An in-range update of mocha is breaking the build 🚨

[greenkeeper]

☝️ Greenkeeper’s updated Terms of Service will come into effect on April 6th, 2018.

Version 5.0.2 of mocha was just published.

Branch	Build failing 🚨
Dependency	mocha
Current Version	5.0.1
Type	devDependency

This version is covered by your current version range and after updating it in your project the build failed.

mocha is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Status Details

• ❌ ci/circleci A command timed out during your tests Details

---

Release Notes

v5.0.2

5.0.2 / 2018-03-05

This release fixes a class of tests which report as false positives. Certain tests will now break, though they would have previously been reported as passing. Details below. Sorry for the inconvenience!

🐛 Fixes

• #3226: Do not swallow errors that are thrown asynchronously from passing tests (@boneskull). Example:

  it('should actually fail, sorry!', function (done) {
    // passing assertion
    assert(true === true);
  // test complete & is marked as passing
  
  done();
  // ...but something evil lurks within
  
  setTimeout(() => {
  
  throw new Error('chaos!');
  
  }, 100);
  
  });

  Previously to this version, Mocha would have silently swallowed the chaos! exception, and you wouldn't know. Well, now you know. Mocha cannot recover from this gracefully, so it will exit with a nonzero code.

  Maintainers of external reporters: If a test of this class is encountered, the Runner instance will emit the end event twice; you may need to change your reporter to use runner.once('end') intead of runner.on('end').

• #3093: Fix stack trace reformatting problem (@outsideris)

:nut_and_bolt Other

• #3248: Update browser-stdout to v1.3.1 (@honzajavorek)

Commits

The new version differs by 13 commits.

• f2ee53c Release v5.0.2
• ff1bd9e update package-lock.json
• 6a796cb prepare CHANGELOG for v5.0.2 [ci skip]
• 0542c40 update README.md; closes #3191 [ci skip]
• afcd08f add MAINTAINERS.md to .fossaignore [ci skip]
• 3792bef add opencollective header image to assets/
• 5078fc5 persist paths in stack trace which have cwd as infix
• 2c720a3 do not eat exceptions thrown asynchronously from passed tests; closes #3226
• 3537061 Update to correctly licensed browser-stdout version
• ec8901a remove unused functionality in utils module
• f71f347 rename wallaby.js -> .wallaby.js
• c4ef568 fix PR url
• 73d55ac fix typos in changelog [ci skip]

See the full diff

FAQ and help

There is a collection of frequently asked questions. If those don’t help, you can always ask the humans behind Greenkeeper.

---

Your Greenkeeper Bot 🌴

[greenkeeper]

After pinning to 5.0.1 your tests are still failing. The reported issue might not affect your project. These imprecisions are caused by inconsistent test results.

[greenkeeper]

Version 5.0.3 just got published.

Your tests are still failing with this version. Compare the changes 🚨

Release Notes

v5.0.3

5.0.3 / 2018-03-06

This patch features a fix to address a potential "low severity" ReDoS vulnerability in the diff package (a dependency of Mocha).

🔒 Security Fixes

• #3266: Bump diff to v3.5.0 (@anishkny)

🔩 Other

• #3011: Expose generateDiff() in Base reporter (@harrysarson)

Commits

The new version differs by 6 commits.

• da6e5c9 Release v5.0.3
• 70d9262 update CHANGELOG.md for v5.0.3 [ci skip]
• aaaa5ab fix: ReDoS vuln in mocha@5.0.2 › diff@3.3.1 (#3266)
• 8df5727 Tidies up code after review
• 660bccc adds unit tests covering Base.generateDiff
• bdcb3c3 exposes generateDiff function from base reporter

See the full diff

[redgeoff]

Will be addressed by #78