knockout-store icon indicating copy to clipboard operation
knockout-store copied to clipboard

Published 20 hours ago verified publisher icon Spreetail

[Snyk] Upgrade chai from 4.2.0 to 4.3.0

Open RockRunner007 opened this issue 4 years ago • 0 comments

Snyk has created this PR to upgrade chai from 4.2.0 to 4.3.0.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 1 version ahead of your current version.
  • The recommended version was released 22 days ago, on 2021-02-04.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Prototype Pollution
SNYK-JS-LODASH-608086		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Prototype Pollution
SNYK-JS-LODASH-590103		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Command Injection
SNYK-JS-LODASH-1040724		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Prototype Pollution
SNYK-JS-INI-1048974		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Remote Memory Exposure
SNYK-JS-BL-608877		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Prototype Pollution
SNYK-JS-PATHVAL-596926		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Prototype Pollution
SNYK-JS-LODASH-567746		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Denial of Service (DoS)
SNYK-JS-HTTPPROXY-569139		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Validation Bypass
SNYK-JS-KINDOF-537849		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: chai
  • 4.3.0 - 2021-02-04

    This is a minor release.

    Not many changes have got in since the last release but this one contains a very important change (#1257) which will allow jest users to get better diffs. From this release onwards, jest users will be able to see which operator was used in their diffs. The operator is a property of the AssertionError thrown when assertions fail. This flag indicates what kind of comparison was made.

    This is also an important change for plugin maintainers. Plugin maintainers will now have access to the operator flag, which they can have access to through an utilmethod calledgetOperator`.

    Thanks to all the amazing people that contributed to this release.

    New Features

    • Allow contain.oneOf to take an array of possible values (@ voliva)
    • Adding operator attribute to assertion error (#1257) (@ rpgeeganage)
    • The closeTo error message will now inform the user when a delta is required (@ eouw0o83hf)

    Docs

    • Add contains flag to oneOf documentation (@ voliva)

    Tests

    • Make sure that useProxy config is checked in overwriteProperty (@ vieiralucas)
    • Add tests for contain.oneOf (@ voliva )

    Chores

    • Update mocha to version 6.1.4
    • Add node v10 and v12 to ci (@ vieiralucas)
    • Drop support for node v4, v6 and v9 (@ vieiralucas)
    • Fix sauce config for headless chrome (@ meeber)
    • Update dev dependencies (@ meeber)
    • Removed phantomjs dependency (#1204)
  • 4.2.0 - 2018-09-26 Read more
from chai GitHub release notes
Commit messages
Package name: chai
  • 39dd113 [email protected]
  • 1044f68 chore: npm audit fix
  • 23764f3 Fix JSDoc name (#1354)
  • b91d0a8 fix: unbox BigInt primitives in shouldGetter (#1349)
  • e54d834 test: replaced arrow function for IE support (#1348)
  • 2637ca2 chore(funding): display sponsor button for open collective (#1346)
  • e08ca08 feat: add Node.js ESM entry point with named and default exports (#1340)
  • 2fb8983 docs: add missing apostrophes (#1344)
  • 41ff363 docs: add --save-dev to npm install command (#1289)
  • 8c2b25c docs: Node version >=8 in README (#1306)
  • 0e543bf test: The Buffer() and new Buffer() constructors are deprecated (#1305)
  • 7ff1273 feat: improve include error message (#1273)
  • 03913cb Merge pull request #1242 from voliva/contains-oneOf
  • 9d2f6dc docs(oneOf): Add contains flag to oneOf documentation
  • 7eaf684 feat(oneOf): expect(value).to.contain.oneOf([])
  • 8dc92d8 Adding operator attribute to assertion error (#1257)
  • 1958341 chore(package): update lockfile package-lock.json
  • 7bb36a4 chore(package): update mocha to version 6.1.4
  • 42509fa test: make sure that useProxy config is checked in overwriteProperty
  • 18d8494 chore: add node v10 and v12 to ci
  • 6740969 chore: drop support for node v4, v6 and v9
  • 6441f3d Merge pull request #1248 from eouw0o83hf/master
  • 6bfd2fd Include some missed some test files
  • 8d6330c Add delta message to closeTo() error

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

RockRunner007 avatar Feb 26 '21 04:02 RockRunner007