🚨 [security] Update mocha 7.2.0 → 10.4.0 (major) #119
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🚨 Your current dependencies have known security vulnerabilities 🚨
This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!
Here is everything you need to know about this upgrade. Please take a good look at what changed and the test results before merging this pull request.
What changed?
✳️ mocha (7.2.0 → 10.4.0) · Repo · Changelog
Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
✳️ duti (0.15.2 → 0.15.3) · Repo · Changelog
Release Notes
0.15.3 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 18 commits:
4.1.1
use Object.assign
4.1.0
generate readme
Merge pull request #33 from doowb/custom-functions
support custom functions
examples
support custom functions
4.0.1
allow new object to be created
4.0.0
add support for custom colors and themes
add special support for hyper
upgrade devDependencies
remove FUNDING.yml
Create FUNDING.yml
3.2.4
improve ansi regex
Release Notes
2.6.12
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 49 commits:
5.0.0
Remove dead code
Update release notes for 5.0.0
Update to match quirks of unified diff format (#297)
Upgrade security flagged deps
Fix README.md (#300)
Upgrade major deps
Upgrade minor deps (#295)
Upgrade old Karma libs (#294)
Remove grunt-clean
Merge branch 'master' of github.com:kpdecker/jsdiff
added word wrap on results div (#231)
Separate patch creation from serialization. (#251)
Threat each newline as separate word in `diffWordsWithSpace` (#217)
Bump elliptic from 6.4.1 to 6.5.3 (#291)
Feat: Add `exports` map for Native ESM (#293)
Bump lodash from 4.17.15 to 4.17.19 (#290)
Bump websocket-extensions from 0.1.3 to 0.1.4 (#288)
Bump acorn from 5.7.3 to 5.7.4 (#281)
Added keywords to improve npm discoverability. (#280)
Bump handlebars from 4.1.2 to 4.5.3 (#274)
Bump https-proxy-agent from 2.2.1 to 2.2.4 (#285)
update readme examples to es6 (#276)
4.0.2
Drop vscode dir from node module
Bump mixin-deep from 1.3.1 to 1.3.2 (#267)
Bump eslint-utils from 1.3.1 to 1.4.2 (#266)
Bump adm-zip from 0.4.7 to 0.4.13 (#259)
Bump sshpk from 1.13.1 to 1.16.1 (#262)
Bump stringstream from 0.0.5 to 0.0.6 (#258)
Bump handlebars from 4.0.11 to 4.1.2 (#261)
Bump extend from 3.0.1 to 3.0.2 (#260)
Bump lodash from 4.17.5 to 4.17.15 (#263)
Normalize doc/ex with `Diff` package.json naming from npmjs.com (#245)
v4.0.1
Update release notes
Fix main reference path
v4.0.0
Update release notes
Drop ie9 from karma targets
Fix missing grunt-karma module
Upgrade CI env to node 10
Upgrade deps. Convert from webpack to rollup
Fix: Missing "No newline at end of file" when comparing two texts that do not end in newlines (#94)
Make ()[]"' as word boundaries between each other
jsdiff: Replaced phantomJS by chrome
Add yarn.lock to .npmignore
fix typo in README
Remove duplicated release notes for v3.5.0
Security Advisories 🚨
🚨 flat vulnerable to Prototype Pollution
Commits
See the full diff on Github. The new version differs by 23 commits:
Release 5.0.2
Update dependencies, refresh lockfile, format with standard.
Test against node 14 in CI.
Avoid arrow function syntax.
Release 5.0.1
use standard formatting
drop dependencies
Bump lodash from 4.17.15 to 4.17.19
Bump acorn from 7.1.0 to 7.4.0
Fix prototype pollution on unflatten
Test prototype pollution on unflatten
Add node 10 & 12 to travis config.
Release 5.0.0
Add tests around cli. Only show usage if on TTY & no argument, allow eaccess error if file not readable.
Convert var to const across source.
Exit 1 on usage if specified a file.
Exit 1 on usage.
Stop cli processing on error.
Fix lint issues, use non-deprecated strictEqual/deepStrictEqual in tests.
Update dependencies.
Fix losing order of keys after unflatten an object
Fix issue in `overwrite` example code
feat: (flatten, unflatten) Add the transformKey opt.
Release Notes
4.1.0
4.0.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 10 commits:
4.1.0
Improve detection for terminals supporting Unicode
Move to GitHub Actions (#25)
4.0.0
Meta tweaks
Require Node.js 10 and upgrade chalk (#23)
Add link to Golang port in the readme (#22)
Tidelift tasks
Create funding.yml
Add Node.js 12 to testing (#21)
Sorry, we couldn't find anything useful about this release.
Release Notes
3.3.6 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 7 commits:
fixup! Prepare for 3.3.6
Prepare for 3.3.6
Compile dist
Bump version in manifests to current
Add lock file and pin node.js
Disable broken eslint rules for now
Update deps
Commits
See the full diff on Github. The new version differs by 17 commits:
chore: release 2.0.0 (#72)
refactor!: upgrade deps drop Node 6/8 (#71)
chore: release 1.6.4 (#69)
build(deps): bump lodash from 4.17.15 to 4.17.20 (#70)
fix(security): upgraded flat to version ^5.0.2
build: enable --engines-strict and dust off config (#68)
chore: release 1.6.3 (#62)
fix: test automatic publish
chore: release 1.6.2 (#61)
fix(readme): marketing was injected dubiously into README (#60)
chore: release 1.6.1 (#58)
chore: update dev deps (#59)
build: use actions for build (#56)
fix(deps): downgrade yargs, such that we continue supporting Node 6 (#57)
chore: yargs v15 and yargs-parser v18 (#53)
Update yargs to the latest version 🚀 (#43)
refactor: drop lodash some, castArray and omitBy (#42)
🆕 @babel/polyfill (added, 7.12.1)
🆕 escalade (added, 3.1.2)
🆕 futil (added, 1.76.4)
🆕 is-plain-obj (added, 2.1.0)
🆕 is-unicode-supported (added, 0.1.0)
🆕 randombytes (added, 2.1.0)
🆕 serialize-javascript (added, 6.0.0)
🆕 workerpool (added, 6.2.1)
🆕 yocto-queue (added, 0.1.0)
🗑️ babel-polyfill (removed)
🗑️ babel-runtime (removed)
🗑️ futil-js (removed)
🗑️ growl (removed)
🗑️ node-environment-flags (removed)
🗑️ object.getownpropertydescriptors (removed)
🗑️ wide-align (removed)
Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with
@depfu rebase
.All Depfu comment commands