Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Flat 4.1.0 is deprecated causing an npm warn #4410

Closed
4 tasks done
JaredCE opened this issue Aug 18, 2020 · 2 comments · Fixed by #4458
Closed
4 tasks done

Flat 4.1.0 is deprecated causing an npm warn #4410

JaredCE opened this issue Aug 18, 2020 · 2 comments · Fixed by #4458
Labels
area: security involving vulnerabilities good first issue new contributors should look here! status: accepting prs Mocha can use your help with this one!

Comments

@JaredCE
Copy link

JaredCE commented Aug 18, 2020

Prerequisites

  • Checked that your issue hasn't already been filed by cross-referencing issues with the faq label
  • Checked next-gen ES issues and syntax problems by using the same environment and/or transpiler configuration without Mocha to ensure it isn't just a feature that actually isn't supported in the environment in question or a bug in your code.
  • 'Smoke tested' the code to be tested by running it outside the real test suite to get a better sense of whether the problem is in the code under test, your usage of Mocha, or Mocha itself
  • Ensured that there is no discrepancy between the locally and globally installed versions of Mocha. You can find them with: node node_modules/.bin/mocha --version(Local) and mocha --version(Global). We recommend that you not install Mocha globally.

Description

when installing mocha 8.1.1, npm warns that flat 4.1.0 is deprecated.

Steps to Reproduce

run npm i -g mocha

Expected behavior: [What you expect to happen]

No warns

Actual behavior: [What actually happens]

npm WARN deprecated [email protected]: Fixed a prototype pollution security issue in 4.1.0, please upgrade to ^4.1.1 or ^5.0.1.

Reproduces how often: [What percentage of the time does it reproduce?]

all the time

Versions

mocha 8.1.1
node 12
ubuntu bionic

@outsideris outsideris added area: security involving vulnerabilities and removed unconfirmed-bug labels Aug 23, 2020
@outsideris
Copy link
Contributor

I check there is a deprecation warning in Ubuntu. It is from yarg-unparser, but the latest version of yarg-unparser(1.6.3) still have [email protected].

@boneskull boneskull added good first issue new contributors should look here! status: accepting prs Mocha can use your help with this one! labels Aug 26, 2020
@hubiierik
Copy link

Issue opened in yargs-unparser: yargs/yargs-unparser#67

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area: security involving vulnerabilities good first issue new contributors should look here! status: accepting prs Mocha can use your help with this one!
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants