Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update JS-YAML to address security advisory #3845

Merged
merged 1 commit into from Mar 23, 2019

Conversation

@plroebuck
Copy link
Member

commented Mar 23, 2019

Description of the Change

Updated package "js-yaml" to v3.13.0 per npm security advisory.

Versions js-yaml prior to 3.13.0 are vulnerable to Denial of Service. By parsing a carefully-crafted YAML file, the node process stalls and may exhaust system resources leading to a Denial of Service.

Alternate Designs

NA

Why should this be in core?

NA

Benefits

Improved security.

Possible Drawbacks

None to knowledge.

Applicable issues

Fixes #3842
Closes #3843 (CLA not signed)
semver-patch

@plroebuck plroebuck added this to the v6.1.0 milestone Mar 23, 2019
@plroebuck plroebuck self-assigned this Mar 23, 2019
@coveralls

This comment has been minimized.

Copy link

commented Mar 23, 2019

Coverage Status

Coverage remained the same at 91.701% when pulling c776bab on plroebuck/update-js-yaml into d1024a3 on master.

@plroebuck plroebuck merged commit 586bf78 into master Mar 23, 2019
7 checks passed
7 checks passed
continuous-integration/appveyor/branch AppVeyor build succeeded
Details
continuous-integration/appveyor/pr AppVeyor build succeeded
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details
coverage/coveralls Coverage remained the same at 91.701%
Details
deploy/netlify Deploy preview ready!
Details
licence/cla Contributor License Agreement is signed.
Details
@plroebuck plroebuck deleted the plroebuck/update-js-yaml branch Mar 23, 2019
kaypeter87 added a commit to kaypeter87/mocha that referenced this pull request Sep 12, 2019
* drop node.js v4 support

Signed-off-by: Outsider <outsideris@gmail.com>

* Update an example for browsers in docs (#3338)

* update an example for browsers in docs
* fix docs build command
* remove jquery in a browser example

Signed-off-by: Outsider <outsideris@gmail.com>

* Added a "run cycle overview" to documentation (#3455)

* run cycle overview
* adjust flow format
* add to table of contents
* code highlighting points of interest
* remove highlighting
* java code highlighting
* fix lint error
* language change. swap parse+exec for run
* use back-ticks for it + describe. uppercase title.
* invoked to executed
* add comment, make ui-generic, swap arrows
* Swap java back to js as highlighting the same

* Update ruby-ffi  (#3464)

* use latest ruby-ffi

* update all deps

* Clarify docs for watch that it watches files in the CWD (#3361)

* Clarify docs for watch that it watches files in the CWD
* s/CWD/current working directory

* fix slow test properly fot dot reporter

Signed-off-by: Outsider <outsideris@gmail.com>

* docs(lib/mocha.js): Update API documentation (#3515)

### Description of the Change

Replaced all method headers with more complete documentation, better following recommended styles. Eliminated `@api` tags, as `@access` _should_ imply same. Used `@chainable` to denote class methods returning `this` instance.

Renamed a handful of variables, but **no logic changes**!

### Alternate Designs

N/A

### Why should this be in core?

N/A

### Benefits

API documentation will be more useful if more complete.

### Possible Drawbacks

N/A

### Applicable issues

semver-patch

* Improve Contributing Docs (#3525)

* docs: improve CONTRIBUTING.md and fix/remove links

* docs: link to CONTRIBUTING.md in readme

* docs: address PR comments [skip ci]

* docs: better wording on PR review wait time [skip ci]

* level -> label (#3477)

As noted by @plroebuck `level` is not used, should be `label` instead.

https://github.com/mochajs/mocha/commit/37193a432119be643b9476f97da557a6f60b7d0f#commitcomment-30530038

* Native types exceptions can crash Mocha (#3471)

- Any non-extensible type thrown in an async callback raises an exception in
 Mocha runner, stopping tests.

* 3483: Squelch CI Growl-related spawn errors (#3517)

* ci(.travis.yml): Squelch Growl-related spawn errors

Installed binary needed for Linux desktop notification support.

* ci(appveyor.yml): Squelch Growl-related spawn errors

Installed GfW package needed for Windows desktop notification support.

Fixes #3483

* test(test/reporters/base.spec.js): Fix Base reporter test failure due to timeout

The `Base` reporter's specification verifies reporter can interpret Chai custom error messages. This
test takes ~480ms (lightly loaded CPU), which is _way_ too close to the 500ms timeout. Change
doubles this timeout.

#3524

* Update "commander" to correct display of falsy default values (#3529)

Additionally, this includes minor updates to mocha's help output (by rewording text and/or specifying default values). These were then collected into the website documentation.

* refactor(bin/options.js): Refactor and improve documentation (#3533)

* refactor(json-stream.js): Consistent output stream usage (#3532)

### Description of the Change

* Made all output directly use `process.stdout`. 
  * `process.stdout` and `console.log` take different routes to get to same place
* Corrected ctor name.
* Updated documentation.

### Alternate Designs

N/A

### Benefits

Consistency. [Don't cross the streams](https://www.youtube.com/watch?v=wyKQe_i9yyo)!

### Possible Drawbacks

N/A

### Applicable issues

Fixes #3526
Fixes #3521
semver-patch

* fix(_mocha): Update '--no-timeouts' argument description (#3546)

Previously undocumented that use of `--inspect` would disable timeouts.

Fixes #3519

* build(ESLint/Git): Ignore JSDoc output directory (#3544)

Prettier-ESLint keeps busying itself with the JSDoc output directory upon any commit, spewing hundreds of errors.
This tells both ESLint and Git to ignore the directory.

* ci(Travis/Appveyor): Update Node versions in CI matrix (#3543)

* ci(.travis.yml,appveyor.yml): Update Node versions in CI matrix

Make Node-11 the new default and drop Node-9 from matrix.

* update release instructions [ci skip]

* fix runner to emit start/end event (#3395)

Signed-off-by: Outsider <outsideris@gmail.com>

* Warn that suites cannot return a value (#3550)

* Give a `DeprecationWarning` on suite callback returning any value.
* Deprecation warning: Show a message only once; use `process.nextTick` when falling back to `console.warn`
* Add a test for `utils.deprecate`
* style: Make prettier happy
* test(deprecate.spec.js): Make PR requested changes for approval (per @boneskull)

* upgrade jekyll; closes #3548 (#3549)

* upgrade jekyll; closes #3548

see https://nvd.nist.gov/vuln/detail/CVE-2018-17567

* add .ruby-version for netlify

* Show diff in xunit

* Extract `runReporter` to capture output under tests (#3528)

While refactoring the `dot` reporter test, we created a method for capturing output from running the reporter. It proved so handy at squelching test "noise" that JeongHoon extracted it and applied it to many of the other reporters.

* update list of published files in package.json

- this will fix a problem with npm (potentially) publishing certain files
which should always be ignored; see npm/npm-packlist#14.
- also fixes issue with growl images not getting published!
- add `directories` property for metadata

PRO TIP: use `npm pack --dry-run` to see what would be included in
published tarball.

* Prevent timeout value from skirting limit check (#3536)

* fix(lib/runnable.js): Prevent timeout value from skirting limit check
   - Moved the timestring->value translation code to before the limit check.
   - Found that previous "fix" hadn't actually fixed the correct value, as the wrong upper bound value had been used (off by one error). 
   - Further research indicated that some versions of IE had problems with negative timeout values. New code clamps to nonnegative numbers ending at `INT_MAX`.
   - Updated the function documentation.

* feat(lib/utils.js): Add `clamp` function
   - New function clamps a numeric value to a given range.

* test(unit/runnable.spec.js): Updated tests for `#timeout(ms)`
   - Restructured `Runnable#timeout` tests to check both numeric/timestamp input values that:
      - less than lower limit
      - equal to lower limit
      - within limits
      - equal to upper limit
      - greater than upper limit

Closes #1652

* Make TAP reporter TAP13-capable (#3552)

* Refactored code to use `TAPProducer` objects to write output.
* Added TAP specification 13 output producer.
  * Version line
  * Errors and stacktraces inside YAML blocks
* Added TAP specification 12 output producer [default].
* Added `reporterOptions.tapVersion` to target TAP producer.
* Refactored to make use of `runner.stats`
* Refactored to use `process.stdout` stream exclusively.
* Updated to test against both specifications and incorporate work from PR #3528.
* Added integration tests for specification conformance.

* Add ability to query Mocha version programmatically (#3535)

* Added new public `version` property to `Mocha`, available in both Node and browser.
* Used `browserify` transform to prevent exposing any other package details (for security).

* Fix link in changelog (#3566)

'Nuff said...

* ms module added instead of internal ms js #3557 (#3563)

* Replace internal "./ms js" with npm "ms" module (#3557)

* ci(appveyor.yml): Fix Growl install (#3577)

Use GitHub URL for downloading GfW installer.

* ci(.travis.yml,appveyor.yml): Use current npm version in CI scripts (#3579)

The requirement for using npm-5.x was due to npm-6 dropping support for Node-4. Since Mocha now requires Node-6+, we should use the current verion of npm. This will also eliminate npm
"Unsupported Node version" warnings when run against Node-11+.

* use `--forbid-only in CI

* ensure all JS (and JSON) files are prettified pre-commit

* add script to automatically dump CLI usage into documentation

- rename `scripts/docs-update-toc.js` to reflect that it does more than just that

* remove unsupported @api tag in docstrings

* Refactor statistics (#3458)

* collect stats

* update slow description (#3466)

Update mocha doc to have more details on the "slow" configuration

* Issue/2819 - Fix / Clarify this.skip behavior in before hooks (#3225)

* Fix Issue 2819 - this.skip should skip tests in nested suites.

Side Effects:
- Fixed typo in beforeEach async pending test that was using sync fixture.
- Fixed beforeEach async pending test to reflect current behavior.

* fixup! Fix Issue 2819 - this.skip should skip tests in nested suites.

* docs: Add more details regarding suite-level skip.

* test: Update error messages in before hook integration tests.

* test: Remove timeout delays from pending tests.

* test: Consistently throw errors in pending test fixtures.

* lint-staged should ignore package.json and package-lock.json

these are formatted by npm and would otherwise cause too much churn

* --forbid-only and --forbid-pending now handle suites properly (#3578)

* fail-fast when .only encountered in Suite w/ --forbid-only
* fail-fast when .skip encountered in Suite w/ --forbid-pending
* move importing chai to the top of the file to avoid timeout

Signed-off-by: Outsider <outsideris@gmail.com>

* use markdown-magic for processing documentation

* updates to MAINTAINERS.md [ci skip]

- updated stuff about semver-* labels
- updated what qualifies as a breaking change
- updated some stuff around milestones
- and some stuff about branches

* fix(cli): Throw error if unable to parse Mocha options file

Code now throws an error for any problems (except nonexistent default "test/mocha.opts"). Includes
tests.

Fixes #3363 Fixes #2576

* use yargs for option parsing and support config files

- `-d` is no longer an alias for `--debug`
- `--grep` and `--fgrep` are now mutually exclusive
- The option formerly known as `--compilers` is now removed from Mocha
- `lib/template.html` moved to `lib/browser/template.html`
- An error is thrown if a path to `mocha.opts` is specified by the user and the file was not found

- `-gc` users should use `--gc-global`

- Public API method `getOptions()` in `bin/options.js` is deprecated and currently has no alternative
- Users of the `enableTimeouts` option of the `Mocha` constructor should use `timeout` instead.  Specify `false` for no timeout
- Users of the `useColors` option of the `Mocha` constructor should use `color` instead

- Mocha now supports JS, JSON, YAML, or `package.json`-based config.
- Any/all configuration, including `mocha.opts` can be used in addition to command-line arguments, and everything will be merged as applicable
- Node/V8 flag support:
  - Support of all available `node` flags on a *per-version* basis
  - Support of any V8 flag by prepending `--v8-` to the option
  - These are supported within `mocha.opts` or config files
- More flexible command-line parsing including negation of any boolean flag by prepending `--no-` to the name
- Better `--help`
- Descriptions of interfaces in `--help` text
- A useful `Mocha` constructor
- Debug-related flags (e.g., `--inspect`) now *imply* `--no-timeouts`

- Many bug fixes around CLI option handling, e.g., closes #3475
- Fixes #3363, #2576, #3570
- `--no-timeouts` works

- Added new, updated, or rewrote documentation for all non-self-explanatory options
- Updated usage text, TOC
- Added section on configuration
- Added example configuration files in `example/config/`

- Updated many dev deps, mostly within existing semver ranges
- Removed `commander`
- Added production deps:
  - ansi-colors - color terminal output
  - findup-sync - find package.json and other config files
  - js-yaml - parse YAML
  - log-symbols - visual symbols for success/fail etc.
  - node-environment-flags - per-version allowed Node.js env flags
  - object.assign - for IE11
  - strip-json-comments - allow comments in JSON config files
  - wide-align - terminal formatting
  - yargs - option parser
  - yargs-parser - for compatible, lightweight parsing of config files
  - yargs-unparser - for passing config to `bin/_mocha` from `bin/mocha`

* backout 02294a3 (via #3362); closes #3569

* make isPromise support null as a parameter (#3518)

* fix broken docs

- strip ansi stuff
- fix old content terminator

* use @mocha/contributors; closes #3606

* update assetgraph-builder to latest (#3594)

* netlify-headers: Skip unloaded assets when extracting headers

* update assetgraph-builder to latest

* update svgo

* fix postbuild script

* screw it, we're going right to a 10s timeout

Signed-off-by: Christopher Hiller <boneskull@boneskull.com>

* update assetgraph-builder to latest (#3611)

Signed-off-by: Outsider <outsideris@gmail.com>

* update info in docs/README.md [ci skip]

* fix typo in docs/README.md [ci skip]

* make lib/stats-collector a private API

* modified SIGINT handling #3570 (#3602)

* Updated SIGINT handler based on comment from #3570

Signed-off-by: jayasankar <jayasankar.m@gmail.com>

* adding a "retry" event for a test that fails but can be retried; closes #2529 (#3408)

Continuation of #2926.  

Addresses issue #2529 by allowing reporters to take action on tests that have failed but can be retried

* fix wording in enableTimeouts deprecation msg [ci skip]

Signed-off-by: Christopher Hiller <boneskull@boneskull.com>

* remove SIGINT handler for single runs; see #3570

* Dont count xunit failures as errors

* upgrade eslint & its ilk

- also upgrade `lint-staged`, because it's broken for some reason
- reformat
- lint
- remove `prettier-eslint-cli`
- update formatting command to handle JSON & YAML files via prettier,
  and eslint for everything else
- update `.lintstagedrc` to deal as well

test file changes are related to deprecations of various `assert` methods

* upgrade yargs, husky, nyc, markdownlint-cli

also use exact `yargs-unparser` version

* update ansi-colors, debug, glob, he, supports-color, through2

* avoid global timers by way of ESLint; closes #3342 (#3374)

- Remove unused variables to avoid problems with #237 (and their associated inline ESLint directives)
- Use existing ESLint rules (`no-restricted-globals`, `no-restricted-modules` and `no-restricted-syntax`) to disallow global timer access.
- Removed "poison pill" tests in `test/unit/runnable.spec.js`.

For those rules, our config applies only to `bin/*` and `lib/**/*.js`.

- `no-restricted-globals`: Disallow bare references (including calls) to timers like `setTimeout`.
- `no-restricted-modules`: Disallow use of Node.js' `timers` module to get around the above restriction.
- `no-restricted-syntax`: 
  - Disallow calls of `global.setTimeout` and other timers
  - Disallow `new global.Date()`
  - Disallow any expressions involving `global.Date.*`, `global.setTimeout.*` and other timers

- add more files to markdown linting
- reorg tests, remove `fs` test from jsapi tests

* Behavior of after/afterEach hooks with --bail flag (#3617)

* runner.js: delete second end emit

* tests

* documentation

* runner.js

* tests: corrections

closes #3398, closes #3598, closes #3457, closes #3617

* Fix spelling (#3635)

Changed spelling to "truthy"

* Growl: Web notifications & Desktop prerequisite software check (#3542)

Added (minorly brittle) means to verify prerequisite software
is installed. Migrated Growl support code to its own file. This
implementation's checks are required to enable Growl; failure
will write notice to `stderr`. Other modifications based on
discussion from Chad Rickman's PR #3311. This also checks for
errors from Growl callback.

Provided browser notification support as well for modern browsers
by replacing the existing noop stub with an implementation for web
notifications via the Mocha `growl` pseudo-reporter (when run in browser).

Updated user guide and wiki for desktop notification support.

Fixes #3111

Signed-off-by: Paul Roebuck <plroebuck@users.noreply.github.com>

* upgrade supports-color; closes #1304 (#3633)

Signed-off-by: Christopher Hiller <boneskull@boneskull.com>

* Fix an error when fn===undefined (#3580)

* Fix an error when fn===undefined

This change fixes an error that occurs when reporter is 'xunit' and run is called without callback: " /rbd/pnpm-volume/a49b9a7c-c3f0-42ba-ae66-612ead86e96c/node_modules/.registry.npmjs.org/mocha/5.2.0/node_modules/mocha/lib/reporters/xunit.js:126
 fn(failures);  ^
TypeError: fn is not a function "

* Add test `.reporter("xunit").run(fn)`

This test has `try catch` block to catch an error if it occurs and write it to the console.

* formatting

* Update mocha.spec.js

* rename "forbid" fixture files to have proper extension; closes #3636

- made fixture helper smart
- support empty args in run helpers

Signed-off-by: Christopher Hiller <boneskull@boneskull.com>

* add more tests for utils.deprecate (#3628)

* ensure coverage data not cached between execution calls to npm test

* wallaby: disable debug mode in and ignore lib/browser/ [ci skip]

* refactor utils.deprecate and add tests to get coverage up

- `utils.deprecate()` needs a non-empty message
- it no longer shims `process.emitWarning`, since we dropped Node v4 support
- added tests because coverage

* use userland which; closes #3639

- refactor to use modern JS in `lib/growl.js`; update ESLint rules accordingly

Signed-off-by: Christopher Hiller <boneskull@boneskull.com>

* Added custom error objects including code (#3467)

* add MochaError and use

add missing E

add codes to docs

how to add new error

E_ to ERR_

typo fix

fix failing test

typo fix

* single custom object to multiple custom objects

remove generic MochaError

Use instance over code

lint fix

lint fix

update references to suffix Error

mocfix rebase

* Remove custom errors, use factories

Signed-off-by: Craig Taub <craigtaub@gmail.com>

module name Errors

remove superfluous error type.

* add another reporter error

* errors unit test

* cleanup documentation

* camelCase factories. Use props on errors. Use TypeError

* test case use code

* use TypeError for type issues

* add full documentation. update error names

* use code and message for reporter check

* add error handling unit test for mocha

* CLI to throw invalidArgumentValue error

* add data type for MissingArgument error

* updated suite test

* use const for cli's errors

* follow jsdoc for optional params

* update CHANGELOG for v6.0.0-0

- add linkifier script
- `package-lock.json` updates
- use exact version of `supports-color`

* fix CHANGELOG issue number and attribution [ci skip]

Signed-off-by: Christopher Hiller <boneskull@boneskull.com>

* fix use of String.prototype.includes

* Release v6.0.0-0

* add link to docs for v6.0.0-0 release [ci skip]

Signed-off-by: Christopher Hiller <boneskull@boneskull.com>

* fix missing mocharc.json in published package; see #3556

Signed-off-by: Christopher Hiller <boneskull@boneskull.com>

* update CHANGELOG for v6.0.0-1 [ci skip]

Signed-off-by: Christopher Hiller <boneskull@boneskull.com>

* Release v6.0.0-1

* Fixed wrong use of to throw that will fail with unexpected v11

I was testing Mocha's compatibility with the upcoming version of Unexpected. For
that version we remove support for satisfy against a function as that has
confused people. I found one test that will fail with the next version as it was
using to throw to satisfy against an error. This test will actually just call
TypeError with the throw error, so it wont really check anything. This PR fixes
the test to assert that the throw error is a TypeError.

* remove teamcity reporter warning (#3634)

* Description meta tag

* Fix message if no files found (#3650)

* error and exit, dont warn

* return after error dont exit yet

* remove superflous message

* update glob tests

* update message

* use errors only if no tests found

* dont use error symbol.

* Add test for Runner event order (#3642)

* runner: basic events test

* tests basic, bail, retries

* delete first test

* Update documentation concerning fs.readdir (#3657)

No order is implied via fs.readdir(). Different OS/filesystem combinations can give different results via readdir(3) which returns directory entries in traversal order (e.g., on macOS, HFS+ uses lexical order and APFS uses filename hash order).

* mega-upgrade of .gitignore [ci skip]

* fix WallabyJS config [ci skip]

Signed-off-by: Christopher Hiller <boneskull@boneskull.com>

* remove invalid comment; see #1962

Signed-off-by: Christopher Hiller <boneskull@boneskull.com>

* Set "root" property on Suite correctly (#3632)

* suite constructor

* tests

* suite.js corrections and new tests

* fix tests & formatting on windows; closes #3643

* Fix couple errors missing codes (#3666)

### Requirements

* Filling out the template is required. Any pull request that does not include enough information to be reviewed in a timely manner may be closed at the maintainers' discretion.
* All new code requires tests to ensure against regressions.

### Description of the Change

#3656 added a couple utils for setting `code` on errors. I fixed a couple here and wanted to make sure I was on the right track before making more changes.

### Alternate Designs

N/A

### Why should this be in core?

Codes help identify errors as mocha errors at a glance without using custom error types, and better DX is always good.

### Benefits

:point_up: 

### Possible Drawbacks

None that I can see

### Applicable issues

#3656, #3125. semver-patch

* test(integration/reporters.spec.js): Add test for TAP when given invalid reporter option

Added test for invalid reporter option for `tapVersion`.

* Replace Jekyll with Eleventy (#3652)

* Add eleventy as a static site generator

* Code syntax highlighting, header anchors and fix fragment id links

* Disable line breaks in paragraphs

* Make date in footer work

* Remove jekyll completely and describe how to use eleventy

* Include missing favicon

* Unify heading fragment identifier slug generation

* Eliminate default layout partials

* Autoformat style.css

* Remove left over jekyll config

* Rework build pipeline to speed things up

* Fixed broken fragment identifier link in docs

* Add .js extension dotfiles to linting setup. Addresses https://github.com/mochajs/mocha/pull/3652#discussion_r245390157

* Performance improvements. Prefetch google analytics and lazyload images

* Performance improvements. Preload opencollective fallback avatar

* Update docs/api/index.html

Co-Authored-By: Munter <munter@fumle.dk>

* Correct docs readme

* Fix wrong syntax in Strict-Transport-Security header and added Referrrer-Policy header

* Add image type to ppreload of opencollective fallback avatar

* Stop preloading tracking scripts. They mess with the loading order and slow page rendering down

* Fix messages for file lookup issues - error scenario (#3654); see #3646

Scenario where multiple files (all) are not found only show a single message.
I feel its useful for debugging to keep the message if only 1 file is not found. Happy to remove if others don't agree.

No changes where at least 1 is found (still prints msg).

See PR https://github.com/mochajs/mocha/pull/3650 for full details

## Scenarios

### Nothing given
Command: `mocha`
Output:
```
Error: No test files found: "test/"
```

### Nothing found
Command: `mocha -R json-stream --no-config "test/integration/fixtures/glob/**/*-none.js"`
Output:
```
Error: No test files found: "test/integration/fixtures/glob/**/*-none.js"
```

### Multiple not found
Command: `mocha -R json-stream --no-config "test/integration/fixtures/glob/**/*-none.js" "test/integration/fixtures/glob/**/*-none-again.js"`
New output
```
Error: No test files found
```
Previous output
```
Error: Cannot find any files matching pattern "test/integration/fixtures/glob/**/*-none.js"
Error: Cannot find any files matching pattern "test/integration/fixtures/glob/**/*-none-again.js"
```

## Applicable issues
(semver-patch)

* pin default Node.js version to v11.6.0 in .travis.yml

see https://github.com/istanbuljs/nyc/issues/973

Signed-off-by: Christopher Hiller <boneskull@boneskull.com>

* do not recursively call `process.exit()` (#3684)

* do not recursively call `process.exit()`

When inside `process.on('exit')`, calling `process.exit()`
stops other `exit` event listeners from being invoked.

This has lead to issues with coverage generation with `nyc`
because a fallback exit detection mechanism in it that relies
on internal Node.js APIs was accidentally disabled in Node v11.7.0,
leaving `nyc` with no way to detect process exit.

Refs: https://github.com/nodejs/node/issues/25650

* Revert "pin default Node.js version to v11.6.0 in .travis.yml"

This reverts commit 1abfef606d7a72c2f73c06805d6c11211315486b.

* modify suite retval warning to be more useful

* fix bug I should not have pushed by pushing a fix

* fix broken suite integration test

* Reorder cmdline options top-level test suites lexically (#3674)

* refactor(integration/options.spec.js): Reorder top-level test suites lexically

Reordered each cmdline option's test suite alphabetically. No code changes.

* test(integration/options): Break out tests into option-specific spec files

Made individual spec files for various options from the original.

* test(options/opts.spec.js): Fix issue on Windows [skip travis]

Removed cwd setting as (hopefully) unneeded since the test deals with generating error from
nonexistent file.

* test(options/help.spec.js): Windows bughunt [skip travis][skip netlify]

* test(options/help.spec.js): Fix spawnOpts cwd

Must use platform-specific `path.join` for `spawnOpts.cwd`, or it fails on Windows.

* test: Modify describe titles for consistency

Updated a couple suite descriptions for consistency.

* Avoid the 'was called with' assertion

It has been deprecated for two years and will soon display
warnings or even be removed.

https://github.com/unexpectedjs/unexpected-sinon/issues/32

* ensure all CLI options have an assigned type; closes #3683

* ensure invalid arguments are not ignored when using bin/mocha; closes #3687

Signed-off-by: Christopher Hiller <boneskull@boneskull.com>

* update CONTRIBUTING.md; closes issue/3624

Signed-off-by: Christopher Hiller <boneskull@boneskull.com>

* Fix Hook Test Names (#3573); closes #1638, closes #3291, closes #2134

### Description of bug
Mocha shows an incorrect test-title if a nested `before` hook fails. For `after` hooks the second part of the message is completely missing.
```js
describe('Top-level describe', () => {
  it('Top-level it', () => { });       // the failing before-hook is pointing to this test
  describe('Nested describe', () => {
    before(() => {
      throw new Error();
    });
    it('Nested it', () => { });        // but it should point to this test
  });
});
```
```
Top-level describe
    ✓ Top-level it
    Nested describe
      1) "before all" hook for "Top-level it"       <<<incorrect
```
Root problem: see [#1638](https://github.com/mochajs/mocha/issues/1638). `hook.ctx.currentTest` is set incorrectly in the hook before emitting the hook event:
- `before` hook: currentTest is undefined or points to the outer test already past successfully.
The runner hasn't reached the next test to come yet, so it's too early to derive currentTest from the runner. Instead the first test of hook's parent is used.
- `after` hook: currentTest is undefined.
The runner has already completed the latest test and runner.currentTest is deleted. Instead the last test of hook's parent is used.

### Description of the Change
#### 1. Setting currentTest correctly
- `before` hook: hook.ctx.currentTest is set to the first test of the parent suite
- `after hook`: hook.ctx.currentTest is set to the last test of the parent suite
- for nested suites just the current suite is searched for tests to come. When no tests can be found, currentTest remains undefined.

#### 2. Creating title in hook failure message
A correct `hook.ctx.currentTest` renders a correct title. 
When no currentTest can be found, the title of the parent suite is used for the hook failure message.

### Alternate Designs
PR [#3333](https://github.com/mochajs/mocha/pull/3333)

### Benefits

This is a rather old bug back to 2015.

### Applicable issues
closes [#1638](https://github.com/mochajs/mocha/issues/1638)
closes [#3291](https://github.com/mochajs/mocha/issues/3291)
closes [#2134](https://github.com/mochajs/mocha/issues/2134)

**EDITED by @boneskull**: added js syntax highlighting, comments

* ensure --debug becomes --inspect; closes #3697 (#3698)

* ensure --debug becomes --inspect; closes #3697

- add some handiness to the integration test helpers
- update docstrings in integration test helpers

* add some warnings around debug/inspect usage

- add `utils.warn()` for a generic non-deprecation warning

* show total test cases correctly in growl

Signed-off-by: Outsider <outsideris@gmail.com>

* Fix regexp in utils.stackTraceFilter to prevent ReDoS #3416 (#3686)

When the stacktrace begins with a large `Error.message` (single or multi line), Mocha's stack prettifier method (enabled by default) takes a long time to finish due to its regular expression. Certain assertions (e.g., `contains`, `deeplyEqual`) against large objects can trigger this problem.
This PR alters the RegExp to skip over the error message portion of the stacktrace.

* remove Google Analytics from site; closes #3349

Signed-off-by: Christopher Hiller <boneskull@boneskull.com>

* test(unit/runner.spec.js): Minor tweeks related to #3686 (#3704)

* Refactored portions of tests for increased clarity.
* Updated code to run all stacktrace tests on Windows (previously skipped).
* Updated/replaced logic for generation of overlong messages used in filter tests.

* update usage info in docs [ci skip]

* Eliminated variable shadowing from test event listeners (runner.spec.js) (#3712)

Made consistent that all listener function arguments were distinct from the variables being passed from emitters. Added some additional assertions.

* refactor: use constants for event names instead of string literals

- also a few other string literals got replaced, but not error messages nor codes
- supporting refactors:
  - move the suite "GC" function into the `Suite` prototype
  - move stats collector init to `Mocha#run` due to circular reference with `Runner`
  - rename a couple fixture files lacking proper extension
  - rename variable in integration test helpers
  - add `utils.createMap()` and `utils.defineConstants()`
  - add `test/integration/fixtures` to `.eslintignore` so no fixture linting occurs whatsoever
  - consolidated use of `object.assign` polyfill into `utils` module
  - some docstring fixes/consistency
  - adds `EVENT_DELAY_END` emitted from `Runner` for reporter use
- specifically did NOT refactor event names from Node.js incl. `error` and `uncaughtException`
- add custom reporter tutorial to API documentation
    - automatically injects reporter example into tutorial via `markdown-magic`
    - add `docs.preprocess.api` script
    - add JSDoc configuration to support tutorials
    - sort JSDoc config object because fussy
- fix broken custom assertion

* fix --inspect and its ilk; closes #3681 (#3699)

This seems to make `--inspect` work properly with or without a parameter (`--inspect=0.0.0.0:12345`).  The `=` is required, as it's required by `node`.

In v6 of Node, `--debug --port=12345` should also work as expected.

Due to ignorance, skip Windows for now

* Revert 00ca06b0e957ec4f067268c98053782ac5dcb69f; closes #3414 (#3715)

- Updates events test to match correct event order
- Add test for retries-and-bail case
- Split `--invert` test case into its own file

* add createInvalidArgumentError(); see #3676 (#3677)

- updated error code table in docs
  - all other changes in docs are from prettier
- updated `--compilers` test
- rename "not supported" error to "unsupported" error
- rename "undefined error" error to "invalid exception" error
- remove "invalid argument" factory; use "unsupported" factory
- doc fixes
- move `utils.getError` to `Runnable.getError`, since it's only used there
- remove `utils.undefinedError`; use `createInvalidExceptionError` instead.
- add more `Runner` coverage for Coveralls
- add my `unexpected-eventemitter` plugin, which helps test `EventEmitter` behavior
- fix coverage problems

* add all changes since v6.0.0-1 to CHANGELOG.md [ci skip]

Signed-off-by: Christopher Hiller <boneskull@boneskull.com>

* add missing user reference in CHANGELOG.md [ci skip]

Signed-off-by: Christopher Hiller <boneskull@boneskull.com>

* Refactor checkGlobals() error message creation (#3711)

* Added sQuote() and dQuote() functions for quoting text inline
* Added ngettext() function for message translation for dealing with plurality
* Refactored portions of code to use the aforementioned functions
* Various fixes to tests

* fix --reporter-option to allow comma-separated options; closes #3706

Signed-off-by: Christopher Hiller <boneskull@boneskull.com>

* Refactor `lookupFiles` and `files` (#3722)

* Extract `lookupFile` conditions into functions.
* Rename functions/variables to match intent; various scope reductions
* Ordered requires (node->third party->project).
* Add/Correct JSDoc for various functions.
* Replaced `hasMatchingExtname` implementation, providing ~3.5x speedup.

* update release steps [ci skip]

Signed-off-by: Christopher Hiller <boneskull@boneskull.com>

* Add ability to unload files from `require` cache (redux) (#3726)

* Implemented `Mocha.unloadFile` and `Mocha#unloadFiles`.
* Added feature tests, as well as ones for `Mocha#addFiles` and `Mocha#loadFiles`.
* Beefed up some unrelated "mocha.js" tests, adding missing chainability tests.

* Refactor out usages of Suite#_onlyTests and Suite#_onlyTests (#3689) (#3707)

* Refactor out usages of Suite#_onlyTests and Suite#_onlyTests (#3689)

* Mark new Suite methods as private

* Make hasOnly() and filterOnly() consistently return boolean

* Add test coverage for Suite#hasOnly() and Suite#filterOnly()

* Refactor tests re: code review comments

* Update nyc

* Documentation updates (#3728)

* Replaced inline URLs with cross-references.
* Updated HTML examples
* Replaced '--' with em-dashes
* Removed incorrect error code
* Added additional text concerning globbing
* Removed part of testing section concerning using different reporter (which didn't work)

* Remove unnecessary post-processing code having no effect; closes #3708 (#3733)

The post-processing code `split('\n').join('\n')` does not change nor check anything

* Fix `.globals` to remove falsy values (#3737)

* Removed falsy values from `.globals` using filter for "undefined"/empty string values.
* Added tests for `.globals`
* Reordered "mocha.spec.js" option tests lexically
* Changed `describe` titles from `.method` to `#method` for Mocha prototypes.
* Renamed suite title 'error handling' as '#reporter()'
* Reparented '#reporter("xunit")#run(fn)' test suite inside '#run()' test suite.

* Uppercased JSON reporter name in `describe` title (#3739)

'Nuff said.

* remove "projects" section from MAINTAINERS.md [ci skip]

* update changelog for v6.0.0

* grammar updates for changelog v6.0.0

* punctuation updates for changelog v6.0.0

* Release v6.0.0

* Bring the example congfiguration file in line with the documentation. (#3751)

* Rename mocharc.js to .mocharc.js

* Rename mocharc.json to .mocharc.json

* Rename mocharc.yml to .mocharc.yml

* fix(cli/run.js): Revert default glob to match Mocha-5.2

The old glob 'test' would allow 'test.js' to be used by default (rather than requiring file be
placed inside "test" directory.

Fixes #3750

* dev dep upgrades from "npm audit" and "npm upgrade"

* fix --ui issues, closes #3746

move all ui-related tests into `test/integration/options/ui.spec.js`

* Upgrade docdash version - issue #3663

* fix --watch not finding any files to execute; closes #3748

* backout deprecation of value returned from suite; closes #3744

Signed-off-by: Christopher Hiller <boneskull@boneskull.com>

* update CHANGELOG.md for v6.0.1

Signed-off-by: Christopher Hiller <boneskull@boneskull.com>

* Release v6.0.1

* improve issue template. (#3411)

* improve issue template.
* add api documentation
* add MCVE guide
* enhance bug report template
* apply feedback

Signed-off-by: Outsider <outsideris@gmail.com>

* Update "karma-browserify" to eliminate Karma middleware warning (#3762)

* fix handling of bareword args matching node flags; closes #3761

* fix broken positional arguments in config; ensure positional args are unique; closes #3763

Signed-off-by: Christopher Hiller <boneskull@boneskull.com>

* update CHANGELOG for v6.0.2 [ci skip]

Signed-off-by: Christopher Hiller <boneskull@boneskull.com>

* Release v6.0.2

* autoformat markdown with prettier; closes #3773

Signed-off-by: Christopher Hiller <boneskull@boneskull.com>

* Make optional 'options' parameter standard for all reporter constructors (#3766)

* Add support for configuration files with ".jsonc" extension (#3760); closes #3753

* Allow passing multiple node flags, closes #3787 (#3788)

Fixes support for multiple node flags

* Use HTML5 syntax for charset declaration (#3809)

* Update devDependencies.

The semver compliant ones, i.e. no major version bump.

This fixes 68 vulnerabilities (93 -> 25).

* Fix this.skip() async calls (#3745)

- eat `Pending` errors bubbling up to uncaught handler, as intended
- fix cheating tests

* Completed website HTML tweaks (#3807)

* removed shortcut from favicon, added external tag to hrefs and tweaked logo

* made fixes outlined in PR review

* changed footer span to footer div

* refactor(css/style.css): Put CSS properties in lexical order

**No changes - just alphabetized**

* style(css/style.css): Add description list declarations

Use for "Last updated" redo

* docs(_includes/default.html): Fix missing page title

* docs(_includes/default.html): Fixed URLs in footer

Updated protocol on one, added trailing slash on the other

* docs(docs): Remove unneeded div from footer

* style(_includes/default.html): Reformatted CC license anchor tag

* docs(_includes/default.html): Change to description list for last modified information

Placed last modified in time tag, in both machine and human readable formats.

* docs(docs): Revert removal of footer div tag

Put it back to match look of existing site

* set allowUncaught on hooks (#3669); closes #2302

* set allowUncaught on hooks

* add test: hooks swallow uncaught exceptions

* PR feedback

* Add autoprefixer to documentation page CSS

* update yargs; closes #3742

* MarkdownMagic script updates (#3815)

* Quote `child_process.execSync` executable to allow for embedded spaces in pathname.

* guard against undefined timeout option in constructor; closes #3813

Signed-off-by: Christopher Hiller <boneskull@boneskull.com>

* Upgrade yargs-parser dependency to avoid loading 2 copies of yargs

* update package-lock

* Remove "package" flag from sample config file because it can only be passes as CLI arg (#3793)

* Replace findup-sync with find-up for faster startup (#3830)

* Replace findup-sync with find-up, hopefully to increase startup performance

* update package-lock.json

* runner.js: "self.test" undefined in Browser (#3835)

* Delete "/docs/example/chai.js"

Removed old [chai-1.0.4](https://github.com/chaijs/chai/blob/40b0eb2268702314cb7577fc1b3c8676a955b23e/chai.js) (released 2012-06-03) from our repository.

* Update doc examples "tests.html" (#3811)

* Converted URLs to reference current package releases

* Update JS-YAML to address security issue (#3845)

https://nodesecurity.io/advisories/788

* Fix issue 3714, hide pound icon showing on hover header on docs page (#3850)

* Copy Suite property "root" when cloning; closes #3847 (#3848)

* Deprecate this.skip() for "after all" hooks (#3719)

Print a DeprecationWarning when `this.skip()` is used in `after` hooks.

* upgrade deps as per npm audit fix; closes #3854

* Use cwd-relative pathname to load config file (#3829)

* update CHANGELOG for v6.1.0 [ci skip]

* Release v6.1.0

* Set eol for publishing

* update CHANGELOG for v6.1.1 [ci skip]

* Release v6.1.1

* update CHANGELOG for v6.1.2

Signed-off-by: Christopher Hiller <boneskull@boneskull.com>

* Release v6.1.2

* Fix yargs global pollution

Yargs exports a global singleton by default. Using it directly will
most likely break testing apps using yargs themselves.

* Do not pass argv twice

* upgrade node-environment-flags; closes #3868

* update CHANGELOG for v6.1.3 [ci skip]

Signed-off-by: Christopher Hiller <boneskull@boneskull.com>

* Release v6.1.3

* Update js-yaml from 3.13.0 to 3.13.1 (#3877)

* update CHANGELOG.md for v6.1.4 [ci skip]

Signed-off-by: Christopher Hiller <boneskull@boneskull.com>

* Release v6.1.4

* Remove noise output from JSON reporter test (#3881)

* fixed anchors to configuration section (#3841)

* Broken links in docs

* Use sinon sandbox for reporter tests (#3888)

* test(test/reporters): Rework reporter tests

Reworked stubs to use sinon. Added logic to (hopefully) rethrow errors when stdout stubbed. Now uses
event constants. Various mods for consistency. Now green across the board.

* Revert "test(test/reporters): Rework reporter tests"

This reverts commit f6b8e898526c908294010ccc31a3ce800c426498.

* Adds doc links for mocha-examples (#3889)

* add links

* link tidy

* Fix parsing of config files with "_mocha" (#3894)

* Rework reporter tests (#3892)

Reworked stubs to use "sinon" package. Added logic to (hopefully) rethrow errors when stdout stubbed. Tests now use event constants. Noise reduction. Various mods for consistency. Now green across the board.

* various doc-related fixes (#3790)

- ensure `.html` gets hit by prettier
- fix order in which docs are generated; let assetgraph process API docs
- some auto-generated content in `docs/index.md` updated

* rename "exclude" to "ignore" and create alias; closes #3871 (#3872)

* fix extension handling; closes #3808

* use yargs-parser options.default

utils.js: fix lookupFiles()

* preserve-symlinks{-main} flags (#3900)

Update unit test for Node-12 compatibility.

* Document option to define custom report name for XUnit reporter (#3906)

* chore: upgrade (most) depedencies to latest  (#3903)

* chore: upgrade several depedencies to latest
only major is diff@4, which doesn't seem to break mocha's use.

* chore: upgrade all devDeps to latest stable
replaced coffee-script with coffeescript (fixes deprecation notice)
and regenerate package-lock.json

* Another round of upgrades
now using debug@4, which still supports node@6

* Revert "chore: upgrade (most) depedencies to latest  (#3903)" (#3918)

This reverts commit 8ce447181f0c6e1312a4d4f1f1c2f3e64e4f30cc.

* fix timeout/slow string values and duplicate arguments

* coerce function for boolean/string/number types

* Fix regression/bug in "lookupFiles()" (#3905)

* Extend tests for `--watch` options

This commit adds two test cases to test the `--watch` option. We check
that touching a test file reruns the tests and we test that touching a
file that has a correct extensions reruns the test.

This commit adds `fs-extra` as a new dev dependency.

* Extract `runWatch` into separate module (#3930)

Also remove default values from `runWatch` they are already set by
`runMocha`.

* Add mocha.min.js file to stacktrace filter (#3922)

* ugprades for npm audit

* modify Mocha constructor to accept options.global or options.globals (#3914)

* consume options.global or options.globals in the constructor. filter unique values

* added tests for options.global and options.globals

* fixed API doc link

* do not fork if no node flags present (#3827)

* do not fork if no node flags present

* peer review changes, also ensure `lib/cli/cli.js` is executable

* update @mocha/docdash to v2.1.1 (#3945)

* Update CI config files to use Node-12.x (#3919)

* ci(.travis.yml): Update Travis config to use Node-12

Downgrade to Node-10 for browser tests so we can use the pre-built canvas package.

* ci(appveyor.yml): Update AppVeyor config to use Node-12

Future-proof install for Node versions to use alternative Node update method if pre-installed version unavailable.

* More, improved integration tests for watching (#3929)

To extend the test coverage for mocha in watch mode we add the following
two tests:
* Check that test files are reloaded
* Check that watched dependencies are reloaded

To support this change we consolidate `runMochaJSONWatchAsync`,
`runMochaJSONRawAsync`, and repeated code in tests into `runMochaWatch`.
We introduce `invokeMochaAsync` in `test/integration/helpers` as an
async alternative to `invokeMocha`.

We also eliminate the test for the cursor control character in the
output. Its usefulness is dubious as it relies on an implementation
detail and the other tests cover the intended behavior.

We are also more explicit which test fixtures are used. Instead of
setting `this.testFile` in a `beforeEach` hook we do this explicitly for
the tests that require it. This prevents interference in tests that do
not use the file.

* update @mocha/contributors to v1.0.4 (#3944)

* Base reporter store ref to console.log (#3725)

* add console.log ref

* inherit println

* unit test change

* use static property and fix test

* fix base test

* rename consoleLog

* test include Base.consoleLog check

* linter rule so reporters dont console.log

* use hooks for stubs with base test

* restore stub dont callThrough

* fix test + rebase

* fix faulty rebase. Removed printLn

* remove superfluous base

* Collect test files later (#3953)

This commit prepares improvements to the watch mode behavior. In the future
we want Mocha in watch mode to pick up new test files. This requires
that the test files are collected inside `watchRun` instead of before.

To accomplish this change we rename `handleFiles` to `collectFiles` and
move it to its own module. Instead of calling `collectFiles` in
`lib/cli/run` and passing the files on to `watchRun` or `singleRun` we
pass down the file collection parameters through `runMocha` and call
`collectFiles` in both `watchRun` and `singleRun`.

* Fix No Files error when file is passed via --files (#3942)

Fixes #3941

* Don't re-initialize grep option on watch re-run (#3960)

We remove code that called `mocha.grep(null)` on watch re-runs if the
`--grep` option was not supplied. The code seems to serve no purpose and
is the cause of #2027.

* Hide stacktrace when cli args are missing (#3963)

* hide stacktrace when cli args is missing

Signed-off-by: Outsider <outsideris@gmail.com>

* Update lib/cli/options.js

Co-Authored-By: David da Silva <dasilvacontin@gmail.com>

* remove unused lines

Signed-off-by: Outsider <outsideris@gmail.com>

* fix: do not redeclare variable (#3956)

* fix: remove duplicate line-height property (#3957)

* update CHANGELOG.md for v6.2.0 [ci skip]

* Release v6.2.0

* Remove jsdoc index.html placeholder from eleventy file structure and fix broken link in jsdoc tutorial (#3966)

* tty.getWindowSize is not a function inside a "worker_threads" worker (#3955)

Use "isTTY" instead of tty.isatty(fd)

* fix style on mochajs.org (#3886)

Signed-off-by: Outsider <outsideris@gmail.com>

* Add Matomo to website (#3765)

* Added Matomo to index.md

* Fixed

* Deleted <p>

* Deleted center tag and added style css

* Requested changes done

* Changed Matomo logo to another file

* Changing css and adding aside to html

* Fixed height and width

* Fixed identations

* Deleted footer logo

* Requested changes done

* Last changes

* Trim and eresize matomo image

* Remove resizing, it increased image weight

* Retain matomo image aspect ratio

* Clarify effect of .skip() (#3947)

The fact that code inside of a skipped suite is executed, is potentially
counter-intuitive.  By using alternative phrasing, we make it clear how
mocha handles code in skipped suites.

Closes #3932

* Remove extraGlobals() (#3970)

support of Node v0.9.11 has been dropped years ago.

* Drop node.js v6 support (#3885)

* Add prefix `list-` to --interfaces and --reporters options (#3962)

* Travis: don't run Smoke with Node v6 (#3981)

* Update yargs-unparser to v1.6.0 (#3984)

* Fix hook pattern of this.skip() in it() tests (#3859)

* treat '--require esm' as Node option (#3983)

* Update yargs to v13.3.0 (#3986)

Update yargs-parser to v13.1.1

* Remove deprecated "getOptions()" and "lib/cli/options.js" (#3967)

* Add link checking to docs build step (#3972)

* Add link checking to docs build step

* Update hyperlink to 4.3.0

* Update @mocha/docdash to 2.1.2

* Fix internal broken fragment links from jsdoc comments to front page

* Mark source code line fragment link checks as TODO. They are runtime JS generated and can't be found by hyperlink

* Document reporters.Base.prototype.epilogue as a member of the right thing, thus not breaking docs links

* Update to hyperlink 4.3.1

* Update to jsdoc 3.6.3

* experiment: add acorn 7 as dev dependency to attempt to fix broken build

* Fix broken links from tutorial. Use jsdoc link functionality instead of guessign url's

* Make hyperlink skipfilter argument windows compatible

* Soft deprecate configuration via "mocha.opts" (#3968)

* Adopt the OpenJSF Code of Conduct (#3971)

* OJSF coc

* update email

* Deprecate "debug" and remove "--debug" / "--debug-brk" flags (#3890)

* Improved watching with chokidar (#3980)

Improved watching with chokidar.
This change improves the file watching behavior and fixes #3912.

* We introduce the `--watch-files` command line option. This option
  allows control over which files are and is separate and more powerful
  than `--extension`. Fixes #2702.
* We introduce the `--watch-ignore` command line option that allows
  control over which files are not watched. Before this was hardcoded to
  `node_modules` and `.git`. See #2554.
* The `chokidar` package now handles file watching.
* New test files are picked up by the file watcher and run. Fixes #2176.
* Watch hidden files based on extension

* add OpenJS Foundation logo to website (#4008)

* add OpenJS Foundation logo to website

* fix flaky template

Signed-off-by: Christopher Hiller <boneskull@boneskull.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.