Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

upgrade mocha #10955

Closed
wants to merge 1 commit into from
Closed

upgrade mocha #10955

wants to merge 1 commit into from

Conversation

rianfowler
Copy link

Description

  • mocha shows up as the first critical security warning in npm audit report
  • upgrading mocha to the version recommended by npm
  • fixed a couple of minor breaking configuration changes

Testing done

Screenshots

Acceptance criteria

  • [ ]

Definition of done

  • Events are logged appropriately
  • Documentation has been updated, if applicable
  • A link has been provided to the originating GitHub issue (or connected to it via ZenHub)
  • No sensitive information (i.e. PII/credentials/internal URLs/etc.) is captured in logging, hardcoded, or specs

@rianfowler rianfowler requested a review from a team October 25, 2019 17:07
@va-bot va-bot temporarily deployed to vetsgov-pr-10955 October 25, 2019 17:08 Inactive
rianfowler
rianfowler commented Oct 25, 2019
View reviewed changes
Copy link
Author

@rianfowler rianfowler left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

relying on the existing unit tests / CI to validate this change

src/platform/testing/unit/mocha.opts
--require src/platform/testing/unit/mocha-setup.js
--require src/platform/testing/unit/enzyme-setup.js
--require choma
--require @babel/polyfill
--require blob-polyfill
--require isomorphic-fetch
--compilers js:@babel/register,jsx:@babel/register
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

compilers is no longer a valid option. also the order matters- our mocha-setup uses import and requires babel to run before it.

@rianfowler
Copy link
Author

rianfowler commented Oct 25, 2019
edited

I'll probalby use yarn audit moving forward- the output was confusing to me so I thought it was different from npm audit so i generated a package-lock.json with npm i --package-lock-only and ran npm audit and got the same thing.

Problem was our audit report is so long because we have a ton of security violations and i just couldn't see the top of it. Had to bump up the buffer size limit on my terminal to see the top of the audit report

@rianfowler
Copy link
Author

rianfowler commented Oct 25, 2019
edited

I don't see anything that will impact us in the major releases notes (nor any awesome new features we can use):

https://github.com/mochajs/mocha/releases/tag/v4.0.0
https://github.com/mochajs/mocha/releases/tag/v5.0.0
https://github.com/mochajs/mocha/releases/tag/v6.0.0

maybe we can use this to improve our error reporting: mochajs/mocha#3125

@rianfowler rianfowler closed this Sep 14, 2020
@timwright12 timwright12 deleted the upgrade-mocha branch July 26, 2021 12:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@U-DON U-DON U-DON approved these changes

@cvalarida cvalarida Awaiting requested review from cvalarida

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@rianfowler @U-DON @va-bot