Update dependency mocha to v6

[mend-for-github-com]

This PR contains the following updates:

Package	Type	Update	Change
mocha (source)	devDependencies	major	^2.4.5 -> ^6.0.0

By merging this PR, the below issues will be automatically resolved and closed:

Severity	CVSS Score	CVE	GitHub Issue
High	9.8	CVE-2017-16042	#53
High	7.5	CVE-2016-10540	#9
High	7.1	WS-2018-0590	#32
Medium	5.3	CVE-2017-16137	#17
Medium	5.3	WS-2019-0425	#83

---

Release Notes

mochajs/mocha

v6.0.0

Compare Source

🎉 Enhancements

• #​3726: Add ability to unload files from require cache (@​plroebuck)

🐛 Fixes

• #​3737: Fix falsy values from options globals (@​plroebuck)
• #​3707: Fix encapsulation issues for Suite#_onlyTests and Suite#_onlySuites (@​vkarpov15)
• #​3711: Fix diagnostic messages dealing with plurality and markup of output (@​plroebuck)
• #​3723: Fix "reporter-option" to allow comma-separated options (@​boneskull)
• #​3722: Fix code quality and performance of lookupFiles and files (@​plroebuck)
• #​3650, #​3654: Fix noisy error message when no files found (@​craigtaub)
• #​3632: Tests having an empty title are no longer confused with the "root" suite (@​juergba)
• #​3666: Fix missing error codes (@​vkarpov15)
• #​3684: Fix exiting problem in Node.js v11.7.0+ (@​addaleax)
• #​3691: Fix --delay (and other boolean options) not working in all cases (@​boneskull)
• #​3692: Fix invalid command-line argument usage not causing actual errors (@​boneskull)
• #​3698, #​3699: Fix debug-related Node.js options not working in all cases (@​boneskull)
• #​3700: Growl notifications now show the correct number of tests run (@​outsideris)
• #​3686: Avoid potential ReDoS when diffing large objects (@​cyjake)
• #​3715: Fix incorrect order of emitted events when used programmatically (@​boneskull)
• #​3706: Fix regression wherein --reporter-option/--reporter-options did not support comma-separated key/value pairs (@​boneskull)

📖 Documentation

• #​3652: Switch from Jekyll to Eleventy (@​Munter)

🔩 Other

• #​3677: Add error objects for createUnsupportedError and createInvalidExceptionError (@​boneskull)
• #​3733: Removed unnecessary processing in post-processing hook (@​wanseob)
• #​3730: Update nyc to latest version (@​coreyfarrell)
• #​3648, #​3680: Fixes to support latest versions of unexpected and unexpected-sinon (@​sunesimonsen)
• #​3638: Add meta tag to site (@​MartijnCuppens)
• #​3653: Fix parts of test suite failing to run on Windows (@​boneskull)

v5.2.0

Compare Source

🎉 Enhancements

• #​3375: Add support for comments in mocha.opts (@​plroebuck)

🐛 Fixes

• #​3346: Exit correctly from before hooks when using --bail (@​outsideris)

📖 Documentation

• #​3328: Mocha-flavored API docs! (@​Munter)

🔩 Other

• #​3330: Use Buffer.from() (@​harrysarson)
• #​3295: Remove redundant folder (@​DavNej)
• #​3356: Refactoring (@​plroebuck)

v5.1.1

Compare Source

🐛 Fixes

• #​3325: Revert change which broke --watch (@​boneskull)

v5.1.0

Compare Source

🎉 Enhancements

• #​3210: Add --exclude option (@​metalex9)

🐛 Fixes

• #​3318: Fix failures in circular objects in JSON reporter (@​jeversmann, @​boneskull)

📖 Documentation

• #​3323: Publish actual API documentation! (@​dfberry, @​Munter)
• #​3299: Improve docs around exclusive tests (@​nicgirault)

🔩 Other

• #​3302, #​3308, #​3310, #​3315, #​3316: Build matrix improvements (more info) (@​outsideris, @​boneskull)
• #​3272: Refactor reporter tests (@​jMuzsik)

v5.0.5

Compare Source

Welcome @​outsideris to the team!

🐛 Fixes

• #​3096: Fix --bail failing to bail within hooks (@​outsideris)
• #​3184: Don't skip too many suites (using describe.skip()) (@​outsideris)

📖 Documentation

• #​3133: Improve docs regarding "pending" behavior (@​ematicipo)
• #​3276, #​3274: Fix broken stuff in CHANGELOG.md (@​tagoro9, @​honzajavorek)

🔩 Other

• #​3208: Improve test coverage for AMD users (@​outsideris)
• #​3267: Remove vestiges of PhantomJS from CI (@​anishkny)
• #​2952: Fix a debug message (@​boneskull)

v5.0.4

Compare Source

🐛 Fixes

• #​3265: Fixes regression in "watch" functionality introduced in v5.0.2 (@​outsideris)

v5.0.3

Compare Source

This patch features a fix to address a potential "low severity" ReDoS vulnerability in the diff package (a dependency of Mocha).

🔒 Security Fixes

• #​3266: Bump diff to v3.5.0 (@​anishkny)

🔩 Other

• #​3011: Expose generateDiff() in Base reporter (@​harrysarson)

v5.0.2

Compare Source

This release fixes a class of tests which report as false positives. Certain tests will now break, though they would have previously been reported as passing. Details below. Sorry for the inconvenience!

🐛 Fixes

• #​3226: Do not swallow errors that are thrown asynchronously from passing tests (@​boneskull). Example:

  ```js
  it('should actually fail, sorry!', function (done) {
  // passing assertion
  assert(true === true);

  // test complete & is marked as passing
  done();

  // ...but something evil lurks within
  setTimeout(() => {
  throw new Error('chaos!');
  }, 100);
  });
  ```

  Previously to this version, Mocha would have silently swallowed the chaos! exception, and you wouldn't know. Well, now you know. Mocha cannot recover from this gracefully, so it will exit with a nonzero code.

  Maintainers of external reporters: If a test of this class is encountered, the Runner instance will emit the end event twice; you may need to change your reporter to use runner.once('end') intead of runner.on('end').

• #​3093: Fix stack trace reformatting problem (@​outsideris)

🔩 Other

• #​3248: Update browser-stdout to v1.3.1 (@​honzajavorek)

v5.0.1

Compare Source

...your garden-variety patch release.

Special thanks to Wallaby.js for their continued support! ❤️

🐛 Fixes

• #​1838: --delay now works with .only() (@​silviom)
• #​3119: Plug memory leak present in v8 (@​boneskull)

📖 Documentation

• #​3132, #​3098: Update --glob docs (@​outsideris)
• #​3212: Update Wallaby.js-related docs (@​ArtemGovorov)
• #​3205: Remove outdated cruft (@​boneskull)

🔩 Other

• #​3224: Add proper Wallaby.js config (@​ArtemGovorov)
• #​3230: Update copyright year (@​josephlin55555)

v5.0.0

Compare Source

Mocha starts off 2018 right by again dropping support for unmaintained rubbish.

Welcome @​vkarpov15 to the team!

💥 Breaking Changes

• #​3148: Drop support for IE9 and IE10 (@​Bamieh)
  Practically speaking, only code which consumes (through bundling or otherwise) the userland buffer module should be affected. However, Mocha will no longer test against these browsers, nor apply fixes for them.

🎉 Enhancements

• #​3181: Add useful new --file command line argument (documentation) (@​hswolff)

🐛 Fixes

• #​3187: Fix inaccurate test duration reporting (@​FND)
• #​3202: Fix bad markup in HTML reporter (@​DanielRuf)

😎 Developer Experience

• #​2352: Ditch GNU Make for nps to manage scripts (@​TedYav)

📖 Documentation

• #​3137: Add missing --no-timeouts docs (@​dfberry)
• #​3134: Improve done() callback docs (@​maraisr)
• #​3135: Fix cross-references (@​vkarpov15)
• #​3163: Fix tpyos (@​tbroadley)
• #​3177: Tweak README.md organization (@​xxczaki)
• Misc updates (@​boneskull)

🔩 Other

• #​3118: Move TextMate Integration to its own repo (@​Bamieh)
• #​3185: Add Node.js v9 to build matrix; remove v7 (@​xxczaki)
• #​3172: Markdown linting (@​boneskull)
• Test & Netlify updates (@​Munter, @​boneskull)

v4.1.0

Compare Source

4.1.0 / 2017-12-28

This is mainly a "housekeeping" release.

Welcome @​Bamieh and @​xxczaki to the team!

🐛: Fixes

• #​2661: progress reporter now accepts reporter options (@​canoztokmak)
• #​3142: xit in bdd interface now properly returns its Test object (@​Bamieh)
• #​3075: Diffs now computed eagerly to avoid misinformation when reported (@​abrady0)
• #​2745: --help will now help you even if you have a mocha.opts (@​Zarel)

🎉 Enhancements

• #​2514: The --no-diff flag will completely disable diff output (@​CapacitorSet)
• #​3058: All "setters" in Mocha's API are now also "getters" if called without arguments (@​makepanic)

📖 Documentation

• #​3170: Optimization and site speed improvements (@​Munter)
• #​2987: Moved the old site repo into the main repo under docs/ (@​boneskull)
• #​2896: Add maintainer guide (@​boneskull)
• Various fixes and updates (@​xxczaki, @​maty21, @​leedm777)

🔩 Other

• Test improvements and fixes (@​eugenet8k, @​ngeor, @​38elements, @​Gerhut, @​ScottFreeCode, @​boneskull)
• Refactoring and cruft excision (@​38elements, @​Bamieh, @​finnigantime, @​boneskull)

v4.0.1

Compare Source

4.0.1 / 2017-10-05

🐛 Fixes

• #​3051: Upgrade Growl to v1.10.3 to fix its peer dep problems (@​dpogue)

v4.0.0

Compare Source

4.0.0 / 2017-10-02

You might want to read this before filing a new bug! 😝

💥 Breaking Changes

For more info, please read this article.

Compatibility

• #​3016: Drop support for unmaintained versions of Node.js (@​boneskull):
  • 0.10.x
  • 0.11.x
  • 0.12.x
  • iojs (any)
  • 5.x.x
• #​2979: Drop support for non-ES5-compliant browsers (@​boneskull):
  • IE7
  • IE8
  • PhantomJS 1.x
• #​2615: Drop Bower support; old versions (3.x, etc.) will remain available (@​ScottFreeCode, @​boneskull)

Default Behavior

• #​2879: By default, Mocha will no longer force the process to exit once all tests complete. This means any test code (or code under test) which would normally prevent node from exiting will do so when run in Mocha. Supply the --exit flag to revert to pre-v4.0.0 behavior (@​ScottFreeCode, @​boneskull)

Reporter Output

• #​2095: Remove stdout: prefix from browser reporter logs (@​skeggse)
• #​2295: Add separator in "unified diff" output (@​olsonpm)
• #​2686: Print failure message when --forbid-pending or --forbid-only is specified (@​ScottFreeCode)
• #​2814: Indent contexts for better readability when reporting failures (@​charlierudolph)

👎 Deprecations

• #​2493: The --compilers command-line option is now soft-deprecated and will emit a warning on STDERR. Read this for more info and workarounds (@​ScottFreeCode, @​boneskull)

🎉 Enhancements

• #​2628: Allow override of default test suite name in XUnit reporter (@​ngeor)

📖 Documentation

• #​3020: Link to CLA in README.md and CONTRIBUTING.md (@​skeggse)

🔩 Other

• #​2890: Speed up build by (re-)consolidating SauceLabs tests (@​boneskull)

v3.5.3

Compare Source

3.5.3 / 2017-09-11

🐛 Fixes

• #​3003: Fix invalid entities in xUnit reporter first appearing in v3.5.1 (@​jkrems)

v3.5.2

Compare Source

3.5.2 / 2017-09-10

🐛 Fixes

• #​3001: Fix AMD-related failures first appearing in v3.5.1 (@​boneskull)

v3.5.1

Compare Source

3.5.1 / 2017-09-09

📰 News

• 📣 Mocha is now sponsoring PDXNode! If you're in the Portland area, come check out the monthly talks and hack nights!

🐛 Fixes

• #​2997: Fix missing xit export for "require" interface (@​solodynamo)
• #​2957: Fix unicode character handling in XUnit reporter failures (@​jkrems)

🔩 Other

• #​2986: Add issue and PR templates (@​kungapal)
• #​2918: Drop bash dependency for glob-related tests (@​ScottFreeCode)
• #​2922: Improve --compilers coverage (@​ScottFreeCode)
• #​2981: Fix tpyos and spelling errors (@​jsoref)

v3.5.0

Compare Source

v3.5.0 / 2017-07-31

📰 News

• Mocha now has a code of conduct (thanks @​kungapal!).
• Old issues and PRs are now being marked "stale" by Probot's "Stale" plugin. If an issue is marked as such, and you would like to see it remain open, simply add a new comment to the ticket or PR.
• WARNING: Support for non-ES5-compliant environments will be dropped starting with version 4.0.0 of Mocha!

🔒 Security Fixes

• #​2860: Address CVE-2015-8315 via upgrade of debug (@​boneskull)

🎉 Enhancements

• #​2696: Add --forbid-only and --forbid-pending flags. Use these in CI or hooks to ensure tests aren't accidentally being skipped! (@​charlierudolph)
• #​2813: Support Node.js 8's --napi-modules flag (@​jupp0r)

🔩 Other

• Various CI-and-test-related fixes and improvements (@​boneskull, @​dasilvacontin, @​PopradiArpad, @​Munter, @​ScottFreeCode)
• "Officially" support Node.js 8 (@​elergy)

v3.4.2

Compare Source

3.4.2 / 2017-05-24

🐛 Fixes

• #​2802: Remove call to deprecated os.tmpDir (@​makepanic)
• #​2820: Eagerly set process.exitCode (@​chrisleck)

🔩 Other

• #​2778: Move linting into an npm script (@​Munter)

v3.4.1

Compare Source

Fixed a publishing mishap with git's autocrlf settings.

v3.3.0

Compare Source

Thanks to all our contributors, maintainers, sponsors, and users! ❤️

As highlights:

• We've got coverage now!
• Testing is looking less flaky \o/.
• No more nitpicking about "mocha.js" build on PRs.

🎉 Enhancements

• #​2659: Adds support for loading reporter from an absolute or relative path (@​sul4bh)
• #​2769: Support --inspect-brk on command-line (@​igwejk)

🐛 Fixes

• #​2662: Replace unicode chars w/ hex codes in HTML reporter (@​rotemdan)

🔍 Coverage

• #​2672: Add coverage for node tests (@​c089, @​Munter)
• #​2680: Increase tests coverage for base reporter (@​epallerols)
• #​2690: Increase tests coverage for doc reporter (@​craigtaub)
• #​2701: Increase tests coverage for landing, min, tap and list reporters (@​craigtaub)
• #​2691: Increase tests coverage for spec + dot reporters (@​craigtaub)
• #​2698: Increase tests coverage for xunit reporter (@​craigtaub)
• #​2699: Increase tests coverage for json-stream, markdown and progress reporters (@​craigtaub)
• #​2703: Cover .some() function in utils.js with tests (@​seppevs)
• #​2773: Add tests for loading reporters w/ relative/absolute paths (@​sul4bh)

🔩 Other

• Remove bin/.eslintrc; ensure execs are linted (@​boneskull)
• #​2542: Expand CONTRIBUTING.md (@​boneskull)
• #​2660: Double timeouts on integration tests (@​Munter)
• #​2653: Update copyright year ([@​Scottkao85], @​Munter)
• #​2621: Update dependencies to enable Greenkeeper (@​boneskull, @​greenkeeper)
• #​2625: Use trusty container in travis-ci; use "artifacts" addon (@​boneskull)
• #​2670: doc(CONTRIBUTING): fix link to org members (@​coderbyheart)
• Add Mocha propaganda to README.md (@​boneskull)
• #​2470: Avoid test flake in "delay" test (@​boneskull)
• #​2675: Limit browser concurrency on sauce (@​boneskull)
• #​2669: Use temporary test-only build of mocha.js for browsers tests (@​Munter)
• Fix "projects" link in README.md (@​boneskull)
• #​2678: Chore(Saucelabs): test on IE9, IE10 and IE11 (@​coderbyheart)
• #​2648: Use semistandard directly (@​kt3k)
• #​2727: Make the build reproducible (@​lamby)

v3.2.0

Compare Source

3.2.0 / 2016-11-24

📰 News

Mocha is now a JS Foundation Project!

Mocha is proud to have joined the JS Foundation. For more information, read the announcement.

Contributor License Agreement

Under the foundation, all contributors to Mocha must sign the JS Foundation CLA before their code can be merged. When sending a PR--if you have not already signed the CLA--a friendly bot will ask you to do so.

Mocha remains licensed under the MIT license.

🐛 Bug Fix

• #​2535: Fix crash when --watch encounters broken symlinks (@​villesau)
• #​2593: Fix (old) regression; incorrect symbol shown in list reporter (@​Aldaviva)
• #​2584: Fix potential error when running XUnit reporter (@​vobujs)

🎉 Enhancement

• #​2294: Improve timeout error messaging (@​jeversmann, @​boneskull)
• #​2520: Add info about --inspect flag to CLI help (@​ughitsaaron)

🔩 Other

• #​2570: Use karma-mocha proper (@​boneskull)
• Licenses updated to reflect new copyright, add link to license and browser matrix to README.md (@​boneskull, @​ScottFreeCode, @​dasilvacontin)

Thanks to all our contributors, sponsors and backers! Keep on the lookout for a public roadmap and new contribution guide coming soon.

v3.1.2

Compare Source

3.1.2 / 2016-10-10

🐛 Bug Fix

• #​2528: Recovery gracefully if an Error's stack property isn't writable ([@​boneskull])

v3.1.1

Compare Source

3.1.1 / 2016-10-09

🐛 Bug Fix

• #​1417: Don't report done() was called multiple times when it wasn't (@​frankleonrose)

🔩 Other

• #​2490: Lint with semistandard config (@​makepanic)
• #​2525: Lint all .js files ([@​boneskull])
• #​2524: Provide workaround for developers unable to run browser tests on macOS Sierra ([@​boneskull])

v3.1.0

Compare Source

3.1.0 / 2016-09-27

🎉 Enhancement

• #​2357: Support --inspect on command-line (@​simov)
• #​2194: Human-friendly error if no files are matched on command-line (@​Munter)
• #​1744: Human-friendly error if a Suite has no callback (BDD/TDD only) (@​anton)

🐛 Bug Fix

• #​2488: Fix case in which variables beginning with lowercase "D" may not have been reported properly as global leaks (@​JustATrick) 😆
• #​2465: Always halt execution in async function when this.skip() is called (@​boneskull)
• #​2445: Exits with expected code 130 when SIGINT encountered; exit code can no longer rollover at 256 (@​Munter)
• #​2315: Fix uncaught TypeError thrown from callback stack (@​1999)
• Fix broken only()/skip() in IE7/IE8 (@​boneskull)
• #​2502: Fix broken stack trace filter on Node.js under Windows (@​boneskull)
• #​2496: Fix diff output for objects instantiated with String constructor (more) (@​boneskull)

v3.0.2

Compare Source

v3.0.1

Compare Source

v3.0.0

Compare Source

---

• If you want to rebase/retry this PR, click this checkbox.