Mocha 10.2.0 represents a minor version update to the popular JavaScript test framework, building upon the solid foundation established by version 10.1.0. The dependency tree sees subtle changes. While core dependencies like he, ms, diff, glob, debug, yargs, nanoid, find-up, js-yaml, chokidar, minimatch, workerpool, ansi-colors, log-symbols, yargs-parser, browser-stdout, supports-color, yargs-unparser, strip-json-comments, escape-string-regexp, and serialize-javascript remain consistent between versions, the devDependencies exhibit a few noteworthy alterations.
Specifically, through2 and watchify have been removed as devDependencies in 10.2.0, replaced by strip-ansi. These updates to devDependencies likely reflect refinements in the build process, tooling, or testing strategies employed by the Mocha team, with a focus on reducing the package size and optimization. Developers upgrading from 10.1.0 to 10.2.0 can anticipate a smooth transition with minimal breaking changes, primarily centered around internal development dependencies rather than impacting Mocha's core testing capabilities. The core functionalities remain consistent, ensuring continued support for a wide array of testing styles, asynchronous testing, and customizable reporting. The updated release date in 10.2.0 signals ongoing maintenance and improvements to this widely used test framework. This release contains approximately 903 bytes more than version 10.1.0.
All the vulnerabilities related to the version 10.2.0 of the package
Predictable results in nanoid generation when given non-integer values
When nanoid is called with a fractional value, there were a number of undesirable effects:
Version 3.3.8 and 5.0.9 are fixed.
Cross-site Scripting (XSS) in serialize-javascript
A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package.
