Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

bump: Update mocha package to avoid vulnerability with nanoid #4603

Merged
merged 1 commit into from
Jan 16, 2024

Conversation

JhontSouth
Copy link
Collaborator

#minor

Description

This PR updates the mocha package to avoid the use of versions of nanoid lower than 3.1.31 and the Exposure of Sensitive Information to an Unauthorized Actor vulnerability.

Specific Changes

  • Updated mocha package from ^8.2.1 to ^9.2.2 in botbuilder-dialogs-adaptive-runtime and botbuilder-dialogs-adaptive-runtime-core.

Testing

The following image shows the unit tests passing after the update.
image

@JhontSouth JhontSouth requested a review from a team as a code owner January 16, 2024 13:26
@coveralls
Copy link

coveralls commented Jan 16, 2024

Pull Request Test Coverage Report for Build 7542282736

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 84.511%

Totals Coverage Status
Change from base Build 7462894606: 0.0%
Covered Lines: 20408
Relevant Lines: 22872

💛 - Coveralls

@tracyboehrer tracyboehrer merged commit f0e4793 into main Jan 16, 2024
13 checks passed
@tracyboehrer tracyboehrer deleted the southworks/update/mocha-package branch January 16, 2024 14:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants