mocha icon indicating copy to clipboard operation
mocha copied to clipboard
verified publisher icon mochajs

Fix 4903

Open aljones15 opened this issue 3 years ago • 3 comments

Requirements

  • Filling out the template is required. Any pull request that does not include enough information to be reviewed in a timely manner may be closed at the maintainers' discretion.
  • All new code requires tests to ensure against regressions.

Description of the Change

Upgrades yargs and yargs-parser

Alternate Designs

Why should this be in core?

Removes security vulnerabilities found in yargs related deps.

Benefits

Upgrades yargs to latest version.

Possible Drawbacks

Could break some cli functionality not properly tested

Applicable issues

Addresses: https://github.com/mochajs/mocha/issues/4903

aljones15 avatar Aug 17 '22 19:08 aljones15

CLA Not Signed

  • :x: - login: @JSAssassin / name: Tashi D. Gyeltshen . The commit (96f5ee8c6a315aae202d7dfa47e74f03492c5b4a, 283a67a0dcf8cd98df20460e85995d345487acc6, 4a955ab799e55724220f25ff46b89751fbd64eb0, db89a43668f036115320f3c4be9b7ebec627add9) is not authorized under a signed CLA. Please click here to be authorized. For further assistance with EasyCLA, please submit a support request ticket.
  • :x: - login: @aljones15 / name: Andrew Jones . The commit (7b87d30af46313376736af15c25a38eb0fe890fc, c78a73b1ea87f027fde6dd17174880bd95c621e3, a4e30a19f09ae63ec39fe3822ffef3cd77eb8240, dfabea48db85d29e505e290f1c90f075f9592ab9, a0e0bafe4ad161abedd1ac883249bab7c9c5b5a2) is not authorized under a signed CLA. Please click here to be authorized. For further assistance with EasyCLA, please submit a support request ticket.

linux-foundation-easycla[bot] avatar Aug 17 '22 19:08 linux-foundation-easycla[bot]

Hi,

First time contributing and also not an expert at yargs hence this is a DRAFT PR. If there are no major objections to the changes made I will mark it as ready.

p.s. this passes all tests run from npm t & npm start test so does not appear to cause cli regressions.

aljones15 avatar Aug 17 '22 19:08 aljones15

You are correct, hence the draft PR. I'll try to do more research into this if time allows, if not this might provide someone else with some hints about how this upgrade should go.

  • [ ] Why is process.exit(1) needed now while previously process.exitCode = 1 worked before?
  • [ ] Why are aliases not calling on coerce for reporterOption?

aljones15 avatar Aug 25 '22 17:08 aljones15

This PR hasn't had any recent activity, and I'm labeling it stale. Remove the label or comment or this PR will be closed in 14 days. Thanks for contributing to Mocha!

github-actions[bot] avatar Dec 26 '22 00:12 github-actions[bot]