Bump mocha from 10.2.0 to 10.4.0 by dependabot[bot] · Pull Request #178 · yahoo/serialize-javascript

dependabot · 2024-04-01T13:45:04Z

Bumps mocha from 10.2.0 to 10.4.0.

Release notes

v10.4.0

10.4.0 / 2024-03-26

🎉 Enhancements

#4829 feat: include .cause stacks in the error stack traces (@voxpelli)

#4985 feat: add file path to xunit reporter (@bmish)

🐛 Fixes

#5074 fix: harden error handling in lib/cli/run.js (@stalet)

🔩 Other

#5077 chore: add mtfoley/pr-compliance-action (@JoshuaKGoldberg)

#5060 chore: migrate ESLint config to flat config (@JoshuaKGoldberg)

#5095 chore: revert #5069 to restore Netlify builds (@voxpelli)

#5097 docs: add sponsored to sponsorship link rels (@JoshuaKGoldberg)

#5093 chore: add 'status: in triage' label to issue templates and docs (@JoshuaKGoldberg)

#5083 docs: fix CHANGELOG.md headings to start with a root-level h1 (@JoshuaKGoldberg)

#5100 chore: fix header generation and production build crashes (@JoshuaKGoldberg)

#5104 chore: bump ESLint ecmaVersion to 2020 (@JoshuaKGoldberg)

#5116 fix: eleventy template builds crash with 'unexpected token at ": string, msg..."' (@LcsK)

#4869 docs: fix documentation concerning glob expansion on UNIX (@binki)

#5122 test: fix xunit integration test (@voxpelli)

#5123 chore: activate dependabot for workflows (@voxpelli)

#5125 build(deps): bump the github-actions group with 2 updates (@dependabot)

v10.3.0

This is a stable release equivalent to v10.3.0-preminor.0.

What's Changed

Fix deprecated warn gh actions by @outsideris in mochajs/mocha#4962

fix #4837 Update glob due to vulnerability in dep by @jb2311 in mochajs/mocha#4970

Add Node v19 to test matrix by @juergba in mochajs/mocha#4974

chore: fix the ci by @Uzlopak in mochajs/mocha#5020

update can-i-use by @Uzlopak in mochajs/mocha#5021

chore: remove uuid dev dependency by @Uzlopak in mochajs/mocha#5022

chore: remove nanoid as dependency by @Uzlopak in mochajs/mocha#5024

chore: remove touch as dev dependency by @Uzlopak in mochajs/mocha#5023

chore: remove stale workflow by @JoshuaKGoldberg in mochajs/mocha#5029

docs: fix fragment ID for yargs' "extends" documentation by @Spencer-Doak in mochajs/mocha#4918

docs: use mocha.js instead of mocha in the example run by @nikolas in mochajs/mocha#4927

docs: fix jsdoc return type of titlePath method by @F3n67u in mochajs/mocha#4886

docs: overhaul contributing and maintenance docs for end-of-year 2023 by @JoshuaKGoldberg in mochajs/mocha#5038

docs: touchups to labels and a template title post-revamp by @JoshuaKGoldberg in mochajs/mocha#5050

fix: add alt text to Built with Netlify badge by @JoshuaKGoldberg in mochajs/mocha#5068

chore: inline nyan reporter's write function by @JoshuaKGoldberg in mochajs/mocha#5056

chore: remove unnecessary canvas dependency by @JoshuaKGoldberg in mochajs/mocha#5069

... (truncated)

Changelog

Sourced from mocha's changelog.

10.4.0 / 2024-03-26

🎉 Enhancements

#4829 feat: include .cause stacks in the error stack traces (@voxpelli)

#4985 feat: add file path to xunit reporter (@bmish)

🐛 Fixes

#5074 fix: harden error handling in lib/cli/run.js (@stalet)

🔩 Other

#5077 chore: add mtfoley/pr-compliance-action (@JoshuaKGoldberg)

#5060 chore: migrate ESLint config to flat config (@JoshuaKGoldberg)

#5095 chore: revert #5069 to restore Netlify builds (@voxpelli)

#5097 docs: add sponsored to sponsorship link rels (@JoshuaKGoldberg)

#5093 chore: add 'status: in triage' label to issue templates and docs (@JoshuaKGoldberg)

#5083 docs: fix CHANGELOG.md headings to start with a root-level h1 (@JoshuaKGoldberg)

#5100 chore: fix header generation and production build crashes (@JoshuaKGoldberg)

#5104 chore: bump ESLint ecmaVersion to 2020 (@JoshuaKGoldberg)

#5116 fix: eleventy template builds crash with 'unexpected token at ": string, msg..."' (@LcsK)

#4869 docs: fix documentation concerning glob expansion on UNIX (@binki)

#5122 test: fix xunit integration test (@voxpelli)

#5123 chore: activate dependabot for workflows (@voxpelli)

#5125 build(deps): bump the github-actions group with 2 updates (@dependabot)

10.3.0 / 2024-02-08

This is a stable release equivalent to 10.30.0-prerelease.

10.3.0-prerelease / 2024-01-18

This is a prerelease version to test our ability to release. Other than removing or updating dependencies, it contains no intended user-facing changes.

🔩 Other

#5069: chore: remove unnecessary canvas dependency (@JoshuaKGoldberg)

#5068: fix: add alt text to Built with Netlify badge (@JoshuaKGoldberg)

#5056: chore: inline nyan reporter's write function (@JoshuaKGoldberg)

#5050: docs: touchups to labels and a template title post-revamp (@JoshuaKGoldberg)

#5038: docs: overhaul contributing and maintenance docs for end-of-year 2023 (@JoshuaKGoldberg)

#5029: chore: remove stale workflow (@JoshuaKGoldberg)

#5024: chore: remove nanoid as dependency (@Uzlopak)

#5023: chore: remove touch as dev dependency (@Uzlopak)

#5022: chore: remove uuid dev dependency (@Uzlopak)

#5021: update can-i-use (@Uzlopak)

#5020: chore: fix the ci (@Uzlopak)

#4974: Add Node v19 to test matrix (@juergba)

... (truncated)

Commits

ffd9557 Release v10.4.0
7ac67f3 build(deps): bump the github-actions group with 2 updates (#5125)
7a2781c chore: activate dependabot for workflows (#5123)
97dcbb2 fix: harden error handling in lib/cli/run.js (#5074)
6f3f45e fix: xunit integration test (#5122)
a5b5652 docs: fix documentation concerning glob expansion on UNIX (#4869)
efbb147 feat: add file path to xunit reporter (#4985)
a2e600d fix: closes #5115 (#5116)
3735873 feat: include .cause stacks in the error stack traces (#4829)
b88978d chore: bump ESLint ecmaVersion to 2020 (#5104)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by voxpelli, a new releaser for mocha since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [mocha](https://github.com/mochajs/mocha) from 10.2.0 to 10.4.0. - [Release notes](https://github.com/mochajs/mocha/releases) - [Changelog](https://github.com/mochajs/mocha/blob/master/CHANGELOG.md) - [Commits](mochajs/mocha@v10.2.0...v10.4.0) --- updated-dependencies: - dependency-name: mocha dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

okuryu · 2024-04-01T15:21:08Z

@dependabot squash and merge

Summary: Bumps serialize-javascript from 6.0.2 to 7.0.5. Release notes (sourced from serialize-javascript’s releases) - v7.0.5 Fixes Improve robustness and validation for array-like object serialization. Fix an issue where certain object structures could lead to excessive CPU usage. For more details, please see GHSA-qj8w-gfj5-8c6v. - v7.0.4 What’s Changed release: v7.0.4 by okuryu in yahoo/serialize-javascript#211 Full Changelog: yahoo/serialize-javascript@v7.0.3...v7.0.4 - v7.0.3 fix(CVE-2020-7660): fix for RegExp.flags and Date.prototype.toISOString (#207) 2e609d0 build(deps-dev): bump lodash from 4.17.21 to 4.17.23 (#206) 42b7cdb Compare: yahoo/serialize-javascript@v7.0.2...v7.0.3 - v7.0.2 What’s Changed ci: bump GitHub Actions to latest versions by okuryu in yahoo/serialize-javascript#203 ci: setup trusted publishing workflow by okuryu in yahoo/serialize-javascript#204 release: v7.0.2 by okuryu in yahoo/serialize-javascript#205 Full Changelog: yahoo/serialize-javascript@v7.0.1...v7.0.2 - v7.0.1 What’s Changed Add warning about using this package to send arbitrary data to worker threads by valadaptive in yahoo/serialize-javascript#200 security: sanitize function bodies by redonkulus in yahoo/serialize-javascript#199 docs: tweak README by okuryu in yahoo/serialize-javascript#201 release: v7.0.1 by okuryu in yahoo/serialize-javascript#202 New Contributors redonkulus made their first contribution in yahoo/serialize-javascript#199 Full Changelog: yahoo/serialize-javascript@v7.0.0...v7.0.1 - v7.0.0 Breaking Changes requires Node.js v20+ What’s Changed Bump mocha from 10.2.0 to 10.4.0 by dependabot[bot] in yahoo/serialize-javascript#178 Commits df3f1c1 release: v7.0.5 f147e90 Merge commit from fork eec32e0 release: v7.0.4 d505715 7.0.3 2e609d0 fix(CVE-2020-7660): fix for RegExp.flags and Date.prototype.toISOString (#207) 42b7cdb build(deps-dev): bump lodash from 4.17.21 to 4.17.23 (#206) 44f544b release: v7.0.2 (#205) bba0ddd ci: setup trusted publishing workflow (#204) 235f6ea ci: bump GitHub Actions to latest versions (#203) f7fff15 release: v7.0.1 (#202) Additional commits: yahoo/serialize-javascript@v6.0.2...v7.0.5 Differential Revision: D99491918 fbshipit-source-id: 91bc933bd8b3e3ca7e54bbae13fe4126c267f852

dependabot bot added the dependencies Pull requests that update a dependency file label Apr 1, 2024

dependabot bot mentioned this pull request Apr 1, 2024

Bump mocha from 10.2.0 to 10.3.0 #176

Closed

okuryu approved these changes Apr 1, 2024

View reviewed changes

dependabot bot merged commit 9b6c699 into main Apr 1, 2024

dependabot bot deleted the dependabot/npm_and_yarn/mocha-10.4.0 branch April 1, 2024 15:21

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump mocha from 10.2.0 to 10.4.0#178

Bump mocha from 10.2.0 to 10.4.0#178
dependabot[bot] merged 1 commit intomainfrom
dependabot/npm_and_yarn/mocha-10.4.0

dependabot bot commented on behalf of github Apr 1, 2024

Uh oh!

okuryu commented Apr 1, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot bot commented on behalf of github Apr 1, 2024

v10.4.0

10.4.0 / 2024-03-26

🎉 Enhancements

🐛 Fixes

🔩 Other

v10.3.0

What's Changed

10.4.0 / 2024-03-26

🎉 Enhancements

🐛 Fixes

🔩 Other

10.3.0 / 2024-02-08

10.3.0-prerelease / 2024-01-18

🔩 Other

Uh oh!

okuryu commented Apr 1, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant