You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have 'smoke tested' the code to be tested by running it outside the real test suite to get a better sense of whether the problem is in the code under test, my usage of Mocha, or Mocha itself.
I want to provide a PR to resolve this
Expected
Adding a dependency to the Mocha package should not introduce security vulnerabilities.
Actual
If your project uses Snyk to protect against security vulnerabilities, the Mocha dependency is flagged as problematic due to an explicit lock on serialize-javascript 6.0.0
Bug Report Checklist
faq
label, but none matched my issue.Expected
Adding a dependency to the Mocha package should not introduce security vulnerabilities.
Actual
If your project uses Snyk to protect against security vulnerabilities, the Mocha dependency is flagged as problematic due to an explicit lock on serialize-javascript 6.0.0
https://security.snyk.io/package/npm/serialize-javascript
Minimal, Reproducible Example
Refer to https://security.snyk.io/package/npm/serialize-javascript for the vulnerable versions of this package.
Versions
From
package-lock.json
I checked the latest Mocha
package-lock.json
though, and theserialize-javascript
version is still at 6.0.0.Additional Info
No response
The text was updated successfully, but these errors were encountered: