[Snyk] Security upgrade mocha from 3.5.3 to 11.0.1

[Exnadella]

User description

Snyk has created this PR to fix 2 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• packages/wct-browser-legacy/package.json
• packages/wct-browser-legacy/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	631
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	479

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

---

PR Type

enhancement, dependencies

---

Description

• Upgraded the mocha dependency in package.json from version ^3.4.2 to ^11.0.1 to address security vulnerabilities.
• This upgrade fixes vulnerabilities related to "Missing Release of Resource after Effective Lifetime" and "Regular Expression Denial of Service (ReDoS)".
• The changes aim to enhance security by reducing vulnerabilities in the npm dependencies.

---

Changes walkthrough 📝

	Relevant files
Dependencies	package.json Upgrade mocha dependency to address vulnerabilities            packages/wct-browser-legacy/package.json Updated mocha dependency version from ^3.4.2 to ^11.0.1. +1/-1
Additional files (token-limit)	package-lock.json ...                                                                                                            packages/wct-browser-legacy/package-lock.json ... +1121/-534

---

💡 PR-Agent usage: Comment /help "your question" on any pull request to receive relevant information

[qodo-merge-pro]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 1 🔵⚪⚪⚪⚪

🧪 No relevant tests

🔒 No security concerns identified

⚡ Recommended focus areas for review Version Compatibility Major version upgrade of mocha from 3.x to 11.x may introduce breaking changes that could affect test execution and behavior

[qodo-merge-pro]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Score
Possible issue	Major version upgrades should be approached incrementally to avoid breaking changes The major version jump from Mocha 3.x to 11.x likely introduces breaking changes. Consider upgrading incrementally through major versions or thoroughly test the application with Mocha 11 to ensure compatibility. packages/wct-browser-legacy/package.json [36] -"mocha": "^11.0.1", +"mocha": "^3.4.2", Apply this suggestion Suggestion importance[1-10]: 9 Why: Jumping from Mocha 3.x to 11.x is a significant version leap that could introduce major breaking changes and compatibility issues. This suggestion correctly identifies a potential high-risk change that could break test functionality.	9

💡 Need additional feedback ? start a PR chat