[Snyk] Security upgrade mocha from 5.2.0 to 11.0.1

[Exnadella]

User description

Snyk has created this PR to fix 2 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json
• package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	631
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	479

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

---

PR Type

enhancement, dependencies

---

Description

• Upgraded mocha from version 5.2.0 to 11.0.1 in both package.json and package-lock.json to address security vulnerabilities.
• Added several new dependencies to package-lock.json to support the updated version of mocha.
• Removed deprecated or unused dependencies such as growl to streamline the package.
• Updated various other dependencies to their latest versions to ensure compatibility and security.

---

Changes walkthrough 📝

Relevant files

Dependencies

package-lock.json Update dependencies to address vulnerabilities and improve security package-lock.json Updated mocha from version 5.2.0 to 11.0.1. Added new dependencies such as @isaacs/cliui, @pkgjs/parseargs, and chokidar. Removed unused dependencies like growl. Updated various other dependencies to newer versions. +783/-55 package.json Upgrade mocha dependency to latest version                              package.json Updated mocha dependency from version 5.2.0 to 11.0.1. +1/-1

---

💡 PR-Agent usage: Comment /help "your question" on any pull request to receive relevant information

[qodo-merge-pro]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 1 🔵⚪⚪⚪⚪

🧪 No relevant tests

🔒 No security concerns identified

⚡ Recommended focus areas for review Dependency Update Major version upgrade of mocha from 5.2.0 to 11.0.1 - verify that all tests still pass and no breaking changes impact the codebase

[qodo-merge-pro]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Score
General	Pin dependency version to avoid unexpected breaking changes from patch updates Consider pinning the mocha version to an exact version (11.0.1) instead of using the caret (^) to prevent potential breaking changes in patch releases. package.json [46] -"mocha": "^11.0.1", +"mocha": "11.0.1", Apply this suggestion Suggestion importance[1-10]: 5 Why: Pinning dependency versions can help maintain build stability by preventing unexpected updates, though in this case the risk is relatively low since semantic versioning typically ensures patch updates are backwards compatible.	5

💡 Need additional feedback ? start a PR chat