cloudsploit icon indicating copy to clipboard operation
cloudsploit copied to clipboard

Published 20 hours ago verified publisher icon aquasecurity

Update mocha to v.10.2.0

Open nuhasha opened this issue 2 years ago • 0 comments
trafficstars

mocha 5.1.0 - 9.2.1 Depends on vulnerable versions of yargs-unparser <=1.6.3 which depends on vulnerable versions of flat <5.0.1 flat vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-2j2x-2gpw-g8fm

Upgrading mocha will also help upgrade minimatch minimatch <3.0.5 which has ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3

nuhasha avatar Feb 17 '23 17:02 nuhasha