Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade gulp-mocha from 3.0.1 to 7.0.0 #48

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade gulp-mocha from 3.0.1 to 7.0.0 #48

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link
Contributor

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
low severity 471/1000
Why? Recently disclosed, Has a fix available, CVSS 3.7		 Prototype Pollution
SNYK-JS-MINIMIST-2429795		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: gulp-mocha The new version differs by 35 commits.
  • c1e272e 7.0.0
  • 4924437 Update Mocha and require Node.js and Gulp 4
  • cde8dc2 6.0.0
  • 1fd70f0 Require Node.js 6
  • fc5cc1f Reduce noise in console output on test failures (#188)
  • eb1f5cc Set color option to what is supported by the current env (#190)
  • c5da1d1 Update mocha to 5.2.0 (#191)
  • 983b0ac 5.0.0
  • 7bc8d9c Add example of using the `exit` option (#185)
  • 3f53145 Add example of using reporterOptions in readme.md (#179)
  • 5045939 Improve usage example
  • 64fef33 Bump Mocha to v4
  • 06b96ba Meta tweaks
  • ac3d7fc Drop dependency on deprecated `gulp-util` (#187)
  • 67b1e3e 4.3.1
  • 315275f Rewrite tests to use AVA
  • 4ac3c98 Cleanup
  • 9ddcbd0 Convert objects to key value lists. Closes #167 (#171)
  • 55004ca Fix `require` option for multiple entries (#173)
  • e878086 4.3.0
  • 9cedf6e Increase the max buffer
  • 43f4b4d 4.2.0
  • edfa4dd Forward stderr too (#168)
  • 9e5d38a Minor readme tweaks

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

@snyk-bot
fix: package.json to reduce vulnerabilities
c95cef4 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot