codecov by @ koddsson in #1548
- remove chai version constant by @ koddsson in #1550
- Remove istanbul by @ koddsson in #1549
New Contributors
- @ Izzur made their first contribution in #1413
- @ koddsson made their first contribution in #1416
- @ stevenjoezhang made their first contribution in #1400
- @ 43081j made their first contribution in #1498
Full Changelog: v4.3.10...v5.0.0-rc.0
5.0.0-alpha.2 - 2023-10-30
What's Changed
- update deep-eql to latest version by @ koddsson in #1542
- Inline type-detect as a simple function by @ koddsson in #1544
- Update loupe by @ koddsson in #1545
- Typo 'Test an object' not 'Test and object' by @ mavaddat in #1460
- Update assertion-error to it's latest major version! by @ koddsson in #1543
- Replacing Karma with Web Test Runner by @ koddsson in #1546
Full Changelog: v5.0.0-alpha.1...v5.0.0-alpha.2
5.0.0-alpha.1 - 2023-07-26
5.0.0-alpha.0 - 2023-02-07
4.5.0 - 2024-07-25

from chai GitHub release notes

Package name: mocha

10.7.3 - 2024-08-09
10.7.3 (2024-08-09)

🩹 Fixes
- make release-please build work (#5194) (afd66ef)
10.7.0 - 2024-07-20
What's Changed
- feat: add option to not fail on failing test suite by @ ilgonmic in #4771
New Contributors
- @ ilgonmic made their first contribution in #4771
Full Changelog: v10.6.1...v10.7.0
10.6.1 - 2024-07-20
What's Changed
- fix: do not exit when only unref'd timer is present in test code by @ boneskull in #3825
- fix: support canonical module by @ JacobLey in #5040
Full Changelog: v10.6.0...v10.6.1
10.6.0 - 2024-07-02
What's Changed
- feat: allow ^ versions for character encoding packages by @ JoshuaKGoldberg in #5150
- feat: allow ^ versions for yargs packages by @ JoshuaKGoldberg in #5152
- feat: allow ^ versions for file matching packages by @ JoshuaKGoldberg in #5151
- feat: allow ^ versions for data serialization packages by @ JoshuaKGoldberg in #5153
- feat: allow ^ versions for miscellaneous packages by @ JoshuaKGoldberg in #5154
Full Changelog: v10.5.2...v10.6.0
10.5.2 - 2024-06-26
What's Changed
- fix: better tracking of seen objects in error serialization by @ sam-super in #5032
New Contributors
- @ sam-super made their first contribution in

Snyk has created this PR to upgrade: - @google-apps/meet from 0.1.1 to 0.3.0. See this package in npm: https://www.npmjs.com/package/@google-apps/meet - c8 from 8.0.1 to 10.1.2. See this package in npm: https://www.npmjs.com/package/c8 - chai from 4.5.0 to 5.1.1. See this package in npm: https://www.npmjs.com/package/chai - mocha from 8.4.0 to 10.7.3. See this package in npm: https://www.npmjs.com/package/mocha See this project in Snyk: https://app.snyk.io/org/cachiman/project/f305f7cb-e3df-45d2-b461-56b1670f454c?utm_source=github&utm_medium=referral&page=upgrade-pr

google-cla · 2024-09-10T08:04:58Z

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[Snyk] Upgrade: , c8, chai, mocha #2652

Are you sure you want to change the base?

[Snyk] Upgrade: , c8, chai, mocha #2652

Conversation

WontonSam commented Sep 10, 2024

Snyk has created this PR to upgrade multiple dependencies.

Issues fixed by the recommended upgrade:

10.1.2 (2024-06-13)

Bug Fixes

10.1.1 (2024-06-11)

Bug Fixes

10.1.0 (2024-06-11)

Features

10.0.0 (2024-06-10)

⚠ BREAKING CHANGES

Bug Fixes

9.1.0 (2024-01-11)

Features

Bug Fixes

9.0.0 (2024-01-03)

⚠ BREAKING CHANGES

Features

8.0.1 (2023-07-25)

Bug Fixes

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

BREAKING CHANGES

What's Changed

New Contributors

What's Changed

New Contributors

What's Changed

10.7.3 (2024-08-09)

🩹 Fixes

What's Changed

New Contributors

What's Changed

What's Changed

What's Changed

New Contributors

google-cla bot commented Sep 10, 2024