[Snyk] Upgrade chai from 4.2.0 to 4.3.6

[MarcelRaschke]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade chai from 4.2.0 to 4.3.6.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 7 versions ahead of your current version.
• The recommended version was released 8 months ago, on 2022-01-26.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Arbitrary File Write SNYK-JS-TAR-1579155	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579152	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579147	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579155	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579152	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579147	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Improper Privilege Management SNYK-JS-SHELLJS-2332187	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1585624	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1584358	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-MERGEDEEP-1070277	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-ASYNC-2441827	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-ASYNC-2441827	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-AJV-584908	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-2824151	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1047770	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-PATHVAL-596926	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-FLAT-596927	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-2429795	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: chai

• 4.3.6 - 2022-01-26
  

  Update loupe to 2.3.1

• 4.3.5 - 2022-01-25
  
  • build chaijs fca5bb1
  • build(deps-dev): bump codecov from 3.1.0 to 3.7.1 (#1446) 747eb4e
  • fix package.json exports 022c2fa
  • fix: package.json - deprecation warning on exports field (#1400) 5276af6
  • feat: use chaijs/loupe for inspection (#1401) (#1407) c8a4e00

  v4.3.4...v4.3.5

• 4.3.4 - 2021-03-12
  

  This fixes broken inspect behavior with bigints (#1321) (#1383) thanks @ vapier

• 4.3.3 - 2021-03-03
  

  This reintroduces Assertion as an export in the mjs file. See #1378 & #1375

• 4.3.2 - 2021-03-03
  

  This fixes a regression in IE11. See #1380 & #1379

• 4.3.1 - 2021-03-02
  

  This releases fixed an engine incompatibility with 4.3.0

  The 4.x.x series of releases will be compatible with Node 4.0. Please report any errors found in Node 4 as bugs, and they will be fixed.

  The 5.x.x series, when released, will drop support for Node 4.0

  This fix also ensures pathval is updated to 1.1.1 to fix CVE-2020-7751

• 4.3.0 - 2021-02-04
  

  This is a minor release.

  Not many changes have got in since the last release but this one contains a very important change (#1257) which will allow jest users to get better diffs. From this release onwards, jest users will be able to see which operator was used in their diffs. The operator is a property of the AssertionError thrown when assertions fail. This flag indicates what kind of comparison was made.

  This is also an important change for plugin maintainers. Plugin maintainers will now have access to the operator flag, which they can have access to through an utilmethod calledgetOperator`.

  Thanks to all the amazing people that contributed to this release.

  New Features

  • Allow contain.oneOf to take an array of possible values (@ voliva)
  • Adding operator attribute to assertion error (#1257) (@ rpgeeganage)
  • The closeTo error message will now inform the user when a delta is required (@ eouw0o83hf)

  Docs

  • Add contains flag to oneOf documentation (@ voliva)

  Tests

  • Make sure that useProxy config is checked in overwriteProperty (@ vieiralucas)
  • Add tests for contain.oneOf (@ voliva )

  Chores

  • Update mocha to version 6.1.4
  • Add node v10 and v12 to ci (@ vieiralucas)
  • Drop support for node v4, v6 and v9 (@ vieiralucas)
  • Fix sauce config for headless chrome (@ meeber)
  • Update dev dependencies (@ meeber)
  • Removed phantomjs dependency (#1204)
• 4.2.0 - 2018-09-26
  Read more

from chai GitHub release notes

Commit messages

Package name: chai

• 529b8b5 4.3.6
• e4d7f2e build chaijs
• d88684e fix: use loupe@^2.3.1
• 99e36a8 4.3.5
• fca5bb1 build chaijs
• 747eb4e build(deps-dev): bump codecov from 3.1.0 to 3.7.1 (update button doesn't work ipfs/ipfs-desktop#1446)
• 022c2fa fix package.json exports
• 5276af6 fix: package.json - deprecation warning on exports field (bs ipfs/ipfs-desktop#1400)
• c8a4e00 feat: use chaijs/loupe for inspection (Failed to enable IPFS CLI from IPFS Desktop on Debian/Ubuntu based OS ipfs/ipfs-desktop#1401) (feat: run garbage collector ipfs/ipfs-desktop#1407)
• ab41ed8 4.3.4
• 5b607a1 fix: support inspecting bigints ("Launch on startup" is grayed out on windows 10, ipfs-desktop v0.10.2 ipfs/ipfs-desktop#1321) (chore(deps-dev): bump @svgr/cli from 4.3.3 to 5.3.0 ipfs/ipfs-desktop#1383)
• dc858a0 chai@4.3.3
• b0f50f6 export chai.Assertion ("Check for Updates.." menu item gives no feedback ipfs/ipfs-desktop#1378)
• 3b9bc7f chai@4.3.2
• 71245a3 Fixed a regression that caused SyntaxErrors on IE 11
• 8a24666 chai@4.3.1
• 9635906 chore: bump devdeps
• c8449d3 fix: package.json - pathval to 1.1.1 (CVE-2020-7751) (chore(deps-dev): bump mocha from 6.2.2 to 7.1.1 ipfs/ipfs-desktop#1377)
• 7bc01d6 fix: bring min node version in line with still supported (chore(deps): [security] bump acorn from 7.0.0 to 7.1.1 ipfs/ipfs-desktop#1374)
• 61feee1 docs: add non-nullable modifier to return type of functions never returning null (chore(deps-dev): bump @babel/plugin-transform-runtime from 7.7.4 to 7.8.3 ipfs/ipfs-desktop#1322)
• de12e40 feat: add exists alias (chore(deps): bump electron-store from 5.0.0 to 5.1.0 ipfs/ipfs-desktop#1227)
• ad385b8 docs: correct doesNotDecreaseBy name (chore(deps-dev): bump electron from 7.1.3 to 7.1.4 ipfs/ipfs-desktop#1285) (chore(deps): bump i18next from 19.0.1 to 19.0.2 ipfs/ipfs-desktop#1286)
• 4ce3ca8 feat: add extra aliases for 'most' and 'least' (chore(deps-dev): bump @babel/core from 7.7.4 to 7.8.0 ipfs/ipfs-desktop#1319)
• 77565f7 feat: add `also` language chain (chore(deps-dev): bump @babel/register from 7.7.4 to 7.8.3 ipfs/ipfs-desktop#1324)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs