Upgrade Mocha dependency to 5.x

Mocha 3.x dependended on Growl 1.9.2 which had a security
vulnerability. Hence, we are upgrading our dependency to Mocha to
ensure that this security vulnerability is no longer exposed.

Note however that as Mocha is purely used for the testing of
dockerfile-utils. We have no reason to believe that dockerfile-utils.

Signed-off-by: Remy Suen <[email protected]>

CHANGELOG.md

@@ -8,6 +8,11 @@ All notable changes to this project will be documented in this file.
 - warn if ARG instruction does not define a name for the variable ([#45](https://github.com/rcjsuen/dockerfile-utils/issues/45))
 - flag incorrectly quoted arguments for ARG, ENV, and LABEL ([#40](https://github.com/rcjsuen/dockerfile-utils/issues/40))
 
+### Changed
+- [upgraded the dependency of Mocha](https://github.com/mochajs/mocha/issues/2791) from 3.x to 5.x
+  - versions prior to 4.x of Mocha dependended on Growl 1.9.2 which contained a [security vulnerability](https://github.com/tj/node-growl/issues/60)
+  - as Mocha is a `devDependencies` module, there is no reason to believe that the `dockerfile-ast` module itself was affected by this vulnerability
+
 ### Fixed
 - fix incorrect validaiton warning in ARG, ENV, and LABEL instructions caused by quotes being used in variable replacements ([#36](https://github.com/rcjsuen/dockerfile-utils/issues/36))
 - fix incorrect validation of tagged images caused by FROM referencing images in a private registry ([#39](https://github.com/rcjsuen/dockerfile-utils/issues/39))

package.json

@@ -31,9 +31,9 @@
     "vscode-languageserver-types": "3.6.0"
   },
   "devDependencies": {
-    "@types/mocha": "^2.2.33",
+    "@types/mocha": "^5.2.0",
     "@types/node": "^6.0.52",
-    "mocha": "^3.2.0",
+    "mocha": "^5.2.0",
     "typescript": "^2.1.5",
     "nyc": "^11.0.2"
   },