Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): upgrade all to latest stable #4556

Merged
merged 1 commit into from
Jan 29, 2021
Merged

chore(deps): upgrade all to latest stable #4556

merged 1 commit into from
Jan 29, 2021

Conversation

AviVahl
Copy link
Contributor

@AviVahl AviVahl commented Jan 18, 2021

Description of the Change

bump all production deps to latest stable versions and regenerate lock file from scratch.

npm audit on master:
found 39 vulnerabilities (30 low, 7 moderate, 2 high) in 2645 scanned packages

npm audit on branch:
found 3 low severity vulnerabilities in 2569 scanned packages

Alternate Designs

  • Keep old versions?
  • Setup dependabot or renovate bot.
  • Use carets.

Why should this be in core?

  • Any bug fixes and/or improvements in new versions.
  • Better de-duping for consumers.

Benefits

Improved audit result (for repo itself)

Possible Drawbacks

Any version upgrade is susceptible to regressions, especially in non-tested areas.

Applicable issues

#4533

@coveralls
Copy link

coveralls commented Jan 18, 2021

Coverage Status

Coverage remained the same at 94.143% when pulling 3056999 on AviVahl:upgrade-production-deps into c667d10 on mochajs:master.

bump all production deps to latest stable versions and regenerate lock file from scratch.

`npm audit` on `master`:
`found 39 vulnerabilities (30 low, 7 moderate, 2 high) in 2645 scanned packages`

`npm audit` on branch:
`found 3 low severity vulnerabilities in 2569 scanned packages`
Copy link
Contributor

@juergba juergba left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@AviVahl I pushed your branch to our repo, in order to run the browser test successfully.
The browser test doesn't work with github actions for PR's of forked repos.

lib/cli/config.js Show resolved Hide resolved
Copy link
Contributor

@juergba juergba left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@AviVahl thank you.

closes #4533

@juergba juergba added dependencies Pull requests that update a dependency file area: security involving vulnerabilities semver-patch implementation requires increase of "patch" version number; "bug fixes" labels Jan 29, 2021
@juergba juergba added this to the next milestone Jan 29, 2021
@juergba juergba merged commit 1a05ad7 into mochajs:master Jan 29, 2021
@juergba juergba modified the milestones: next, v8.3.0 Feb 11, 2021
This was referenced Mar 15, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area: security involving vulnerabilities dependencies Pull requests that update a dependency file semver-patch implementation requires increase of "patch" version number; "bug fixes"
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants