-
-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix #4837 Update glob due to vulnerability in dep #4970
Conversation
… from coffee-script to coffeescript
@juergba this should be ready to be tested again. 2 things I have concerns about. #1 The tests referenced coffee-script, with a hyphen, but when I ran the tests, I got a "module not found error" and it looks like the hyphen package is depreciated, and mocha's package.json references "coffeescript" with no hyphen, so I updated those tests. Additionally, I got an error during linting that "eslint-plugin-n" is missing. I though it was my local setup, but it also happened when the tests ran in the CI process. Anyways, I added that package to the dev deps. Let me know if you have any questions or concerns |
@jb2311 thank you for this PR. We will see wether our CI tests will pass. Tbh I don't trust your Edit: looks good, I will have a closer look on coming week-end. Could you evtl. add any link about this additional lint dependency? |
esline-plugin-node is no longer being maintained, so eslint-plugin-n (https://github.com/eslint-community/eslint-plugin-n) is a fork that is still active. However, I have no idea why it's erroring out without it suddenly. It happened on the first test run, when I did nothing but update the glob package https://github.com/mochajs/mocha/actions/runs/4368808387/jobs/7681675449 Edit: it looks like eslint-plugin-n is a peerDep for some packages. I was running an old version of NPM, newer versions of NPM don't require peerDeps to be referenced in the main package.json, so I removed the package. |
@juergba have you had a chance to take a look at this? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not convinced completely, I'm afraid there might be some unwanted side-effects by windowsPathsNoEscape
. Anyway let's do it.
@juergba updated |
@juergba okay, I think the whitespace should be appropriate. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jb2311 thank you for this PR.
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [mocha](https://mochajs.org/) ([source](https://github.com/mochajs/mocha)) | [`10.2.0` -> `10.3.0`](https://renovatebot.com/diffs/npm/mocha/10.2.0/10.3.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/mocha/10.3.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/mocha/10.3.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/mocha/10.2.0/10.3.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/mocha/10.2.0/10.3.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>mochajs/mocha (mocha)</summary> ### [`v10.3.0`](https://github.com/mochajs/mocha/releases/tag/v10.3.0) [Compare Source](https://github.com/mochajs/mocha/compare/v10.2.0...v10.3.0) This is a stable release equivalent to [v10.3.0-preminor.0](https://github.com/mochajs/mocha/releases/tag/v10.3.0-preminor.0). #### What's Changed - Fix deprecated warn gh actions by [@​outsideris](https://github.com/outsideris) in [https://github.com/mochajs/mocha/pull/4962](https://github.com/mochajs/mocha/pull/4962) - fix [#​4837](https://github.com/mochajs/mocha/issues/4837) Update glob due to vulnerability in dep by [@​jb2311](https://github.com/jb2311) in [https://github.com/mochajs/mocha/pull/4970](https://github.com/mochajs/mocha/pull/4970) - Add Node v19 to test matrix by [@​juergba](https://github.com/juergba) in [https://github.com/mochajs/mocha/pull/4974](https://github.com/mochajs/mocha/pull/4974) - chore: fix the ci by [@​Uzlopak](https://github.com/Uzlopak) in [https://github.com/mochajs/mocha/pull/5020](https://github.com/mochajs/mocha/pull/5020) - update can-i-use by [@​Uzlopak](https://github.com/Uzlopak) in [https://github.com/mochajs/mocha/pull/5021](https://github.com/mochajs/mocha/pull/5021) - chore: remove uuid dev dependency by [@​Uzlopak](https://github.com/Uzlopak) in [https://github.com/mochajs/mocha/pull/5022](https://github.com/mochajs/mocha/pull/5022) - chore: remove nanoid as dependency by [@​Uzlopak](https://github.com/Uzlopak) in [https://github.com/mochajs/mocha/pull/5024](https://github.com/mochajs/mocha/pull/5024) - chore: remove touch as dev dependency by [@​Uzlopak](https://github.com/Uzlopak) in [https://github.com/mochajs/mocha/pull/5023](https://github.com/mochajs/mocha/pull/5023) - chore: remove stale workflow by [@​JoshuaKGoldberg](https://github.com/JoshuaKGoldberg) in [https://github.com/mochajs/mocha/pull/5029](https://github.com/mochajs/mocha/pull/5029) - docs: fix fragment ID for yargs' "extends" documentation by [@​Spencer-Doak](https://github.com/Spencer-Doak) in [https://github.com/mochajs/mocha/pull/4918](https://github.com/mochajs/mocha/pull/4918) - docs: use mocha.js instead of mocha in the example run by [@​nikolas](https://github.com/nikolas) in [https://github.com/mochajs/mocha/pull/4927](https://github.com/mochajs/mocha/pull/4927) - docs: fix jsdoc return type of `titlePath` method by [@​F3n67u](https://github.com/F3n67u) in [https://github.com/mochajs/mocha/pull/4886](https://github.com/mochajs/mocha/pull/4886) - docs: overhaul contributing and maintenance docs for end-of-year 2023 by [@​JoshuaKGoldberg](https://github.com/JoshuaKGoldberg) in [https://github.com/mochajs/mocha/pull/5038](https://github.com/mochajs/mocha/pull/5038) - docs: touchups to labels and a template title post-revamp by [@​JoshuaKGoldberg](https://github.com/JoshuaKGoldberg) in [https://github.com/mochajs/mocha/pull/5050](https://github.com/mochajs/mocha/pull/5050) - fix: add alt text to Built with Netlify badge by [@​JoshuaKGoldberg](https://github.com/JoshuaKGoldberg) in [https://github.com/mochajs/mocha/pull/5068](https://github.com/mochajs/mocha/pull/5068) - chore: inline nyan reporter's write function by [@​JoshuaKGoldberg](https://github.com/JoshuaKGoldberg) in [https://github.com/mochajs/mocha/pull/5056](https://github.com/mochajs/mocha/pull/5056) - chore: remove unnecessary canvas dependency by [@​JoshuaKGoldberg](https://github.com/JoshuaKGoldberg) in [https://github.com/mochajs/mocha/pull/5069](https://github.com/mochajs/mocha/pull/5069) #### New Contributors - [@​jb2311](https://github.com/jb2311) made their first contribution in [https://github.com/mochajs/mocha/pull/4970](https://github.com/mochajs/mocha/pull/4970) - [@​Uzlopak](https://github.com/Uzlopak) made their first contribution in [https://github.com/mochajs/mocha/pull/5020](https://github.com/mochajs/mocha/pull/5020) - [@​Spencer-Doak](https://github.com/Spencer-Doak) made their first contribution in [https://github.com/mochajs/mocha/pull/4918](https://github.com/mochajs/mocha/pull/4918) - [@​nikolas](https://github.com/nikolas) made their first contribution in [https://github.com/mochajs/mocha/pull/4927](https://github.com/mochajs/mocha/pull/4927) - [@​F3n67u](https://github.com/F3n67u) made their first contribution in [https://github.com/mochajs/mocha/pull/4886](https://github.com/mochajs/mocha/pull/4886) **Full Changelog**: mochajs/mocha@v10.2.0...v10.3.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/line/line-bot-sdk-nodejs). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xNzMuMCIsInVwZGF0ZWRJblZlciI6IjM3LjE3My4wIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIn0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [mocha](https://mochajs.org/) ([source](https://github.com/mochajs/mocha)) | [`10.2.0` -> `10.3.0`](https://renovatebot.com/diffs/npm/mocha/10.2.0/10.3.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/mocha/10.3.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/mocha/10.3.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/mocha/10.2.0/10.3.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/mocha/10.2.0/10.3.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>mochajs/mocha (mocha)</summary> ### [`v10.3.0`](https://github.com/mochajs/mocha/releases/tag/v10.3.0) [Compare Source](https://github.com/mochajs/mocha/compare/v10.2.0...v10.3.0) This is a stable release equivalent to [v10.3.0-preminor.0](https://github.com/mochajs/mocha/releases/tag/v10.3.0-preminor.0). #### What's Changed - Fix deprecated warn gh actions by [@​outsideris](https://github.com/outsideris) in [https://github.com/mochajs/mocha/pull/4962](https://github.com/mochajs/mocha/pull/4962) - fix [#​4837](https://github.com/mochajs/mocha/issues/4837) Update glob due to vulnerability in dep by [@​jb2311](https://github.com/jb2311) in [https://github.com/mochajs/mocha/pull/4970](https://github.com/mochajs/mocha/pull/4970) - Add Node v19 to test matrix by [@​juergba](https://github.com/juergba) in [https://github.com/mochajs/mocha/pull/4974](https://github.com/mochajs/mocha/pull/4974) - chore: fix the ci by [@​Uzlopak](https://github.com/Uzlopak) in [https://github.com/mochajs/mocha/pull/5020](https://github.com/mochajs/mocha/pull/5020) - update can-i-use by [@​Uzlopak](https://github.com/Uzlopak) in [https://github.com/mochajs/mocha/pull/5021](https://github.com/mochajs/mocha/pull/5021) - chore: remove uuid dev dependency by [@​Uzlopak](https://github.com/Uzlopak) in [https://github.com/mochajs/mocha/pull/5022](https://github.com/mochajs/mocha/pull/5022) - chore: remove nanoid as dependency by [@​Uzlopak](https://github.com/Uzlopak) in [https://github.com/mochajs/mocha/pull/5024](https://github.com/mochajs/mocha/pull/5024) - chore: remove touch as dev dependency by [@​Uzlopak](https://github.com/Uzlopak) in [https://github.com/mochajs/mocha/pull/5023](https://github.com/mochajs/mocha/pull/5023) - chore: remove stale workflow by [@​JoshuaKGoldberg](https://github.com/JoshuaKGoldberg) in [https://github.com/mochajs/mocha/pull/5029](https://github.com/mochajs/mocha/pull/5029) - docs: fix fragment ID for yargs' "extends" documentation by [@​Spencer-Doak](https://github.com/Spencer-Doak) in [https://github.com/mochajs/mocha/pull/4918](https://github.com/mochajs/mocha/pull/4918) - docs: use mocha.js instead of mocha in the example run by [@​nikolas](https://github.com/nikolas) in [https://github.com/mochajs/mocha/pull/4927](https://github.com/mochajs/mocha/pull/4927) - docs: fix jsdoc return type of `titlePath` method by [@​F3n67u](https://github.com/F3n67u) in [https://github.com/mochajs/mocha/pull/4886](https://github.com/mochajs/mocha/pull/4886) - docs: overhaul contributing and maintenance docs for end-of-year 2023 by [@​JoshuaKGoldberg](https://github.com/JoshuaKGoldberg) in [https://github.com/mochajs/mocha/pull/5038](https://github.com/mochajs/mocha/pull/5038) - docs: touchups to labels and a template title post-revamp by [@​JoshuaKGoldberg](https://github.com/JoshuaKGoldberg) in [https://github.com/mochajs/mocha/pull/5050](https://github.com/mochajs/mocha/pull/5050) - fix: add alt text to Built with Netlify badge by [@​JoshuaKGoldberg](https://github.com/JoshuaKGoldberg) in [https://github.com/mochajs/mocha/pull/5068](https://github.com/mochajs/mocha/pull/5068) - chore: inline nyan reporter's write function by [@​JoshuaKGoldberg](https://github.com/JoshuaKGoldberg) in [https://github.com/mochajs/mocha/pull/5056](https://github.com/mochajs/mocha/pull/5056) - chore: remove unnecessary canvas dependency by [@​JoshuaKGoldberg](https://github.com/JoshuaKGoldberg) in [https://github.com/mochajs/mocha/pull/5069](https://github.com/mochajs/mocha/pull/5069) #### New Contributors - [@​jb2311](https://github.com/jb2311) made their first contribution in [https://github.com/mochajs/mocha/pull/4970](https://github.com/mochajs/mocha/pull/4970) - [@​Uzlopak](https://github.com/Uzlopak) made their first contribution in [https://github.com/mochajs/mocha/pull/5020](https://github.com/mochajs/mocha/pull/5020) - [@​Spencer-Doak](https://github.com/Spencer-Doak) made their first contribution in [https://github.com/mochajs/mocha/pull/4918](https://github.com/mochajs/mocha/pull/4918) - [@​nikolas](https://github.com/nikolas) made their first contribution in [https://github.com/mochajs/mocha/pull/4927](https://github.com/mochajs/mocha/pull/4927) - [@​F3n67u](https://github.com/F3n67u) made their first contribution in [https://github.com/mochajs/mocha/pull/4886](https://github.com/mochajs/mocha/pull/4886) **Full Changelog**: mochajs/mocha@v10.2.0...v10.3.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/matzkoh/eslint-plugin-generate-test-id). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xNzMuMCIsInVwZGF0ZWRJblZlciI6IjM3LjE3My4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [mocha](https://mochajs.org/) ([source](https://github.com/mochajs/mocha)) | devDependencies | minor | [`10.2.0` -> `10.3.0`](https://renovatebot.com/diffs/npm/mocha/10.2.0/10.3.0) | --- ### Release Notes <details> <summary>mochajs/mocha (mocha)</summary> ### [`v10.3.0`](https://github.com/mochajs/mocha/releases/tag/v10.3.0) [Compare Source](https://github.com/mochajs/mocha/compare/v10.2.0...v10.3.0) This is a stable release equivalent to [v10.3.0-preminor.0](https://github.com/mochajs/mocha/releases/tag/v10.3.0-preminor.0). #### What's Changed - Fix deprecated warn gh actions by [@​outsideris](https://github.com/outsideris) in [https://github.com/mochajs/mocha/pull/4962](https://github.com/mochajs/mocha/pull/4962) - fix [#​4837](https://github.com/mochajs/mocha/issues/4837) Update glob due to vulnerability in dep by [@​jb2311](https://github.com/jb2311) in [https://github.com/mochajs/mocha/pull/4970](https://github.com/mochajs/mocha/pull/4970) - Add Node v19 to test matrix by [@​juergba](https://github.com/juergba) in [https://github.com/mochajs/mocha/pull/4974](https://github.com/mochajs/mocha/pull/4974) - chore: fix the ci by [@​Uzlopak](https://github.com/Uzlopak) in [https://github.com/mochajs/mocha/pull/5020](https://github.com/mochajs/mocha/pull/5020) - update can-i-use by [@​Uzlopak](https://github.com/Uzlopak) in [https://github.com/mochajs/mocha/pull/5021](https://github.com/mochajs/mocha/pull/5021) - chore: remove uuid dev dependency by [@​Uzlopak](https://github.com/Uzlopak) in [https://github.com/mochajs/mocha/pull/5022](https://github.com/mochajs/mocha/pull/5022) - chore: remove nanoid as dependency by [@​Uzlopak](https://github.com/Uzlopak) in [https://github.com/mochajs/mocha/pull/5024](https://github.com/mochajs/mocha/pull/5024) - chore: remove touch as dev dependency by [@​Uzlopak](https://github.com/Uzlopak) in [https://github.com/mochajs/mocha/pull/5023](https://github.com/mochajs/mocha/pull/5023) - chore: remove stale workflow by [@​JoshuaKGoldberg](https://github.com/JoshuaKGoldberg) in [https://github.com/mochajs/mocha/pull/5029](https://github.com/mochajs/mocha/pull/5029) - docs: fix fragment ID for yargs' "extends" documentation by [@​Spencer-Doak](https://github.com/Spencer-Doak) in [https://github.com/mochajs/mocha/pull/4918](https://github.com/mochajs/mocha/pull/4918) - docs: use mocha.js instead of mocha in the example run by [@​nikolas](https://github.com/nikolas) in [https://github.com/mochajs/mocha/pull/4927](https://github.com/mochajs/mocha/pull/4927) - docs: fix jsdoc return type of `titlePath` method by [@​F3n67u](https://github.com/F3n67u) in [https://github.com/mochajs/mocha/pull/4886](https://github.com/mochajs/mocha/pull/4886) - docs: overhaul contributing and maintenance docs for end-of-year 2023 by [@​JoshuaKGoldberg](https://github.com/JoshuaKGoldberg) in [https://github.com/mochajs/mocha/pull/5038](https://github.com/mochajs/mocha/pull/5038) - docs: touchups to labels and a template title post-revamp by [@​JoshuaKGoldberg](https://github.com/JoshuaKGoldberg) in [https://github.com/mochajs/mocha/pull/5050](https://github.com/mochajs/mocha/pull/5050) - fix: add alt text to Built with Netlify badge by [@​JoshuaKGoldberg](https://github.com/JoshuaKGoldberg) in [https://github.com/mochajs/mocha/pull/5068](https://github.com/mochajs/mocha/pull/5068) - chore: inline nyan reporter's write function by [@​JoshuaKGoldberg](https://github.com/JoshuaKGoldberg) in [https://github.com/mochajs/mocha/pull/5056](https://github.com/mochajs/mocha/pull/5056) - chore: remove unnecessary canvas dependency by [@​JoshuaKGoldberg](https://github.com/JoshuaKGoldberg) in [https://github.com/mochajs/mocha/pull/5069](https://github.com/mochajs/mocha/pull/5069) #### New Contributors - [@​jb2311](https://github.com/jb2311) made their first contribution in [https://github.com/mochajs/mocha/pull/4970](https://github.com/mochajs/mocha/pull/4970) - [@​Uzlopak](https://github.com/Uzlopak) made their first contribution in [https://github.com/mochajs/mocha/pull/5020](https://github.com/mochajs/mocha/pull/5020) - [@​Spencer-Doak](https://github.com/Spencer-Doak) made their first contribution in [https://github.com/mochajs/mocha/pull/4918](https://github.com/mochajs/mocha/pull/4918) - [@​nikolas](https://github.com/nikolas) made their first contribution in [https://github.com/mochajs/mocha/pull/4927](https://github.com/mochajs/mocha/pull/4927) - [@​F3n67u](https://github.com/F3n67u) made their first contribution in [https://github.com/mochajs/mocha/pull/4886](https://github.com/mochajs/mocha/pull/4886) **Full Changelog**: mochajs/mocha@v10.2.0...v10.3.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xMy4zIiwidXBkYXRlZEluVmVyIjoiMzcuMTMuMyIsInRhcmdldEJyYW5jaCI6Im1hc3RlciJ9-->
Description of the Change
The minimatch npm package version <=3.0.4 has a security vulnerability explained here: GHSA-f8q6-p94x-37v3
Mocha has the glob package 7.2.0 as a dependency, which in turn has minimatch ^3.0.4 as a dependency
This results in a high security risk warning for consumers of mocha. See #4937 for an example.
This PR changes the glob dependency to 8.1.0 which no longer depends on the insecure version of minimatch.