Mochawesome is a visually appealing and customizable HTML/CSS reporter designed to enhance Mocha.js test reporting. Version 2.0.3 refines the foundation laid by its predecessor, version 2.0.2, offering subtle improvements for developers seeking comprehensive test results. Both versions share core dependencies like babel-runtime, chalk, diff, fs-extra, json-stringify-safe, lodash, mochawesome-report-generator, and uuid, ensuring consistent functionality for tasks such as runtime environment support, terminal styling, result comparison, file system operations, secure JSON stringification, utility functions, report generation, and unique identifier creation. The developer tooling remains consistent too, utilizing packages like babel-cli, eslint, and nyc for code transpilation, styling checks, and coverage reporting.
While the dependency versions remain largely identical between both versions, the key difference lies in the releaseDate, with 2.0.3 released on February 9, 2017, and 2.0.2 on January 17, 2017. This suggests that version 2.0.3 represents a subsequent patch or minor update focusing on bug fixes, performance enhancements, or minor feature tweaks, without introducing major breaking changes, so developers can update to newer versions without fear it would break their code.
For developers using Mochawesome, this means a smooth upgrade path to 2.0.3, ensuring they benefit from the latest refinements and potentially improved stability within the established reporting framework. The consistent dependency stack underscores the stability of the core functionality, allowing developers to leverage Mochawesome's reporting capabilities with confidence across both versions.
All the vulnerabilities related to the version 2.0.3 of the package
node-fetch forwards secure headers to untrusted sites
node-fetch forwards secure headers such as authorization, www-authenticate, cookie, & cookie2 when redirecting to a untrusted site.
yargs-parser Vulnerable to Prototype Pollution
Affected versions of yargs-parser are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of Object, causing the addition or modification of an existing property that will exist on all objects.
Parsing the argument --foo.__proto__.bar baz' adds a bar property with value baz to all objects. This is only exploitable if attackers have control over the arguments being passed to yargs-parser.
Upgrade to versions 13.1.2, 15.0.1, 18.1.1 or later.
Inefficient Regular Expression Complexity in validator.js
validator.js prior to 13.7.0 is vulnerable to Inefficient Regular Expression Complexity
