[Snyk] Upgrade chai from 4.3.4 to 5.1.0

[nerds-github]

Snyk has created this PR to upgrade chai from 4.3.4 to 5.1.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 17 versions ahead of your current version.

• The recommended version was released on 8 months ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	265	No Known Exploit
	Prototype Poisoning SNYK-JS-QS-3153490	265	Proof of Concept
	Prototype Poisoning SNYK-JS-QS-3153490	265	Proof of Concept
	Improper Handling of Extra Parameters SNYK-JS-FOLLOWREDIRECTS-6141137	265	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GETFUNCNAME-5923417	265	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	265	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	265	Proof of Concept
	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	265	No Known Exploit
	Asymmetric Resource Consumption (Amplification) SNYK-JS-BODYPARSER-7926860	265	No Known Exploit
	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	265	Proof of Concept
	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	265	Proof of Concept
	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	265	No Known Exploit
	Denial of Service (DoS) SNYK-JS-WS-7266574	265	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	265	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	265	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	265	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHTOREGEXP-7925106	265	Proof of Concept
	Improper Input Validation SNYK-JS-POSTCSS-5926692	265	No Known Exploit
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	265	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-3244450	265	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-COOKIE-8163060	265	No Known Exploit
	Improper Control of Dynamically-Managed Code Resources SNYK-JS-EJS-6689533	265	No Known Exploit
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	265	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	265	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	265	No Known Exploit

Release notes

Package name: chai

• 5.1.0 - 2024-02-12
  

  What's Changed

  • Remove useless guards and add parentheses to constuctors by @ koddsson in #1593
  • Cleanup jsdoc comments by @ koddsson in #1596
  • Convert comments in "legal comments" format to jsdoc or normal comments by @ koddsson in #1598
  • Implement iterable assertion by @ koddsson in #1592
  • Assert interface fix by @ developer-bandi in #1601
  • Set support in same members by @ koddsson in #1583
  • Fix publish script by @ koddsson in #1602

  New Contributors

  • @ developer-bandi made their first contribution in #1601

  Full Changelog: v5.0.3...v5.1.0

• 5.0.3 - 2024-01-25
  

  Fix bad v5.0.2 publish.

  Full Changelog: v5.0.2...v5.0.3

• 5.0.2 - 2024-01-25
  

  What's Changed

  • build(deps): bump nanoid and mocha by @ dependabot in #1558
  • remove bump-cli by @ koddsson in #1559
  • Update developer dependencies by @ koddsson in #1560
  • fix: removes ?? for node compat (5.x) by @ 43081j in #1576
  • Update loupe to latest version by @ koddsson in #1579
  • Re-enable some webkit tests by @ koddsson in #1580
  • Remove a bunch of if statements in test/should.js by @ koddsson in #1581
  • Remove a bunch of unused files by @ koddsson in #1582
  • Fix 1564 by @ koddsson in #1566

  Full Changelog: v5.0.1...v5.0.2

• 5.0.0 - 2023-12-28
  

  BREAKING CHANGES

  • Chai now only supports EcmaScript Modules (ESM). This means your tests will need to either have import {...} from 'chai' or import('chai'). require('chai') will cause failures in nodejs. If you're using ESM and seeing failures, it may be due to a bundler or transpiler which is incorrectly converting import statements into require calls.
  • Dropped support for Internet Explorer.
  • Dropped support for NodeJS < 18.
  • Minimum supported browsers are now Firefox 100, Safari 14.1, Chrome 100, Edge 100. Support for browsers prior to these versions is "best effort" (bug reports on older browsers will be assessed individually and may be marked as wontfix).

  What's Changed

  • feat: use chaijs/loupe for inspection by @ pcorpet in #1401
  • docs: fix URL in README by @ Izzur in #1413
  • Remove get-func-name dependency by @ koddsson in #1416
  • Convert Makefile script to npm scripts by @ koddsson in #1424
  • Clean up README badges by @ koddsson in #1422
  • fix: package.json - deprecation warning on exports field by @ stevenjoezhang in #1400
  • fix: deep-eql bump package to support symbols by @ snewcomer in #1458
  • ES module conversion PoC by @ 43081j in #1498
  • chore: drop commonjs support by @ 43081j in #1503
  • Update pathval by @ koddsson in #1527
  • Update check-error by @ koddsson in #1528
  • update deep-eql to latest version by @ koddsson in #1542
  • Inline type-detect as a simple function by @ koddsson in #1544
  • Update loupe by @ koddsson in #1545
  • Typo 'Test an object' not 'Test and object' by @ mavaddat in #1460
  • Update assertion-error to it's latest major version! by @ koddsson in #1543
  • Replacing Karma with Web Test Runner by @ koddsson in #1546

  New Contributors

  • @ Izzur made their first contribution in #1413
  • @ stevenjoezhang made their first contribution in #1400
  • @ 43081j made their first contribution in #1498

  Full Changelog: 4.3.1...v5.0.0

• 5.0.0-rc.0 - 2023-12-06
  

  The first Release Candidate of chai@v5 is here!

  We've put out a few alpha versions and tested them out in various projects with good success. This RC includes all those changes plus any fixes that we've discovered since then.

  Please try it out in your projects and let us know if you run into any issues so we can make fixes before version 5!

  Thanks for using Chai 🙏🏻

  What's Changed

  • feat: use chaijs/loupe for inspection by @ pcorpet in #1401
  • docs: fix URL in README by @ Izzur in #1413
  • Remove get-func-name dependency by @ koddsson in #1416
  • Convert Makefile script to npm scripts by @ koddsson in #1424
  • Clean up README badges by @ koddsson in #1422
  • fix: package.json - deprecation warning on exports field by @ stevenjoezhang in #1400
  • fix: deep-eql bump package to support symbols by @ snewcomer in #1458
  • ES module conversion PoC by @ 43081j in #1498
  • chore: drop commonjs support by @ 43081j in #1503
  • Update pathval by @ koddsson in #1527
  • Update check-error by @ koddsson in #1528
  • update deep-eql to latest version by @ koddsson in #1542
  • Inline type-detect as a simple function by @ koddsson in #1544
  • Update loupe by @ koddsson in #1545
  • Typo 'Test an object' not 'Test and object' by @ mavaddat in #1460
  • Update assertion-error to it's latest major version! by @ koddsson in #1543
  • Replacing Karma with Web Test Runner by @ koddsson in #1546
  • remove codecov by @ koddsson in #1548
  • remove chai version constant by @ koddsson in #1550
  • Remove istanbul by @ koddsson in #1549

  New Contributors

  • @ Izzur made their first contribution in #1413
  • @ koddsson made their first contribution in #1416
  • @ stevenjoezhang made their first contribution in #1400
  • @ 43081j made their first contribution in #1498

  Full Changelog: v4.3.10...v5.0.0-rc.0

• 5.0.0-alpha.2 - 2023-10-30
  

  What's Changed

  • update deep-eql to latest version by @ koddsson in #1542
  • Inline type-detect as a simple function by @ koddsson in #1544
  • Update loupe by @ koddsson in #1545
  • Typo 'Test an object' not 'Test and object' by @ mavaddat in #1460
  • Update assertion-error to it's latest major version! by @ koddsson in #1543
  • Replacing Karma with Web Test Runner by @ koddsson in #1546

  Full Changelog: v5.0.0-alpha.1...v5.0.0-alpha.2

• 5.0.0-alpha.1 - 2023-07-26
• 5.0.0-alpha.0 - 2023-02-07
• 4.5.0 - 2024-07-25
• 4.4.1 - 2024-01-12
  

  What's Changed

  • fix: removes ?? for node compat by @ 43081j in #1574

  Full Changelog: v4.4.0...v4.4.1

• 4.4.0 - 2024-01-05
  

  What's Changed

  • Allow deepEqual fonction to be configured globally (4.x.x branch) by @ forty in #1553

  Full Changelog: v4.3.10...v4.4.0

• 4.3.10 - 2023-09-28
  

  This release simply bumps all dependencies to their latest non-breaking versions.

  What's Changed

  • upgrade all dependencies by @ keithamus in #1540

  Full Changelog: v4.3.9...v4.3.10

• 4.3.9 - 2023-09-27
• 4.3.8 - 2023-08-24
• 4.3.7 - 2022-11-07
• 4.3.6 - 2022-01-26
• 4.3.5 - 2022-01-25
• 4.3.4 - 2021-03-12

from chai GitHub release notes

---

Important

• Warning: This PR contains a major version upgrade, and may be a breaking change.
• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"chai","from":"4.3.4","to":"5.1.0"}],"env":"prod","hasFixes":true,"isBreakingChange":true,"isMajorUpgrade":true,"issuesToFix":[{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-MICROMATCH-6838728","issue_id":"SNYK-JS-MICROMATCH-6838728","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Inefficient Regular Expression Complexity"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-QS-3153490","issue_id":"SNYK-JS-QS-3153490","priority_score":482,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Poisoning"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-QS-3153490","issue_id":"SNYK-JS-QS-3153490","priority_score":482,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Poisoning"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-FOLLOWREDIRECTS-6141137","issue_id":"SNYK-JS-FOLLOWREDIRECTS-6141137","priority_score":472,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Handling of Extra Parameters"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-GETFUNCNAME-5923417","issue_id":"SNYK-JS-GETFUNCNAME-5923417","priority_score":751,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.6","score":430},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SEMVER-3247795","issue_id":"SNYK-JS-SEMVER-3247795","priority_score":482,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SEMVER-3247795","issue_id":"SNYK-JS-SEMVER-3247795","priority_score":482,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-SHELLQUOTE-1766506","issue_id":"SNYK-JS-SHELLQUOTE-1766506","priority_score":405,"priority_score_factors":[{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Remote Code Execution (RCE)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-BODYPARSER-7926860","issue_id":"SNYK-JS-BODYPARSER-7926860","priority_score":410,"priority_score_factors":[{"type":"cvssScore","label":"8.2","score":410},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Asymmetric Resource Consumption (Amplification)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-BRACES-6838727","issue_id":"SNYK-JS-BRACES-6838727","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Uncontrolled resource consumption"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-DECODEURICOMPONENT-3149970","issue_id":"SNYK-JS-DECODEURICOMPONENT-3149970","priority_score":482,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-JSONSCHEMA-1920922","issue_id":"SNYK-JS-JSONSCHEMA-1920922","priority_score":430,"priority_score_factors":[{"type":"cvssScore","label":"8.6","score":430},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-WS-7266574","issue_id":"SNYK-JS-WS-7266574","priority_score":482,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-LOADERUTILS-3042992","issue_id":"SNYK-JS-LOADERUTILS-3042992","priority_score":265,"priority_score_factors":[{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-LOADERUTILS-3105943","issue_id":"SNYK-JS-LOADERUTILS-3105943","priority_score":265,"priority_score_factors":[{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-MINIMATCH-3050818","issue_id":"SNYK-JS-MINIMATCH-3050818","priority_score":265,"priority_score_factors":[{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-PATHTOREGEXP-7925106","issue_id":"SNYK-JS-PATHTOREGEXP-7925106","priority_score":666,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.9","score":345},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-POSTCSS-5926692","issue_id":"SNYK-JS-POSTCSS-5926692","priority_score":265,"priority_score_factors":[{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Input Validation"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-FOLLOWREDIRECTS-6444610","issue_id":"SNYK-JS-FOLLOWREDIRECTS-6444610","priority_score":432,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-UAPARSERJS-3244450","issue_id":"SNYK-JS-UAPARSERJS-3244450","priority_score":372,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-COOKIE-8163060","issue_id":"SNYK-JS-COOKIE-8163060","priority_score":386,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"cvssScore","label":"6.3","score":31...