Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix #4837 Update glob due to vulnerability in dep #4970

Merged
merged 8 commits into from
Mar 30, 2023

Conversation

jb2311
Copy link
Contributor

@jb2311 jb2311 commented Mar 8, 2023

Description of the Change

The minimatch npm package version <=3.0.4 has a security vulnerability explained here: GHSA-f8q6-p94x-37v3

Mocha has the glob package 7.2.0 as a dependency, which in turn has minimatch ^3.0.4 as a dependency

This results in a high security risk warning for consumers of mocha. See #4937 for an example.

This PR changes the glob dependency to 8.1.0 which no longer depends on the insecure version of minimatch.

@jb2311 jb2311 changed the title Update glob due to vulnerability in dep fix #4837 Update glob due to vulnerability in dep Mar 8, 2023
@linux-foundation-easycla
Copy link

linux-foundation-easycla bot commented Mar 14, 2023

CLA Signed

The committers listed above are authorized under a signed CLA.

@jb2311
Copy link
Contributor Author

jb2311 commented Mar 15, 2023

@juergba this should be ready to be tested again. 2 things I have concerns about. #1 The tests referenced coffee-script, with a hyphen, but when I ran the tests, I got a "module not found error" and it looks like the hyphen package is depreciated, and mocha's package.json references "coffeescript" with no hyphen, so I updated those tests. Additionally, I got an error during linting that "eslint-plugin-n" is missing. I though it was my local setup, but it also happened when the tests ran in the CI process. Anyways, I added that package to the dev deps. Let me know if you have any questions or concerns

@juergba
Copy link
Contributor

juergba commented Mar 15, 2023

@jb2311 thank you for this PR.

We will see wether our CI tests will pass. Tbh I don't trust your package-lock.json.

Edit: looks good, I will have a closer look on coming week-end. Could you evtl. add any link about this additional lint dependency?

@coveralls
Copy link

coveralls commented Mar 15, 2023

Coverage Status

Coverage: 94.331% (+0.002%) from 94.329% when pulling 626e19e on jb2311:upgrade-glob into 9f24d0d on mochajs:master.

@juergba juergba added the dependencies Pull requests that update a dependency file label Mar 15, 2023
@jb2311
Copy link
Contributor Author

jb2311 commented Mar 15, 2023

esline-plugin-node is no longer being maintained, so eslint-plugin-n (https://github.com/eslint-community/eslint-plugin-n) is a fork that is still active. However, I have no idea why it's erroring out without it suddenly. It happened on the first test run, when I did nothing but update the glob package https://github.com/mochajs/mocha/actions/runs/4368808387/jobs/7681675449

Edit: it looks like eslint-plugin-n is a peerDep for some packages. I was running an old version of NPM, newer versions of NPM don't require peerDeps to be referenced in the main package.json, so I removed the package.

@jb2311
Copy link
Contributor Author

jb2311 commented Mar 20, 2023

@juergba have you had a chance to take a look at this?

Copy link
Contributor

@juergba juergba left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not convinced completely, I'm afraid there might be some unwanted side-effects by windowsPathsNoEscape. Anyway let's do it.

package.json Show resolved Hide resolved
package.json Outdated Show resolved Hide resolved
package.json Outdated Show resolved Hide resolved
@jb2311
Copy link
Contributor Author

jb2311 commented Mar 22, 2023

@juergba updated

package.json Outdated Show resolved Hide resolved
@jb2311
Copy link
Contributor Author

jb2311 commented Mar 27, 2023

@juergba okay, I think the whitespace should be appropriate.

@juergba juergba added the run-browser-test run browser tests on forked PR if code is safe label Mar 30, 2023
@github-actions github-actions bot removed the run-browser-test run browser tests on forked PR if code is safe label Mar 30, 2023
@juergba juergba added this to the next milestone Mar 30, 2023
Copy link
Contributor

@juergba juergba left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jb2311 thank you for this PR.

@juergba juergba merged commit d722d00 into mochajs:master Mar 30, 2023
@jb2311 jb2311 deleted the upgrade-glob branch April 4, 2023 15:50
renovate bot referenced this pull request in line/line-bot-sdk-nodejs Feb 8, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [mocha](https://mochajs.org/)
([source](https://github.com/mochajs/mocha)) | [`10.2.0` ->
`10.3.0`](https://renovatebot.com/diffs/npm/mocha/10.2.0/10.3.0) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/mocha/10.3.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/mocha/10.3.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/mocha/10.2.0/10.3.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/mocha/10.2.0/10.3.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>mochajs/mocha (mocha)</summary>

### [`v10.3.0`](https://github.com/mochajs/mocha/releases/tag/v10.3.0)

[Compare
Source](https://github.com/mochajs/mocha/compare/v10.2.0...v10.3.0)

This is a stable release equivalent to
[v10.3.0-preminor.0](https://github.com/mochajs/mocha/releases/tag/v10.3.0-preminor.0).

#### What's Changed

- Fix deprecated warn gh actions by
[@&#8203;outsideris](https://github.com/outsideris) in
[https://github.com/mochajs/mocha/pull/4962](https://github.com/mochajs/mocha/pull/4962)
- fix [#&#8203;4837](https://github.com/mochajs/mocha/issues/4837)
Update glob due to vulnerability in dep by
[@&#8203;jb2311](https://github.com/jb2311) in
[https://github.com/mochajs/mocha/pull/4970](https://github.com/mochajs/mocha/pull/4970)
- Add Node v19 to test matrix by
[@&#8203;juergba](https://github.com/juergba) in
[https://github.com/mochajs/mocha/pull/4974](https://github.com/mochajs/mocha/pull/4974)
- chore: fix the ci by [@&#8203;Uzlopak](https://github.com/Uzlopak)
in
[https://github.com/mochajs/mocha/pull/5020](https://github.com/mochajs/mocha/pull/5020)
- update can-i-use by [@&#8203;Uzlopak](https://github.com/Uzlopak) in
[https://github.com/mochajs/mocha/pull/5021](https://github.com/mochajs/mocha/pull/5021)
- chore: remove uuid dev dependency by
[@&#8203;Uzlopak](https://github.com/Uzlopak) in
[https://github.com/mochajs/mocha/pull/5022](https://github.com/mochajs/mocha/pull/5022)
- chore: remove nanoid as dependency by
[@&#8203;Uzlopak](https://github.com/Uzlopak) in
[https://github.com/mochajs/mocha/pull/5024](https://github.com/mochajs/mocha/pull/5024)
- chore: remove touch as dev dependency by
[@&#8203;Uzlopak](https://github.com/Uzlopak) in
[https://github.com/mochajs/mocha/pull/5023](https://github.com/mochajs/mocha/pull/5023)
- chore: remove stale workflow by
[@&#8203;JoshuaKGoldberg](https://github.com/JoshuaKGoldberg) in
[https://github.com/mochajs/mocha/pull/5029](https://github.com/mochajs/mocha/pull/5029)
- docs: fix fragment ID for yargs' "extends" documentation by
[@&#8203;Spencer-Doak](https://github.com/Spencer-Doak) in
[https://github.com/mochajs/mocha/pull/4918](https://github.com/mochajs/mocha/pull/4918)
- docs: use mocha.js instead of mocha in the example run by
[@&#8203;nikolas](https://github.com/nikolas) in
[https://github.com/mochajs/mocha/pull/4927](https://github.com/mochajs/mocha/pull/4927)
- docs: fix jsdoc return type of `titlePath` method by
[@&#8203;F3n67u](https://github.com/F3n67u) in
[https://github.com/mochajs/mocha/pull/4886](https://github.com/mochajs/mocha/pull/4886)
- docs: overhaul contributing and maintenance docs for end-of-year 2023
by [@&#8203;JoshuaKGoldberg](https://github.com/JoshuaKGoldberg) in
[https://github.com/mochajs/mocha/pull/5038](https://github.com/mochajs/mocha/pull/5038)
- docs: touchups to labels and a template title post-revamp by
[@&#8203;JoshuaKGoldberg](https://github.com/JoshuaKGoldberg) in
[https://github.com/mochajs/mocha/pull/5050](https://github.com/mochajs/mocha/pull/5050)
- fix: add alt text to Built with Netlify badge by
[@&#8203;JoshuaKGoldberg](https://github.com/JoshuaKGoldberg) in
[https://github.com/mochajs/mocha/pull/5068](https://github.com/mochajs/mocha/pull/5068)
- chore: inline nyan reporter's write function by
[@&#8203;JoshuaKGoldberg](https://github.com/JoshuaKGoldberg) in
[https://github.com/mochajs/mocha/pull/5056](https://github.com/mochajs/mocha/pull/5056)
- chore: remove unnecessary canvas dependency by
[@&#8203;JoshuaKGoldberg](https://github.com/JoshuaKGoldberg) in
[https://github.com/mochajs/mocha/pull/5069](https://github.com/mochajs/mocha/pull/5069)

#### New Contributors

- [@&#8203;jb2311](https://github.com/jb2311) made their first
contribution in
[https://github.com/mochajs/mocha/pull/4970](https://github.com/mochajs/mocha/pull/4970)
- [@&#8203;Uzlopak](https://github.com/Uzlopak) made their first
contribution in
[https://github.com/mochajs/mocha/pull/5020](https://github.com/mochajs/mocha/pull/5020)
- [@&#8203;Spencer-Doak](https://github.com/Spencer-Doak) made their
first contribution in
[https://github.com/mochajs/mocha/pull/4918](https://github.com/mochajs/mocha/pull/4918)
- [@&#8203;nikolas](https://github.com/nikolas) made their first
contribution in
[https://github.com/mochajs/mocha/pull/4927](https://github.com/mochajs/mocha/pull/4927)
- [@&#8203;F3n67u](https://github.com/F3n67u) made their first
contribution in
[https://github.com/mochajs/mocha/pull/4886](https://github.com/mochajs/mocha/pull/4886)

**Full Changelog**:
mochajs/mocha@v10.2.0...v10.3.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/line/line-bot-sdk-nodejs).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xNzMuMCIsInVwZGF0ZWRJblZlciI6IjM3LjE3My4wIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIn0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
renovate bot referenced this pull request in matzkoh/eslint-plugin-generate-test-id Feb 9, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [mocha](https://mochajs.org/)
([source](https://github.com/mochajs/mocha)) | [`10.2.0` ->
`10.3.0`](https://renovatebot.com/diffs/npm/mocha/10.2.0/10.3.0) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/mocha/10.3.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/mocha/10.3.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/mocha/10.2.0/10.3.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/mocha/10.2.0/10.3.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>mochajs/mocha (mocha)</summary>

### [`v10.3.0`](https://github.com/mochajs/mocha/releases/tag/v10.3.0)

[Compare
Source](https://github.com/mochajs/mocha/compare/v10.2.0...v10.3.0)

This is a stable release equivalent to
[v10.3.0-preminor.0](https://github.com/mochajs/mocha/releases/tag/v10.3.0-preminor.0).

#### What's Changed

- Fix deprecated warn gh actions by
[@&#8203;outsideris](https://github.com/outsideris) in
[https://github.com/mochajs/mocha/pull/4962](https://github.com/mochajs/mocha/pull/4962)
- fix [#&#8203;4837](https://github.com/mochajs/mocha/issues/4837)
Update glob due to vulnerability in dep by
[@&#8203;jb2311](https://github.com/jb2311) in
[https://github.com/mochajs/mocha/pull/4970](https://github.com/mochajs/mocha/pull/4970)
- Add Node v19 to test matrix by
[@&#8203;juergba](https://github.com/juergba) in
[https://github.com/mochajs/mocha/pull/4974](https://github.com/mochajs/mocha/pull/4974)
- chore: fix the ci by [@&#8203;Uzlopak](https://github.com/Uzlopak)
in
[https://github.com/mochajs/mocha/pull/5020](https://github.com/mochajs/mocha/pull/5020)
- update can-i-use by [@&#8203;Uzlopak](https://github.com/Uzlopak) in
[https://github.com/mochajs/mocha/pull/5021](https://github.com/mochajs/mocha/pull/5021)
- chore: remove uuid dev dependency by
[@&#8203;Uzlopak](https://github.com/Uzlopak) in
[https://github.com/mochajs/mocha/pull/5022](https://github.com/mochajs/mocha/pull/5022)
- chore: remove nanoid as dependency by
[@&#8203;Uzlopak](https://github.com/Uzlopak) in
[https://github.com/mochajs/mocha/pull/5024](https://github.com/mochajs/mocha/pull/5024)
- chore: remove touch as dev dependency by
[@&#8203;Uzlopak](https://github.com/Uzlopak) in
[https://github.com/mochajs/mocha/pull/5023](https://github.com/mochajs/mocha/pull/5023)
- chore: remove stale workflow by
[@&#8203;JoshuaKGoldberg](https://github.com/JoshuaKGoldberg) in
[https://github.com/mochajs/mocha/pull/5029](https://github.com/mochajs/mocha/pull/5029)
- docs: fix fragment ID for yargs' "extends" documentation by
[@&#8203;Spencer-Doak](https://github.com/Spencer-Doak) in
[https://github.com/mochajs/mocha/pull/4918](https://github.com/mochajs/mocha/pull/4918)
- docs: use mocha.js instead of mocha in the example run by
[@&#8203;nikolas](https://github.com/nikolas) in
[https://github.com/mochajs/mocha/pull/4927](https://github.com/mochajs/mocha/pull/4927)
- docs: fix jsdoc return type of `titlePath` method by
[@&#8203;F3n67u](https://github.com/F3n67u) in
[https://github.com/mochajs/mocha/pull/4886](https://github.com/mochajs/mocha/pull/4886)
- docs: overhaul contributing and maintenance docs for end-of-year 2023
by [@&#8203;JoshuaKGoldberg](https://github.com/JoshuaKGoldberg) in
[https://github.com/mochajs/mocha/pull/5038](https://github.com/mochajs/mocha/pull/5038)
- docs: touchups to labels and a template title post-revamp by
[@&#8203;JoshuaKGoldberg](https://github.com/JoshuaKGoldberg) in
[https://github.com/mochajs/mocha/pull/5050](https://github.com/mochajs/mocha/pull/5050)
- fix: add alt text to Built with Netlify badge by
[@&#8203;JoshuaKGoldberg](https://github.com/JoshuaKGoldberg) in
[https://github.com/mochajs/mocha/pull/5068](https://github.com/mochajs/mocha/pull/5068)
- chore: inline nyan reporter's write function by
[@&#8203;JoshuaKGoldberg](https://github.com/JoshuaKGoldberg) in
[https://github.com/mochajs/mocha/pull/5056](https://github.com/mochajs/mocha/pull/5056)
- chore: remove unnecessary canvas dependency by
[@&#8203;JoshuaKGoldberg](https://github.com/JoshuaKGoldberg) in
[https://github.com/mochajs/mocha/pull/5069](https://github.com/mochajs/mocha/pull/5069)

#### New Contributors

- [@&#8203;jb2311](https://github.com/jb2311) made their first
contribution in
[https://github.com/mochajs/mocha/pull/4970](https://github.com/mochajs/mocha/pull/4970)
- [@&#8203;Uzlopak](https://github.com/Uzlopak) made their first
contribution in
[https://github.com/mochajs/mocha/pull/5020](https://github.com/mochajs/mocha/pull/5020)
- [@&#8203;Spencer-Doak](https://github.com/Spencer-Doak) made their
first contribution in
[https://github.com/mochajs/mocha/pull/4918](https://github.com/mochajs/mocha/pull/4918)
- [@&#8203;nikolas](https://github.com/nikolas) made their first
contribution in
[https://github.com/mochajs/mocha/pull/4927](https://github.com/mochajs/mocha/pull/4927)
- [@&#8203;F3n67u](https://github.com/F3n67u) made their first
contribution in
[https://github.com/mochajs/mocha/pull/4886](https://github.com/mochajs/mocha/pull/4886)

**Full Changelog**:
mochajs/mocha@v10.2.0...v10.3.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/matzkoh/eslint-plugin-generate-test-id).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xNzMuMCIsInVwZGF0ZWRJblZlciI6IjM3LjE3My4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
ogkevin-robot bot referenced this pull request in OGKevin/obsidian-kobo-highlights-import Feb 11, 2024
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [mocha](https://mochajs.org/) ([source](https://github.com/mochajs/mocha)) | devDependencies | minor | [`10.2.0` -> `10.3.0`](https://renovatebot.com/diffs/npm/mocha/10.2.0/10.3.0) |

---

### Release Notes

<details>
<summary>mochajs/mocha (mocha)</summary>

### [`v10.3.0`](https://github.com/mochajs/mocha/releases/tag/v10.3.0)

[Compare Source](https://github.com/mochajs/mocha/compare/v10.2.0...v10.3.0)

This is a stable release equivalent to [v10.3.0-preminor.0](https://github.com/mochajs/mocha/releases/tag/v10.3.0-preminor.0).

#### What's Changed

-   Fix deprecated warn gh actions by [@&#8203;outsideris](https://github.com/outsideris) in [https://github.com/mochajs/mocha/pull/4962](https://github.com/mochajs/mocha/pull/4962)
-   fix [#&#8203;4837](https://github.com/mochajs/mocha/issues/4837) Update glob due to vulnerability in dep by [@&#8203;jb2311](https://github.com/jb2311) in [https://github.com/mochajs/mocha/pull/4970](https://github.com/mochajs/mocha/pull/4970)
-   Add Node v19 to test matrix by [@&#8203;juergba](https://github.com/juergba) in [https://github.com/mochajs/mocha/pull/4974](https://github.com/mochajs/mocha/pull/4974)
-   chore: fix the ci by [@&#8203;Uzlopak](https://github.com/Uzlopak) in [https://github.com/mochajs/mocha/pull/5020](https://github.com/mochajs/mocha/pull/5020)
-   update can-i-use by [@&#8203;Uzlopak](https://github.com/Uzlopak) in [https://github.com/mochajs/mocha/pull/5021](https://github.com/mochajs/mocha/pull/5021)
-   chore: remove uuid dev dependency by [@&#8203;Uzlopak](https://github.com/Uzlopak) in [https://github.com/mochajs/mocha/pull/5022](https://github.com/mochajs/mocha/pull/5022)
-   chore: remove nanoid as dependency by [@&#8203;Uzlopak](https://github.com/Uzlopak) in [https://github.com/mochajs/mocha/pull/5024](https://github.com/mochajs/mocha/pull/5024)
-   chore: remove touch as dev dependency by [@&#8203;Uzlopak](https://github.com/Uzlopak) in [https://github.com/mochajs/mocha/pull/5023](https://github.com/mochajs/mocha/pull/5023)
-   chore: remove stale workflow by [@&#8203;JoshuaKGoldberg](https://github.com/JoshuaKGoldberg) in [https://github.com/mochajs/mocha/pull/5029](https://github.com/mochajs/mocha/pull/5029)
-   docs: fix fragment ID for yargs' "extends" documentation by [@&#8203;Spencer-Doak](https://github.com/Spencer-Doak) in [https://github.com/mochajs/mocha/pull/4918](https://github.com/mochajs/mocha/pull/4918)
-   docs: use mocha.js instead of mocha in the example run by [@&#8203;nikolas](https://github.com/nikolas) in [https://github.com/mochajs/mocha/pull/4927](https://github.com/mochajs/mocha/pull/4927)
-   docs: fix jsdoc return type  of `titlePath` method by [@&#8203;F3n67u](https://github.com/F3n67u) in [https://github.com/mochajs/mocha/pull/4886](https://github.com/mochajs/mocha/pull/4886)
-   docs: overhaul contributing and maintenance docs for end-of-year 2023 by [@&#8203;JoshuaKGoldberg](https://github.com/JoshuaKGoldberg) in [https://github.com/mochajs/mocha/pull/5038](https://github.com/mochajs/mocha/pull/5038)
-   docs: touchups to labels and a template title post-revamp by [@&#8203;JoshuaKGoldberg](https://github.com/JoshuaKGoldberg) in [https://github.com/mochajs/mocha/pull/5050](https://github.com/mochajs/mocha/pull/5050)
-   fix: add alt text to Built with Netlify badge by [@&#8203;JoshuaKGoldberg](https://github.com/JoshuaKGoldberg) in [https://github.com/mochajs/mocha/pull/5068](https://github.com/mochajs/mocha/pull/5068)
-   chore: inline nyan reporter's write function by [@&#8203;JoshuaKGoldberg](https://github.com/JoshuaKGoldberg) in [https://github.com/mochajs/mocha/pull/5056](https://github.com/mochajs/mocha/pull/5056)
-   chore: remove unnecessary canvas dependency by [@&#8203;JoshuaKGoldberg](https://github.com/JoshuaKGoldberg) in [https://github.com/mochajs/mocha/pull/5069](https://github.com/mochajs/mocha/pull/5069)

#### New Contributors

-   [@&#8203;jb2311](https://github.com/jb2311) made their first contribution in [https://github.com/mochajs/mocha/pull/4970](https://github.com/mochajs/mocha/pull/4970)
-   [@&#8203;Uzlopak](https://github.com/Uzlopak) made their first contribution in [https://github.com/mochajs/mocha/pull/5020](https://github.com/mochajs/mocha/pull/5020)
-   [@&#8203;Spencer-Doak](https://github.com/Spencer-Doak) made their first contribution in [https://github.com/mochajs/mocha/pull/4918](https://github.com/mochajs/mocha/pull/4918)
-   [@&#8203;nikolas](https://github.com/nikolas) made their first contribution in [https://github.com/mochajs/mocha/pull/4927](https://github.com/mochajs/mocha/pull/4927)
-   [@&#8203;F3n67u](https://github.com/F3n67u) made their first contribution in [https://github.com/mochajs/mocha/pull/4886](https://github.com/mochajs/mocha/pull/4886)

**Full Changelog**: mochajs/mocha@v10.2.0...v10.3.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xMy4zIiwidXBkYXRlZEluVmVyIjoiMzcuMTMuMyIsInRhcmdldEJyYW5jaCI6Im1hc3RlciJ9-->
This was referenced Aug 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants