Use a hardcoded no-op instead of instancing

[Alhadis]

Using new Function() is considered unsafe evaluation, which means it breaks if executed in an environment with a strict Content Security Policy (CSP).

In my case, it's causing an EvalError for a test-runner I wrote for Atom:

EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".

	at new Function (<anonymous>)
	at Object.addProperty (/Users/johngardner/Labs/Atom-Mocha/node_modules/chai/lib/chai/utils/addProperty.js:39:35)
	at Function.Assertion.addProperty (/Users/johngardner/Labs/Atom-Mocha/node_modules/chai/lib/chai/assertion.js:94:10)
	at /Users/johngardner/Labs/Atom-Mocha/node_modules/chai/lib/chai/core/assertions.js:46:15
	at Array.forEach (native)
	at module.exports (/Users/johngardner/Labs/Atom-Mocha/node_modules/chai/lib/chai/core/assertions.js:45:35)
	at Object.exports.use (/Users/johngardner/Labs/Atom-Mocha/node_modules/chai/lib/chai.js:39:5)
	at Object.<anonymous> (/Users/johngardner/Labs/Atom-Mocha/node_modules/chai/lib/chai.js:71:9)
	at Object.<anonymous> (/Users/johngardner/Labs/Atom-Mocha/node_modules/chai/lib/chai.js:94:3)
	at Module._compile (/Applications/Atom.app/Contents/Resources/app/src/native-compile-cache.js:87:30)
	at Object.value [as .js] (/Applications/Atom.app/Contents/Resources/app/src/compile-cache.js:234:23)
	at Module.load (module.js:488:32)
	at tryModuleLoad (module.js:447:12)
	at Function.Module._load (module.js:439:3)
	at Module.require (module.js:498:17)
	at require (/Applications/Atom.app/Contents/Resources/app/src/native-compile-cache.js:47:27)
	at Object.<anonymous> (/Users/johngardner/Labs/Atom-Mocha/node_modules/chai/index.js:1:173)
	at Object.<anonymous> (/Users/johngardner/Labs/Atom-Mocha/node_modules/chai/index.js:3:3)
	at Module._compile (/Applications/Atom.app/Contents/Resources/app/src/native-compile-cache.js:87:30)
	at Object.value [as .js] (/Applications/Atom.app/Contents/Resources/app/src/compile-cache.js:234:23)
	at Module.load (module.js:488:32)
	at tryModuleLoad (module.js:447:12)
	at Function.Module._load (module.js:439:3)
	at Module.require (module.js:498:17)
	at require (/Applications/Atom.app/Contents/Resources/app/src/native-compile-cache.js:47:27)
	at Object.<anonymous> (/Users/johngardner/Labs/Atom-Mocha/lib/main.js:6:18)
	at Object.<anonymous> (/Users/johngardner/Labs/Atom-Mocha/lib/main.js:527:3)
	at Module._compile (/Applications/Atom.app/Contents/Resources/app/src/native-compile-cache.js:87:30)
	at Object.value [as .js] (/Applications/Atom.app/Contents/Resources/app/src/compile-cache.js:234:23)
	at Module.load (module.js:488:32)
handleSetupError @ index.js:87

This is only being used to provide a no-op function, so there's no need to use new Function() when an anonymous function will suffice.

[keithamus]

Seems like a good idea. Let's get one more from @chaijs/chai to review and merge 😄

[astorije]

This is very nitpicky, but for the sake of consistency with other parts of the code, could you use function () {} instead please? Thanks 😊

[Alhadis]

@astorije I've force-pushed an amended commit.

[Alhadis]

@astorije Is there an ETA for the next release? The atom-mocha module is currently unusable in Atom at the moment, since it bundles Chai by default...

[astorije]

Sorry @Alhadis, I can't say I have been the best project owner thus far, so releases are a bit out of my reach. @keithamus, maybe you would know more? :)

[keithamus]

We currently have a mostly open release cycle. What it takes for a release is the following:

• Checkout master
• Work out if the changes since the last release are Major, Minor or Patch (currently we have Update deep-eql to the latest version 🚀 #1020, fix: added missing assert parameters in documentation #1023, Update license #1025 and Use a hardcoded no-op instead of instancing #1032 as the changes since last release, so this looks to be a patch release to me.
• Run make release-<major|minor|patch> (so in this case make release-patch)
• Compile release notes, take a look at https://github.com/chaijs/chai/releases for a feel for what conventions we have for release notes. (these notes should mention Update deep-eql to the latest version 🚀 #1020, fix: added missing assert parameters in documentation #1023, Update license #1025, Use a hardcoded no-op instead of instancing #1032)
• Raise a PR with the changes! I would expect to see the changes modify ./chai.js and ./package.json, and include a draft of the release notes.
• A maintainer will merge these, and create a new release tag, and CI will release it.

It's important to note anyone can make this PR. For example a community member released 4.1.0 (#998). We want to - generally - get the community involved in every aspect including release management if we can!

[Alhadis]

That's... a refreshingly open and welcoming attitude I've not seen before, and certainly an inviting one. 😄 Since I'm the one badgering for a release, I may as well handle the accompanying pull-request. That'll give me a version to set in a new atom-mocha release, which will in turn help me to test a myriad of potentially complicated issues with recent changes to Atom packages.

... yeah, there's a lot that's hinging on such a little change, heh. :D

[Alhadis]

I'm so sorry about the delay! 😞 I got sidetracked.

PR submitted! See #1037. Hope the release notes cover everything adequately.