chore(deps): upgrade all to latest stable #4556

AviVahl · 2021-01-18T19:43:24Z

Description of the Change

bump all production deps to latest stable versions and regenerate lock file from scratch.

npm audit on master:
found 39 vulnerabilities (30 low, 7 moderate, 2 high) in 2645 scanned packages

npm audit on branch:
found 3 low severity vulnerabilities in 2569 scanned packages

Alternate Designs

Keep old versions?
Setup dependabot or renovate bot.
Use carets.

Why should this be in core?

Any bug fixes and/or improvements in new versions.
Better de-duping for consumers.

Benefits

Improved audit result (for repo itself)

Possible Drawbacks

Any version upgrade is susceptible to regressions, especially in non-tested areas.

Applicable issues

#4533

coveralls · 2021-01-18T19:56:01Z

Coverage remained the same at 94.143% when pulling 3056999 on AviVahl:upgrade-production-deps into c667d10 on mochajs:master.

bump all production deps to latest stable versions and regenerate lock file from scratch. `npm audit` on `master`: `found 39 vulnerabilities (30 low, 7 moderate, 2 high) in 2645 scanned packages` `npm audit` on branch: `found 3 low severity vulnerabilities in 2569 scanned packages`

juergba

@AviVahl I pushed your branch to our repo, in order to run the browser test successfully.
The browser test doesn't work with github actions for PR's of forked repos.

lib/cli/config.js

juergba

@AviVahl thank you.

closes #4533

juergba reviewed Jan 29, 2021

View reviewed changes

lib/cli/config.js Show resolved Hide resolved

juergba approved these changes Jan 29, 2021

View reviewed changes

juergba added dependencies Pull requests that update a dependency file area: security involving vulnerabilities semver-patch implementation requires increase of "patch" version number; "bug fixes" labels Jan 29, 2021

juergba added this to the next milestone Jan 29, 2021

juergba merged commit 1a05ad7 into mochajs:master Jan 29, 2021

juergba mentioned this pull request Jan 29, 2021

[email protected] used in Mocha is creating deprecation warnings #4533

Closed

4 tasks

outsideris mentioned this pull request Feb 6, 2021

Upgrade debug module because of Vulnerability #4533 #4544

Closed

juergba modified the milestones: next, v8.3.0 Feb 11, 2021

Omrisnyk mentioned this pull request Dec 7, 2023

[Snyk] Fix for 1 vulnerabilities Omrisnyk/npm-lockfiles#131

Open

nscando mentioned this pull request Sep 7, 2024

[Snyk] Upgrade: , bcrypt, dotenv, express, helmet, mocha, mongodb, passport, passport-jwt, sinon nscando/Passport-Authentication#104

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): upgrade all to latest stable #4556

chore(deps): upgrade all to latest stable #4556

AviVahl commented Jan 18, 2021 •

edited

Loading

coveralls commented Jan 18, 2021 •

edited

Loading

juergba left a comment

juergba left a comment

chore(deps): upgrade all to latest stable #4556

chore(deps): upgrade all to latest stable #4556

Conversation

AviVahl commented Jan 18, 2021 • edited Loading

Description of the Change

Alternate Designs

Why should this be in core?

Benefits

Possible Drawbacks

Applicable issues

coveralls commented Jan 18, 2021 • edited Loading

juergba left a comment

Choose a reason for hiding this comment

juergba left a comment

Choose a reason for hiding this comment

AviVahl commented Jan 18, 2021 •

edited

Loading

coveralls commented Jan 18, 2021 •

edited

Loading