Security vulnerability for mocha@2.4.5
robincher opened this issue · 2 comments
robincher commented
Issue Summary
There are security vulnerabilities found in mocha@2.4.5 sub-dependencies. The vulnerabilities found are marked as High-severity, so i thought it should bring this up for the team consideration since it will be a pretty straight-forward fix. The recommended fix is to upgrade mocha to version 4 (minimum)
Expected work to be done
- Update Mocha to version 4 (or 5) in package.json
- Update travis.yml to ensure travis only run up to node version supported by Mocha version 4 (or 5 the latest)
Steps to Reproduce
- npm install
- npm audit
- Analyse the output.
More information for the vulnerability :
https://snyk.io/test/npm/mocha/2.4.5
Technical details:
- node-http-client Version: master (latest commit: [a341cf3])
- Node.js Version:8.x.x
robincher commented
@thinkingserious I can take this piece of work if you think it's worthwhile for this month :)
thinkingserious commented
Thank you @robincher!