High vulnerability | [email protected] #4331

deleonio · 2020-06-12T03:10:06Z

Checked that your issue hasn't already been filed by cross-referencing issues with the faq label
Checked next-gen ES issues and syntax problems by using the same environment and/or transpiler configuration without Mocha to ensure it isn't just a feature that actually isn't supported in the environment in question or a bug in your code.
'Smoke tested' the code to be tested by running it outside the real test suite to get a better sense of whether the problem is in the code under test, your usage of Mocha, or Mocha itself
Ensured that there is no discrepancy between the locally and globally installed versions of Mocha. You can find them with: node node_modules/.bin/mocha --version(Local) and mocha --version(Global). We recommend that you not install Mocha globally.

The current mocha version contains a high vulnerability. That is a blocker for our CI/CD pipelines.

Reproduces how often: always

The output of mocha --version and node node_modules/.bin/mocha --version:
The output of node --version:
Your operating system
- name and version:
- architecture (32 or 64-bit):
Your shell (e.g., bash, zsh, PowerShell, cmd):
Your browser and version (if running browser tests):
Any third-party Mocha-related modules (and their versions):
Any code transpiler (e.g., TypeScript, CoffeeScript, Babel) being used (and its version):

The text was updated successfully, but these errors were encountered:

deleonio added the unconfirmed-bug label Jun 12, 2020

deleonio changed the title ~~High vulnerabilty | [email protected]~~ High vulnerability | [email protected] Jun 12, 2020

deleonio mentioned this issue Jun 12, 2020

fix(vulnerabilty): update to [email protected] #4333

Merged

boneskull added area: security involving vulnerabilities and removed unconfirmed-bug labels Jun 12, 2020

boneskull closed this as completed in #4333 Jun 12, 2020

Provide feedback