mocha-jenkins-reporter icon indicating copy to clipboard operation
mocha-jenkins-reporter copied to clipboard

Published 20 hours ago verified publisher icon juhovh

vulnerability in mocha 3.x

Open caa1211 opened this issue 7 years ago • 1 comments

Because the latest mocha in 3.x (v3.5.3) has vulnerability in dependency of grow 1.9.2

Mocha Vulnerability Issue:
https://github.com/mochajs/mocha/issues/2791

Mocha 3.5.3 dependency
https://github.com/mochajs/mocha/blob/v3.5.3/package.json

Could you please help to upgrade mocha to 4.x version or give some suggestions? thanks your contributions.

caa1211 avatar Nov 29 '17 08:11 caa1211

Presumably mocha should be a peerDependency rather than an actual dependency. mocha-junit-reporter does this so I assume it's not a problem.

asztal avatar May 11 '18 08:05 asztal

Current Mocha versions supported are 5.2+ so Mocha 3.x vulnerability is not visible

apupier avatar Sep 07 '22 12:09 apupier

Thank you for the comment, I'm closing this old ticket.

juhovh avatar Sep 07 '22 12:09 juhovh