[Snyk] Upgrade mocha from 8.0.1 to 8.4.0

[snyk-bot]

Snyk has created this PR to upgrade mocha from 8.0.1 to 8.4.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 10 versions ahead of your current version.
• The recommended version was released 2 months ago, on 2021-05-07.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Access Restriction Bypass SNYK-JS-XMLHTTPREQUESTSSL-1255647	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Arbitrary Code Injection SNYK-JS-XMLHTTPREQUESTSSL-1082936	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-610226	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Denial of Service (DoS) SNYK-JS-SOCKETIOPARSER-1056752	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-590103	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Command Injection SNYK-JS-LODASH-1040724	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Insecure Defaults SNYK-JS-SOCKETIO-1024859	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-PATHVAL-596926	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-FLAT-596927	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: mocha

• 8.4.0 - 2021-05-07
  

  8.4.0 / 2021-05-07

  🎉 Enhancements

  • #4502: CLI file parsing errors now have error codes (@ evaline-ju)

  🐛 Fixes

  • #4614: Watch: fix crash when reloading files (@ outsideris)

  📖 Documentation

  • #4630: Add options.require to Mocha constructor for root hook plugins on parallel runs (@ juergba)
  • #4617: Dynamically generating tests with top-level await and ESM test files (@ juergba)
  • #4608: Update default file extensions (@ outsideris)

  Also thanks to @ outsideris for various improvements on our GH actions workflows.

• 8.3.2 - 2021-03-12
  

  8.3.2 / 2021-03-12

  🐛 Fixes

  • #4599: Fix regression in require interface (@ alexander-fenster)

  📖 Documentation

  • #4601: Add build to GH actions run (@ christian-bromann)
  • #4596: Filter active sponsors/backers (@ juergba)
  • #4225: Update config file examples (@ pkuczynski)
• 8.3.1 - 2021-03-06
  

  8.3.1 / 2021-03-06

  🐛 Fixes

  • #4577: Browser: fix EvalError caused by regenerator-runtime (@ snoack)
  • #4574: ESM: allow import from mocha in parallel mode (@ nicojs)
• 8.3.0 - 2021-02-11
  

  8.3.0 / 2021-02-11

  🎉 Enhancements

  • #4506: Add error code for test timeout errors (@ boneskull)
  • #4112: Add BigInt support to stringify util function (@ JosejeSinohui)

  🐛 Fixes

  • #4557: Add file location when SyntaxError happens in ESM (@ giltayar)
  • #4521: Fix require error when bundling Mocha with Webpack (@ devhazem)

  📖 Documentation

  • #4507: Add support for typescript-style docstrings (@ boneskull)
  • #4503: Add GH Actions workflow status badge (@ outsideris)
  • #4494: Add example of generating tests dynamically with a closure (@ maxwellgerber)

  🔩 Other

  • #4556: Upgrade all dependencies to latest stable (@ AviVahl)
  • #4543: Update dependencies yargs and yargs-parser (@ juergba)

  Also thanks to @ outsideris and @ HyunSangHan for various fixes to our website and documentation.

• 8.2.1 - 2020-11-02
  

  8.2.1 / 2020-11-02

  Fixed stuff.

  🐛 Fixes

  • #4489: Fix problematic handling of otherwise-unhandled Promise rejections and erroneous "done() called twice" errors (@ boneskull)
  • #4496: Avoid MaxListenersExceededWarning in watch mode (@ boneskull)

  Also thanks to @ akeating for a documentation fix!

• 8.2.0 - 2020-10-16
  

  8.2.0 / 2020-10-16

  The major feature added in v8.2.0 is addition of support for global fixtures.

  While Mocha has always had the ability to run setup and teardown via a hook (e.g., a before() at the top level of a test file) when running tests in serial, Mocha v8.0.0 added support for parallel runs. Parallel runs are incompatible with this strategy; e.g., a top-level before() would only run for the file in which it was defined.

  With global fixtures, Mocha can now perform user-defined setup and teardown regardless of mode, and these fixtures are guaranteed to run once and only once. This holds for parallel mode, serial mode, and even "watch" mode (the teardown will run once you hit Ctrl-C, just before Mocha finally exits). Tasks such as starting and stopping servers are well-suited to global fixtures, but not sharing resources--global fixtures do not share context with your test files (but they do share context with each other).

  Here's a short example of usage:

  // fixtures.js

  // can be async or not
  exports.mochaGlobalSetup = async function() {
  this.server = await startSomeServer({port: process.env.TEST_PORT});
  console.log(server running on port <span class="pl-s1"><span class="pl-kos">${</span><span class="pl-smi">this</span><span class="pl-kos">.</span><span class="pl-c1">server</span><span class="pl-kos">.</span><span class="pl-c1">port</span><span class="pl-kos">}</span></span>);
  };

  exports.mochaGlobalTeardown = async function() {
  // the context (this) is shared, but not with the test files
  await this.server.stop();
  console.log(server on port <span class="pl-s1"><span class="pl-kos">${</span><span class="pl-smi">this</span><span class="pl-kos">.</span><span class="pl-c1">server</span><span class="pl-kos">.</span><span class="pl-c1">port</span><span class="pl-kos">}</span></span> stopped);
  };

  // this file can contain root hook plugins as well!
  // exports.mochaHooks = { ... }

  Fixtures are loaded with --require, e.g., mocha --require fixtures.js.

  For detailed information, please see the documentation and this handy-dandy flowchart to help understand the differences between hooks, root hook plugins, and global fixtures (and when you should use each).

  🎉 Enhancements

  • #4308: Support run-once global setup & teardown fixtures (@ boneskull)
  • #4442: Multi-part extensions (e.g., test.js) now usable with --extension option (@ jordanstephens)
  • #4472: Leading dots (e.g., .js, .test.js) now usable with --extension option (@ boneskull)
  • #4434: Output of json reporter now contains speed ("fast"/"medium"/"slow") property (@ wwhurin)
  • #4464: Errors thrown by serializer in parallel mode now have error codes (@ evaline-ju)

  For implementors of custom reporters:

  • #4409: Parallel mode and custom reporter improvements (@ boneskull):
    • Support custom worker-process-only reporters (Runner.prototype.workerReporter()); reporters should subclass ParallelBufferedReporter in mocha/lib/nodejs/reporters/parallel-buffered
    • Allow opt-in of object reference matching for "sufficiently advanced" custom reporters (Runner.prototype.linkPartialObjects()); use if strict object equality is needed when consuming Runner event data
    • Enable detection of parallel mode (Runner.prototype.isParallelMode())

  🐛 Fixes

  • #4476: Workaround for profoundly bizarre issue affecting npm v6.x causing some of Mocha's deps to be installed when mocha is present in a package's devDependencies and npm install --production is run the package's working copy (@ boneskull)
  • #4465: Worker processes guaranteed (as opposed to "very likely") to exit before Mocha does; fixes a problem when using nyc with Mocha in parallel mode (@ boneskull)
  • #4419: Restore lookupFiles() in mocha/lib/utils, which was broken/missing in Mocha v8.1.0; it now prints a deprecation warning (use const {lookupFiles} = require('mocha/lib/cli') instead) (@ boneskull)

  Thanks to @ AviVahl, @ donghoon-song, @ ValeriaVG, @ znarf, @ sujin-park, and @ majecty for other helpful contributions!

• 8.1.3 - 2020-08-28
  

  8.1.3 / 2020-08-28

  🐛 Fixes

  • #4425: Restore Mocha.utils.lookupFiles() and Webpack compatibility (both broken since v8.1.0); Mocha.utils.lookupFiles() is now deprecated and will be removed in the next major revision of Mocha; use require('mocha/lib/cli').lookupFiles instead (@ boneskull)
• 8.1.2 - 2020-08-25
  

  8.1.2 / 2020-08-25

  🐛 Fixes

  • #4418: Fix command-line flag incompatibility in forthcoming Node.js v14.9.0 (@ boneskull)
  • #4401: Fix missing global variable in browser (@ irrationnelle)

  🔒 Security Fixes

  • #4396: Update many dependencies (@ GChuf)

  📖 Documentation

  • Various fixes by @ sujin-park, @ wwhurin & @ Donghoon759
• 8.1.1 - 2020-08-04
  

  8.1.1 / 2020-08-04

  🐛 Fixes

  • #4394: Fix regression wherein certain reporters did not correctly detect terminal width (@ boneskull)
• 8.1.0 - 2020-07-30
  Read more
• 8.0.1 - 2020-06-10

from mocha GitHub release notes

Commit messages

Package name: mocha

• 5064c28 Release v8.4.0
• 9cbcc8b update CHANGELOG for v8.4.0 [ci skip]
• 0079ae7 Change CLI file parsing errors to use an error code (#4502)
• d35eb9d docs: add "options.require" to Mocha constructor (#4630) [ci skip]
• 908aa05 GH actions: add Node v16 (#4629)
• 8285910 Watch for test files are crashed (#4614)
• 34643e4 Run browser tests on forked PRs by a dedicated label (#4616)
• 8a2da76 docs: dynamic tests with top-level await (#4617) [ci skip]
• d7ed5c2 Remove unused test.retries(n) (#4611)
• a41f18a GH actions: stale workflow (#4613) [ci skip]
• eb338fd Run eslint check correctly with forked PRs (#4606)
• 3e2dd25 Update README sponsors/backers (#4605) [ci skip]
• dc0ec84 docs: update missed default extensions (#4608) [ci skip]
• 1c7d181 Release v8.3.2
• 2dc8355 update CHANGELOG for v8.3.2 [ci skip]
• 6a47776 Fix: make it().timeout() work again (#4599)
• 1de836b Filter and categorize sponsors/backers (#4596)
• e9860b3 Update config file examples (#4225) [ci skip]
• 21652d9 Add build to GH actions run (#4601)
• c6f874f Release v8.3.1
• a74d007 update CHANGELOG for v8.3.1 [ci skip]
• e29c2f4 Now GH actions support skip ci officially (#4579)
• 8d6d1e3 fix(esm): allow `import` from mocha in parallel (#4574)
• 37efe00 Browser: fix EvalError caused by regenerator-runtime (#4577)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs