Skip to content

chore: bump mocha to 10.1.0 #512

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 24, 2022
Merged

chore: bump mocha to 10.1.0 #512

merged 1 commit into from
Oct 24, 2022

Conversation

lance
Copy link
Member

@lance lance commented Oct 18, 2022

Duplicates #510

Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-MOCHA-2863123		 Yes No Known Exploit

Signed-off-by: Lance Ball lball@redhat.com

Proposed Changes

Description

@lance
chore: bump mocha to 10.1.0
ed24acd 
Duplicates cloudevents#510

Severity                   | Priority Score (*)                   | Issue                   | Breaking Change                   | Exploit Maturity
:-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------
![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity")  |  **589/1000**  <br/> **Why?** Has a fix available, CVSS 7.5  | Regular Expression Denial of Service (ReDoS) <br/>[SNYK-JS-MOCHA-2863123](https://snyk.io/vuln/SNYK-JS-MOCHA-2863123) |  Yes  | No Known Exploit

Signed-off-by: Lance Ball <lball@redhat.com>
@lance lance requested a review from a team October 18, 2022 20:42
@lance lance added the chore/dependencies Pull requests that update a dependency file label Oct 18, 2022
@lance lance mentioned this pull request Oct 18, 2022
Closed
@lance
Copy link
Member Author

lance commented Oct 24, 2022

Landing after > 72 hours with no review, per: https://github.com/cloudevents/spec/blob/main/docs/SDK-maintainer-guidelines.md#landing-pull-requests

@lance lance merged commit 4831e6a into cloudevents:main Oct 24, 2022
@lance lance deleted the bump-mocha branch October 24, 2022 20:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
chore/dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@lance