Skip to content

[Snyk] Upgrade chai from 4.2.0 to 4.3.4 #58

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade chai from 4.2.0 to 4.3.4 #58

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link
Contributor

@snyk-bot snyk-bot commented Jun 7, 2021

Snyk has created this PR to upgrade chai from 4.2.0 to 4.3.4.

merge advice
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 5 versions ahead of your current version.
  • The recommended version was released 3 months ago, on 2021-03-12.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Prototype Pollution
SNYK-JS-PATHVAL-596926		 407/1000
Why? Proof of Concept exploit, CVSS 6		 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: chai
  • 4.3.4 - 2021-03-12

    This fixes broken inspect behavior with bigints (#1321) (#1383) thanks @ vapier

  • 4.3.3 - 2021-03-03

    This reintroduces Assertion as an export in the mjs file. See #1378 & #1375

  • 4.3.2 - 2021-03-03

    This fixes a regression in IE11. See #1380 & #1379

  • 4.3.1 - 2021-03-02

    This releases fixed an engine incompatibility with 4.3.0

    The 4.x.x series of releases will be compatible with Node 4.0. Please report any errors found in Node 4 as bugs, and they will be fixed.

    The 5.x.x series, when released, will drop support for Node 4.0

    This fix also ensures pathval is updated to 1.1.1 to fix CVE-2020-7751

  • 4.3.0 - 2021-02-04

    This is a minor release.

    Not many changes have got in since the last release but this one contains a very important change (#1257) which will allow jest users to get better diffs. From this release onwards, jest users will be able to see which operator was used in their diffs. The operator is a property of the AssertionError thrown when assertions fail. This flag indicates what kind of comparison was made.

    This is also an important change for plugin maintainers. Plugin maintainers will now have access to the operator flag, which they can have access to through an utilmethod calledgetOperator`.

    Thanks to all the amazing people that contributed to this release.

    New Features

    • Allow contain.oneOf to take an array of possible values (@ voliva)
    • Adding operator attribute to assertion error (#1257) (@ rpgeeganage)
    • The closeTo error message will now inform the user when a delta is required (@ eouw0o83hf)

    Docs

    • Add contains flag to oneOf documentation (@ voliva)

    Tests

    • Make sure that useProxy config is checked in overwriteProperty (@ vieiralucas)
    • Add tests for contain.oneOf (@ voliva )

    Chores

    • Update mocha to version 6.1.4
    • Add node v10 and v12 to ci (@ vieiralucas)
    • Drop support for node v4, v6 and v9 (@ vieiralucas)
    • Fix sauce config for headless chrome (@ meeber)
    • Update dev dependencies (@ meeber)
    • Removed phantomjs dependency (#1204)
  • 4.2.0 - 2018-09-26
    Read more
from chai GitHub release notes
Commit messages
Package name: chai

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@codecov
Copy link

codecov bot commented Jun 7, 2021
edited
Loading

Codecov Report

Merging #58 (12f4810) into master (7b1b30a) will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##           master      #58   +/-   ##
=======================================
  Coverage   60.26%   60.26%           
=======================================
  Files           1        1           
  Lines         302      302           
  Branches       64       64           
=======================================
  Hits          182      182           
  Misses        120      120
Flag Coverage Δ
unit 60.26% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 7b1b30a...12f4810. Read the comment docs.

@codecov-commenter
Copy link

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 60.26%. Comparing base (7b1b30a) to head (12f4810).

Additional details and impacted files 
@@           Coverage Diff           @@
##           master      #58   +/-   ##
=======================================
  Coverage   60.26%   60.26%           
=======================================
  Files           1        1           
  Lines         302      302           
  Branches       64       64           
=======================================
  Hits          182      182           
  Misses        120      120
Flag Coverage Δ
unit 60.26% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@snyk-bot @codecov-commenter