fix #4837 Update glob due to vulnerability in dep#4970
Merged
juergba merged 8 commits intomochajs:masterfrom Mar 30, 2023
Merged
fix #4837 Update glob due to vulnerability in dep#4970juergba merged 8 commits intomochajs:masterfrom
juergba merged 8 commits intomochajs:masterfrom
Conversation
jb2311
changed the title
… from coffee-script to coffeescript
Contributor
Author
|
@juergba this should be ready to be tested again. 2 things I have concerns about. #1 The tests referenced coffee-script, with a hyphen, but when I ran the tests, I got a "module not found error" and it looks like the hyphen package is depreciated, and mocha's package.json references "coffeescript" with no hyphen, so I updated those tests. Additionally, I got an error during linting that "eslint-plugin-n" is missing. I though it was my local setup, but it also happened when the tests ran in the CI process. Anyways, I added that package to the dev deps. Let me know if you have any questions or concerns |
Contributor
|
@jb2311 thank you for this PR. We will see wether our CI tests will pass. Tbh I don't trust your Edit: looks good, I will have a closer look on coming week-end. Could you evtl. add any link about this additional lint dependency? |
Contributor
Author
|
esline-plugin-node is no longer being maintained, so eslint-plugin-n (https://github.com/eslint-community/eslint-plugin-n) is a fork that is still active. However, I have no idea why it's erroring out without it suddenly. It happened on the first test run, when I did nothing but update the glob package https://github.com/mochajs/mocha/actions/runs/4368808387/jobs/7681675449 Edit: it looks like eslint-plugin-n is a peerDep for some packages. I was running an old version of NPM, newer versions of NPM don't require peerDeps to be referenced in the main package.json, so I removed the package. |
Contributor
Author
|
@juergba have you had a chance to take a look at this? |
juergba
reviewed
Mar 22, 2023
Contributor
juergba
left a comment
juergba
left a comment
There was a problem hiding this comment.
I'm not convinced completely, I'm afraid there might be some unwanted side-effects by windowsPathsNoEscape. Anyway let's do it.
Contributor
Author
|
@juergba updated |
juergba
reviewed
Mar 24, 2023
Contributor
Author
|
@juergba okay, I think the whitespace should be appropriate. |
juergba
added
the
run-browser-test
github-actions
bot
removed
the
run-browser-test
renovate bot
referenced
this pull request
in line/line-bot-sdk-nodejs
Feb 8, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [mocha](https://mochajs.org/) ([source](https://togithub.com/mochajs/mocha)) | [`10.2.0` -> `10.3.0`](https://renovatebot.com/diffs/npm/mocha/10.2.0/10.3.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>mochajs/mocha (mocha)</summary> ### [`v10.3.0`](https://togithub.com/mochajs/mocha/releases/tag/v10.3.0) [Compare Source](https://togithub.com/mochajs/mocha/compare/v10.2.0...v10.3.0) This is a stable release equivalent to [v10.3.0-preminor.0](https://togithub.com/mochajs/mocha/releases/tag/v10.3.0-preminor.0). #### What's Changed - Fix deprecated warn gh actions by [@​outsideris](https://togithub.com/outsideris) in [https://github.com/mochajs/mocha/pull/4962](https://togithub.com/mochajs/mocha/pull/4962) - fix [#​4837](https://togithub.com/mochajs/mocha/issues/4837) Update glob due to vulnerability in dep by [@​jb2311](https://togithub.com/jb2311) in [https://github.com/mochajs/mocha/pull/4970](https://togithub.com/mochajs/mocha/pull/4970) - Add Node v19 to test matrix by [@​juergba](https://togithub.com/juergba) in [https://github.com/mochajs/mocha/pull/4974](https://togithub.com/mochajs/mocha/pull/4974) - chore: fix the ci by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/mochajs/mocha/pull/5020](https://togithub.com/mochajs/mocha/pull/5020) - update can-i-use by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/mochajs/mocha/pull/5021](https://togithub.com/mochajs/mocha/pull/5021) - chore: remove uuid dev dependency by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/mochajs/mocha/pull/5022](https://togithub.com/mochajs/mocha/pull/5022) - chore: remove nanoid as dependency by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/mochajs/mocha/pull/5024](https://togithub.com/mochajs/mocha/pull/5024) - chore: remove touch as dev dependency by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/mochajs/mocha/pull/5023](https://togithub.com/mochajs/mocha/pull/5023) - chore: remove stale workflow by [@​JoshuaKGoldberg](https://togithub.com/JoshuaKGoldberg) in [https://github.com/mochajs/mocha/pull/5029](https://togithub.com/mochajs/mocha/pull/5029) - docs: fix fragment ID for yargs' "extends" documentation by [@​Spencer-Doak](https://togithub.com/Spencer-Doak) in [https://github.com/mochajs/mocha/pull/4918](https://togithub.com/mochajs/mocha/pull/4918) - docs: use mocha.js instead of mocha in the example run by [@​nikolas](https://togithub.com/nikolas) in [https://github.com/mochajs/mocha/pull/4927](https://togithub.com/mochajs/mocha/pull/4927) - docs: fix jsdoc return type of `titlePath` method by [@​F3n67u](https://togithub.com/F3n67u) in [https://github.com/mochajs/mocha/pull/4886](https://togithub.com/mochajs/mocha/pull/4886) - docs: overhaul contributing and maintenance docs for end-of-year 2023 by [@​JoshuaKGoldberg](https://togithub.com/JoshuaKGoldberg) in [https://github.com/mochajs/mocha/pull/5038](https://togithub.com/mochajs/mocha/pull/5038) - docs: touchups to labels and a template title post-revamp by [@​JoshuaKGoldberg](https://togithub.com/JoshuaKGoldberg) in [https://github.com/mochajs/mocha/pull/5050](https://togithub.com/mochajs/mocha/pull/5050) - fix: add alt text to Built with Netlify badge by [@​JoshuaKGoldberg](https://togithub.com/JoshuaKGoldberg) in [https://github.com/mochajs/mocha/pull/5068](https://togithub.com/mochajs/mocha/pull/5068) - chore: inline nyan reporter's write function by [@​JoshuaKGoldberg](https://togithub.com/JoshuaKGoldberg) in [https://github.com/mochajs/mocha/pull/5056](https://togithub.com/mochajs/mocha/pull/5056) - chore: remove unnecessary canvas dependency by [@​JoshuaKGoldberg](https://togithub.com/JoshuaKGoldberg) in [https://github.com/mochajs/mocha/pull/5069](https://togithub.com/mochajs/mocha/pull/5069) #### New Contributors - [@​jb2311](https://togithub.com/jb2311) made their first contribution in [https://github.com/mochajs/mocha/pull/4970](https://togithub.com/mochajs/mocha/pull/4970) - [@​Uzlopak](https://togithub.com/Uzlopak) made their first contribution in [https://github.com/mochajs/mocha/pull/5020](https://togithub.com/mochajs/mocha/pull/5020) - [@​Spencer-Doak](https://togithub.com/Spencer-Doak) made their first contribution in [https://github.com/mochajs/mocha/pull/4918](https://togithub.com/mochajs/mocha/pull/4918) - [@​nikolas](https://togithub.com/nikolas) made their first contribution in [https://github.com/mochajs/mocha/pull/4927](https://togithub.com/mochajs/mocha/pull/4927) - [@​F3n67u](https://togithub.com/F3n67u) made their first contribution in [https://github.com/mochajs/mocha/pull/4886](https://togithub.com/mochajs/mocha/pull/4886) **Full Changelog**: mochajs/mocha@v10.2.0...v10.3.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/line/line-bot-sdk-nodejs). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xNzMuMCIsInVwZGF0ZWRJblZlciI6IjM3LjE3My4wIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIn0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
renovate bot
referenced
this pull request
in matzkoh/eslint-plugin-generate-test-id
Feb 9, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [mocha](https://mochajs.org/) ([source](https://togithub.com/mochajs/mocha)) | [`10.2.0` -> `10.3.0`](https://renovatebot.com/diffs/npm/mocha/10.2.0/10.3.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>mochajs/mocha (mocha)</summary> ### [`v10.3.0`](https://togithub.com/mochajs/mocha/releases/tag/v10.3.0) [Compare Source](https://togithub.com/mochajs/mocha/compare/v10.2.0...v10.3.0) This is a stable release equivalent to [v10.3.0-preminor.0](https://togithub.com/mochajs/mocha/releases/tag/v10.3.0-preminor.0). #### What's Changed - Fix deprecated warn gh actions by [@​outsideris](https://togithub.com/outsideris) in [https://github.com/mochajs/mocha/pull/4962](https://togithub.com/mochajs/mocha/pull/4962) - fix [#​4837](https://togithub.com/mochajs/mocha/issues/4837) Update glob due to vulnerability in dep by [@​jb2311](https://togithub.com/jb2311) in [https://github.com/mochajs/mocha/pull/4970](https://togithub.com/mochajs/mocha/pull/4970) - Add Node v19 to test matrix by [@​juergba](https://togithub.com/juergba) in [https://github.com/mochajs/mocha/pull/4974](https://togithub.com/mochajs/mocha/pull/4974) - chore: fix the ci by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/mochajs/mocha/pull/5020](https://togithub.com/mochajs/mocha/pull/5020) - update can-i-use by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/mochajs/mocha/pull/5021](https://togithub.com/mochajs/mocha/pull/5021) - chore: remove uuid dev dependency by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/mochajs/mocha/pull/5022](https://togithub.com/mochajs/mocha/pull/5022) - chore: remove nanoid as dependency by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/mochajs/mocha/pull/5024](https://togithub.com/mochajs/mocha/pull/5024) - chore: remove touch as dev dependency by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/mochajs/mocha/pull/5023](https://togithub.com/mochajs/mocha/pull/5023) - chore: remove stale workflow by [@​JoshuaKGoldberg](https://togithub.com/JoshuaKGoldberg) in [https://github.com/mochajs/mocha/pull/5029](https://togithub.com/mochajs/mocha/pull/5029) - docs: fix fragment ID for yargs' "extends" documentation by [@​Spencer-Doak](https://togithub.com/Spencer-Doak) in [https://github.com/mochajs/mocha/pull/4918](https://togithub.com/mochajs/mocha/pull/4918) - docs: use mocha.js instead of mocha in the example run by [@​nikolas](https://togithub.com/nikolas) in [https://github.com/mochajs/mocha/pull/4927](https://togithub.com/mochajs/mocha/pull/4927) - docs: fix jsdoc return type of `titlePath` method by [@​F3n67u](https://togithub.com/F3n67u) in [https://github.com/mochajs/mocha/pull/4886](https://togithub.com/mochajs/mocha/pull/4886) - docs: overhaul contributing and maintenance docs for end-of-year 2023 by [@​JoshuaKGoldberg](https://togithub.com/JoshuaKGoldberg) in [https://github.com/mochajs/mocha/pull/5038](https://togithub.com/mochajs/mocha/pull/5038) - docs: touchups to labels and a template title post-revamp by [@​JoshuaKGoldberg](https://togithub.com/JoshuaKGoldberg) in [https://github.com/mochajs/mocha/pull/5050](https://togithub.com/mochajs/mocha/pull/5050) - fix: add alt text to Built with Netlify badge by [@​JoshuaKGoldberg](https://togithub.com/JoshuaKGoldberg) in [https://github.com/mochajs/mocha/pull/5068](https://togithub.com/mochajs/mocha/pull/5068) - chore: inline nyan reporter's write function by [@​JoshuaKGoldberg](https://togithub.com/JoshuaKGoldberg) in [https://github.com/mochajs/mocha/pull/5056](https://togithub.com/mochajs/mocha/pull/5056) - chore: remove unnecessary canvas dependency by [@​JoshuaKGoldberg](https://togithub.com/JoshuaKGoldberg) in [https://github.com/mochajs/mocha/pull/5069](https://togithub.com/mochajs/mocha/pull/5069) #### New Contributors - [@​jb2311](https://togithub.com/jb2311) made their first contribution in [https://github.com/mochajs/mocha/pull/4970](https://togithub.com/mochajs/mocha/pull/4970) - [@​Uzlopak](https://togithub.com/Uzlopak) made their first contribution in [https://github.com/mochajs/mocha/pull/5020](https://togithub.com/mochajs/mocha/pull/5020) - [@​Spencer-Doak](https://togithub.com/Spencer-Doak) made their first contribution in [https://github.com/mochajs/mocha/pull/4918](https://togithub.com/mochajs/mocha/pull/4918) - [@​nikolas](https://togithub.com/nikolas) made their first contribution in [https://github.com/mochajs/mocha/pull/4927](https://togithub.com/mochajs/mocha/pull/4927) - [@​F3n67u](https://togithub.com/F3n67u) made their first contribution in [https://github.com/mochajs/mocha/pull/4886](https://togithub.com/mochajs/mocha/pull/4886) **Full Changelog**: mochajs/mocha@v10.2.0...v10.3.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/matzkoh/eslint-plugin-generate-test-id). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xNzMuMCIsInVwZGF0ZWRJblZlciI6IjM3LjE3My4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
ogkevin-robot bot
referenced
this pull request
in OGKevin/obsidian-kobo-highlights-import
Feb 11, 2024
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [mocha](https://mochajs.org/) ([source](https://togithub.com/mochajs/mocha)) | devDependencies | minor | [`10.2.0` -> `10.3.0`](https://renovatebot.com/diffs/npm/mocha/10.2.0/10.3.0) | --- ### Release Notes <details> <summary>mochajs/mocha (mocha)</summary> ### [`v10.3.0`](https://togithub.com/mochajs/mocha/releases/tag/v10.3.0) [Compare Source](https://togithub.com/mochajs/mocha/compare/v10.2.0...v10.3.0) This is a stable release equivalent to [v10.3.0-preminor.0](https://togithub.com/mochajs/mocha/releases/tag/v10.3.0-preminor.0). #### What's Changed - Fix deprecated warn gh actions by [@​outsideris](https://togithub.com/outsideris) in [https://github.com/mochajs/mocha/pull/4962](https://togithub.com/mochajs/mocha/pull/4962) - fix [#​4837](https://togithub.com/mochajs/mocha/issues/4837) Update glob due to vulnerability in dep by [@​jb2311](https://togithub.com/jb2311) in [https://github.com/mochajs/mocha/pull/4970](https://togithub.com/mochajs/mocha/pull/4970) - Add Node v19 to test matrix by [@​juergba](https://togithub.com/juergba) in [https://github.com/mochajs/mocha/pull/4974](https://togithub.com/mochajs/mocha/pull/4974) - chore: fix the ci by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/mochajs/mocha/pull/5020](https://togithub.com/mochajs/mocha/pull/5020) - update can-i-use by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/mochajs/mocha/pull/5021](https://togithub.com/mochajs/mocha/pull/5021) - chore: remove uuid dev dependency by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/mochajs/mocha/pull/5022](https://togithub.com/mochajs/mocha/pull/5022) - chore: remove nanoid as dependency by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/mochajs/mocha/pull/5024](https://togithub.com/mochajs/mocha/pull/5024) - chore: remove touch as dev dependency by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/mochajs/mocha/pull/5023](https://togithub.com/mochajs/mocha/pull/5023) - chore: remove stale workflow by [@​JoshuaKGoldberg](https://togithub.com/JoshuaKGoldberg) in [https://github.com/mochajs/mocha/pull/5029](https://togithub.com/mochajs/mocha/pull/5029) - docs: fix fragment ID for yargs' "extends" documentation by [@​Spencer-Doak](https://togithub.com/Spencer-Doak) in [https://github.com/mochajs/mocha/pull/4918](https://togithub.com/mochajs/mocha/pull/4918) - docs: use mocha.js instead of mocha in the example run by [@​nikolas](https://togithub.com/nikolas) in [https://github.com/mochajs/mocha/pull/4927](https://togithub.com/mochajs/mocha/pull/4927) - docs: fix jsdoc return type of `titlePath` method by [@​F3n67u](https://togithub.com/F3n67u) in [https://github.com/mochajs/mocha/pull/4886](https://togithub.com/mochajs/mocha/pull/4886) - docs: overhaul contributing and maintenance docs for end-of-year 2023 by [@​JoshuaKGoldberg](https://togithub.com/JoshuaKGoldberg) in [https://github.com/mochajs/mocha/pull/5038](https://togithub.com/mochajs/mocha/pull/5038) - docs: touchups to labels and a template title post-revamp by [@​JoshuaKGoldberg](https://togithub.com/JoshuaKGoldberg) in [https://github.com/mochajs/mocha/pull/5050](https://togithub.com/mochajs/mocha/pull/5050) - fix: add alt text to Built with Netlify badge by [@​JoshuaKGoldberg](https://togithub.com/JoshuaKGoldberg) in [https://github.com/mochajs/mocha/pull/5068](https://togithub.com/mochajs/mocha/pull/5068) - chore: inline nyan reporter's write function by [@​JoshuaKGoldberg](https://togithub.com/JoshuaKGoldberg) in [https://github.com/mochajs/mocha/pull/5056](https://togithub.com/mochajs/mocha/pull/5056) - chore: remove unnecessary canvas dependency by [@​JoshuaKGoldberg](https://togithub.com/JoshuaKGoldberg) in [https://github.com/mochajs/mocha/pull/5069](https://togithub.com/mochajs/mocha/pull/5069) #### New Contributors - [@​jb2311](https://togithub.com/jb2311) made their first contribution in [https://github.com/mochajs/mocha/pull/4970](https://togithub.com/mochajs/mocha/pull/4970) - [@​Uzlopak](https://togithub.com/Uzlopak) made their first contribution in [https://github.com/mochajs/mocha/pull/5020](https://togithub.com/mochajs/mocha/pull/5020) - [@​Spencer-Doak](https://togithub.com/Spencer-Doak) made their first contribution in [https://github.com/mochajs/mocha/pull/4918](https://togithub.com/mochajs/mocha/pull/4918) - [@​nikolas](https://togithub.com/nikolas) made their first contribution in [https://github.com/mochajs/mocha/pull/4927](https://togithub.com/mochajs/mocha/pull/4927) - [@​F3n67u](https://togithub.com/F3n67u) made their first contribution in [https://github.com/mochajs/mocha/pull/4886](https://togithub.com/mochajs/mocha/pull/4886) **Full Changelog**: mochajs/mocha@v10.2.0...v10.3.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://togithub.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xMy4zIiwidXBkYXRlZEluVmVyIjoiMzcuMTMuMyIsInRhcmdldEJyYW5jaCI6Im1hc3RlciJ9-->
solaris007
referenced
this pull request
in adobe/spacecat-shared
Feb 12, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [@aws-sdk/client-dynamodb](https://togithub.com/aws/aws-sdk-js-v3/tree/main/clients/client-dynamodb) ([source](https://togithub.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-dynamodb)) | [`3.506.0` -> `3.511.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-dynamodb/3.506.0/3.511.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [@aws-sdk/client-s3](https://togithub.com/aws/aws-sdk-js-v3/tree/main/clients/client-s3) ([source](https://togithub.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3)) | [`3.507.0` -> `3.511.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-s3/3.507.0/3.511.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [@aws-sdk/client-sqs](https://togithub.com/aws/aws-sdk-js-v3/tree/main/clients/client-sqs) ([source](https://togithub.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-sqs)) | [`3.507.0` -> `3.511.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2fclient-sqs/3.507.0/3.511.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [@aws-sdk/lib-dynamodb](https://togithub.com/aws/aws-sdk-js-v3/tree/main/lib/lib-dynamodb) ([source](https://togithub.com/aws/aws-sdk-js-v3/tree/HEAD/lib/lib-dynamodb)) | [`3.506.0` -> `3.511.0`](https://renovatebot.com/diffs/npm/@aws-sdk%2flib-dynamodb/3.506.0/3.511.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [@typescript-eslint/eslint-plugin](https://togithub.com/typescript-eslint/typescript-eslint) ([source](https://togithub.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin)) | [`6.20.0` -> `6.21.0`](https://renovatebot.com/diffs/npm/@typescript-eslint%2feslint-plugin/6.20.0/6.21.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [@typescript-eslint/parser](https://togithub.com/typescript-eslint/typescript-eslint) ([source](https://togithub.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser)) | [`6.20.0` -> `6.21.0`](https://renovatebot.com/diffs/npm/@typescript-eslint%2fparser/6.20.0/6.21.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [lint-staged](https://togithub.com/okonet/lint-staged) | [`15.2.1` -> `15.2.2`](https://renovatebot.com/diffs/npm/lint-staged/15.2.1/15.2.2) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [mocha](https://mochajs.org/) ([source](https://togithub.com/mochajs/mocha)) | [`10.2.0` -> `10.3.0`](https://renovatebot.com/diffs/npm/mocha/10.2.0/10.3.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [semantic-release](https://togithub.com/semantic-release/semantic-release) | [`23.0.0` -> `23.0.2`](https://renovatebot.com/diffs/npm/semantic-release/23.0.0/23.0.2) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | semantic-release-monorepo | [`8.0.1` -> `8.0.2`](https://renovatebot.com/diffs/npm/semantic-release-monorepo/8.0.1/8.0.2) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>aws/aws-sdk-js-v3 (@​aws-sdk/client-dynamodb)</summary> ### [`v3.511.0`](https://togithub.com/aws/aws-sdk-js-v3/blob/HEAD/clients/client-dynamodb/CHANGELOG.md#35110-2024-02-09) [Compare Source](https://togithub.com/aws/aws-sdk-js-v3/compare/v3.509.0...v3.511.0) **Note:** Version bump only for package [@​aws-sdk/client-dynamodb](https://togithub.com/aws-sdk/client-dynamodb) ### [`v3.509.0`](https://togithub.com/aws/aws-sdk-js-v3/blob/HEAD/clients/client-dynamodb/CHANGELOG.md#35090-2024-02-07) [Compare Source](https://togithub.com/aws/aws-sdk-js-v3/compare/v3.507.0...v3.509.0) **Note:** Version bump only for package [@​aws-sdk/client-dynamodb](https://togithub.com/aws-sdk/client-dynamodb) ### [`v3.507.0`](https://togithub.com/aws/aws-sdk-js-v3/blob/HEAD/clients/client-dynamodb/CHANGELOG.md#35070-2024-02-05) [Compare Source](https://togithub.com/aws/aws-sdk-js-v3/compare/v3.506.0...v3.507.0) ##### Features - unified error dispatcher in protocols ([#​5756](https://togithub.com/aws/aws-sdk-js-v3/issues/5756)) ([0872087](https://togithub.com/aws/aws-sdk-js-v3/commit/0872087ef56422541bd38d293f97613dfd10236f)) </details> <details> <summary>aws/aws-sdk-js-v3 (@​aws-sdk/client-s3)</summary> ### [`v3.511.0`](https://togithub.com/aws/aws-sdk-js-v3/blob/HEAD/clients/client-s3/CHANGELOG.md#35110-2024-02-09) [Compare Source](https://togithub.com/aws/aws-sdk-js-v3/compare/v3.509.0...v3.511.0) **Note:** Version bump only for package [@​aws-sdk/client-s3](https://togithub.com/aws-sdk/client-s3) ### [`v3.509.0`](https://togithub.com/aws/aws-sdk-js-v3/blob/HEAD/clients/client-s3/CHANGELOG.md#35090-2024-02-07) [Compare Source](https://togithub.com/aws/aws-sdk-js-v3/compare/v3.507.0...v3.509.0) **Note:** Version bump only for package [@​aws-sdk/client-s3](https://togithub.com/aws-sdk/client-s3) </details> <details> <summary>aws/aws-sdk-js-v3 (@​aws-sdk/client-sqs)</summary> ### [`v3.511.0`](https://togithub.com/aws/aws-sdk-js-v3/blob/HEAD/clients/client-sqs/CHANGELOG.md#35110-2024-02-09) [Compare Source](https://togithub.com/aws/aws-sdk-js-v3/compare/v3.509.0...v3.511.0) **Note:** Version bump only for package [@​aws-sdk/client-sqs](https://togithub.com/aws-sdk/client-sqs) ### [`v3.509.0`](https://togithub.com/aws/aws-sdk-js-v3/blob/HEAD/clients/client-sqs/CHANGELOG.md#35090-2024-02-07) [Compare Source](https://togithub.com/aws/aws-sdk-js-v3/compare/v3.507.0...v3.509.0) **Note:** Version bump only for package [@​aws-sdk/client-sqs](https://togithub.com/aws-sdk/client-sqs) </details> <details> <summary>aws/aws-sdk-js-v3 (@​aws-sdk/lib-dynamodb)</summary> ### [`v3.511.0`](https://togithub.com/aws/aws-sdk-js-v3/blob/HEAD/lib/lib-dynamodb/CHANGELOG.md#35110-2024-02-09) [Compare Source](https://togithub.com/aws/aws-sdk-js-v3/compare/v3.509.0...v3.511.0) **Note:** Version bump only for package [@​aws-sdk/lib-dynamodb](https://togithub.com/aws-sdk/lib-dynamodb) ### [`v3.509.0`](https://togithub.com/aws/aws-sdk-js-v3/blob/HEAD/lib/lib-dynamodb/CHANGELOG.md#35090-2024-02-07) [Compare Source](https://togithub.com/aws/aws-sdk-js-v3/compare/v3.507.0...v3.509.0) **Note:** Version bump only for package [@​aws-sdk/lib-dynamodb](https://togithub.com/aws-sdk/lib-dynamodb) ### [`v3.507.0`](https://togithub.com/aws/aws-sdk-js-v3/blob/HEAD/lib/lib-dynamodb/CHANGELOG.md#35070-2024-02-05) [Compare Source](https://togithub.com/aws/aws-sdk-js-v3/compare/v3.506.0...v3.507.0) **Note:** Version bump only for package [@​aws-sdk/lib-dynamodb](https://togithub.com/aws-sdk/lib-dynamodb) </details> <details> <summary>typescript-eslint/typescript-eslint (@​typescript-eslint/eslint-plugin)</summary> ### [`v6.21.0`](https://togithub.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/eslint-plugin/CHANGELOG.md#6210-2024-02-05) [Compare Source](https://togithub.com/typescript-eslint/typescript-eslint/compare/v6.20.0...v6.21.0) ##### 🚀 Features - export plugin metadata - allow `parserOptions.project: false` - **eslint-plugin:** add rule prefer-find ##### 🩹 Fixes - **eslint-plugin:** \[no-unused-vars] don't report on types referenced in export assignment expression - **eslint-plugin:** \[switch-exhaustiveness-check] better support for intersections, infinite types, non-union values - **eslint-plugin:** \[consistent-type-imports] dont report on types used in export assignment expressions - **eslint-plugin:** \[no-unnecessary-condition] handle left-hand optional with exactOptionalPropertyTypes option - **eslint-plugin:** \[class-literal-property-style] allow getter when same key setter exists - **eslint-plugin:** \[no-unnecessary-type-assertion] provide valid fixes for assertions with extra tokens before `as` keyword ##### ❤️ Thank You - auvred - Brad Zacher - Kirk Waiblinger - Pete Gonzalez - YeonJuan You can read about our [versioning strategy](https://main--typescript-eslint.netlify.app/users/versioning) and [releases](https://main--typescript-eslint.netlify.app/users/releases) on our website. </details> <details> <summary>typescript-eslint/typescript-eslint (@​typescript-eslint/parser)</summary> ### [`v6.21.0`](https://togithub.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/parser/CHANGELOG.md#6210-2024-02-05) [Compare Source](https://togithub.com/typescript-eslint/typescript-eslint/compare/v6.20.0...v6.21.0) ##### 🚀 Features - allow `parserOptions.project: false` ##### ❤️ Thank You - auvred - Brad Zacher - Kirk Waiblinger - Pete Gonzalez - YeonJuan You can read about our [versioning strategy](https://main--typescript-eslint.netlify.app/users/versioning) and [releases](https://main--typescript-eslint.netlify.app/users/releases) on our website. </details> <details> <summary>okonet/lint-staged (lint-staged)</summary> ### [`v15.2.2`](https://togithub.com/okonet/lint-staged/blob/HEAD/CHANGELOG.md#1522) [Compare Source](https://togithub.com/okonet/lint-staged/compare/v15.2.1...v15.2.2) ##### Patch Changes - [#​1391](https://togithub.com/lint-staged/lint-staged/pull/1391) [`fdcdad4`](https://togithub.com/lint-staged/lint-staged/commit/fdcdad42ff96fea3c05598e378d3c44ad4a51bde) Thanks [@​iiroj](https://togithub.com/iiroj)! - *Lint-staged* no longer tries to load configuration from files that are not checked out. This might happen when using sparse-checkout. </details> <details> <summary>mochajs/mocha (mocha)</summary> ### [`v10.3.0`](https://togithub.com/mochajs/mocha/releases/tag/v10.3.0) [Compare Source](https://togithub.com/mochajs/mocha/compare/v10.2.0...v10.3.0) This is a stable release equivalent to [v10.3.0-preminor.0](https://togithub.com/mochajs/mocha/releases/tag/v10.3.0-preminor.0). #### What's Changed - Fix deprecated warn gh actions by [@​outsideris](https://togithub.com/outsideris) in [https://github.com/mochajs/mocha/pull/4962](https://togithub.com/mochajs/mocha/pull/4962) - fix [#​4837](https://togithub.com/mochajs/mocha/issues/4837) Update glob due to vulnerability in dep by [@​jb2311](https://togithub.com/jb2311) in [https://github.com/mochajs/mocha/pull/4970](https://togithub.com/mochajs/mocha/pull/4970) - Add Node v19 to test matrix by [@​juergba](https://togithub.com/juergba) in [https://github.com/mochajs/mocha/pull/4974](https://togithub.com/mochajs/mocha/pull/4974) - chore: fix the ci by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/mochajs/mocha/pull/5020](https://togithub.com/mochajs/mocha/pull/5020) - update can-i-use by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/mochajs/mocha/pull/5021](https://togithub.com/mochajs/mocha/pull/5021) - chore: remove uuid dev dependency by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/mochajs/mocha/pull/5022](https://togithub.com/mochajs/mocha/pull/5022) - chore: remove nanoid as dependency by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/mochajs/mocha/pull/5024](https://togithub.com/mochajs/mocha/pull/5024) - chore: remove touch as dev dependency by [@​Uzlopak](https://togithub.com/Uzlopak) in [https://github.com/mochajs/mocha/pull/5023](https://togithub.com/mochajs/mocha/pull/5023) - chore: remove stale workflow by [@​JoshuaKGoldberg](https://togithub.com/JoshuaKGoldberg) in [https://github.com/mochajs/mocha/pull/5029](https://togithub.com/mochajs/mocha/pull/5029) - docs: fix fragment ID for yargs' "extends" documentation by [@​Spencer-Doak](https://togithub.com/Spencer-Doak) in [https://github.com/mochajs/mocha/pull/4918](https://togithub.com/mochajs/mocha/pull/4918) - docs: use mocha.js instead of mocha in the example run by [@​nikolas](https://togithub.com/nikolas) in [https://github.com/mochajs/mocha/pull/4927](https://togithub.com/mochajs/mocha/pull/4927) - docs: fix jsdoc return type of `titlePath` method by [@​F3n67u](https://togithub.com/F3n67u) in [https://github.com/mochajs/mocha/pull/4886](https://togithub.com/mochajs/mocha/pull/4886) - docs: overhaul contributing and maintenance docs for end-of-year 2023 by [@​JoshuaKGoldberg](https://togithub.com/JoshuaKGoldberg) in [https://github.com/mochajs/mocha/pull/5038](https://togithub.com/mochajs/mocha/pull/5038) - docs: touchups to labels and a template title post-revamp by [@​JoshuaKGoldberg](https://togithub.com/JoshuaKGoldberg) in [https://github.com/mochajs/mocha/pull/5050](https://togithub.com/mochajs/mocha/pull/5050) - fix: add alt text to Built with Netlify badge by [@​JoshuaKGoldberg](https://togithub.com/JoshuaKGoldberg) in [https://github.com/mochajs/mocha/pull/5068](https://togithub.com/mochajs/mocha/pull/5068) - chore: inline nyan reporter's write function by [@​JoshuaKGoldberg](https://togithub.com/JoshuaKGoldberg) in [https://github.com/mochajs/mocha/pull/5056](https://togithub.com/mochajs/mocha/pull/5056) - chore: remove unnecessary canvas dependency by [@​JoshuaKGoldberg](https://togithub.com/JoshuaKGoldberg) in [https://github.com/mochajs/mocha/pull/5069](https://togithub.com/mochajs/mocha/pull/5069) #### New Contributors - [@​jb2311](https://togithub.com/jb2311) made their first contribution in [https://github.com/mochajs/mocha/pull/4970](https://togithub.com/mochajs/mocha/pull/4970) - [@​Uzlopak](https://togithub.com/Uzlopak) made their first contribution in [https://github.com/mochajs/mocha/pull/5020](https://togithub.com/mochajs/mocha/pull/5020) - [@​Spencer-Doak](https://togithub.com/Spencer-Doak) made their first contribution in [https://github.com/mochajs/mocha/pull/4918](https://togithub.com/mochajs/mocha/pull/4918) - [@​nikolas](https://togithub.com/nikolas) made their first contribution in [https://github.com/mochajs/mocha/pull/4927](https://togithub.com/mochajs/mocha/pull/4927) - [@​F3n67u](https://togithub.com/F3n67u) made their first contribution in [https://github.com/mochajs/mocha/pull/4886](https://togithub.com/mochajs/mocha/pull/4886) **Full Changelog**: mochajs/mocha@v10.2.0...v10.3.0 </details> <details> <summary>semantic-release/semantic-release (semantic-release)</summary> ### [`v23.0.2`](https://togithub.com/semantic-release/semantic-release/releases/tag/v23.0.2) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v23.0.1...v23.0.2) ##### Bug Fixes - **deps:** update dependency marked to v12 ([#​3176](https://togithub.com/semantic-release/semantic-release/issues/3176)) ([38105f5](https://togithub.com/semantic-release/semantic-release/commit/38105f5bc8ac280d8fb726097962bb357bfc5dac)) ### [`v23.0.1`](https://togithub.com/semantic-release/semantic-release/releases/tag/v23.0.1) [Compare Source](https://togithub.com/semantic-release/semantic-release/compare/v23.0.0...v23.0.1) ##### Bug Fixes - **deps:** update dependency marked-terminal to v7 ([9faded8](https://togithub.com/semantic-release/semantic-release/commit/9faded8d50bd056374f79d0a1385dc9f140a85de)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 2pm on Saturday" in timezone Europe/Zurich, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/adobe/spacecat-shared). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xNzMuMCIsInVwZGF0ZWRJblZlciI6IjM3LjE3My4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
](https://renovatebot.com){kind=link}
This was referenced Jul 28, 2024
This was referenced Aug 7, 2024
lennonnikolas
pushed a commit
to lennonnikolas/mocha
that referenced
this pull request
Jan 24, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description of the Change
The minimatch npm package version <=3.0.4 has a security vulnerability explained here: GHSA-f8q6-p94x-37v3
Mocha has the glob package 7.2.0 as a dependency, which in turn has minimatch ^3.0.4 as a dependency
This results in a high security risk warning for consumers of mocha. See #4937 for an example.
This PR changes the glob dependency to 8.1.0 which no longer depends on the insecure version of minimatch.