Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

resolve npm audit report for mocha #180

Closed
wants to merge 1 commit into from
Closed

resolve npm audit report for mocha #180

wants to merge 1 commit into from

Conversation

mcandre
Copy link

@mcandre mcandre commented Sep 26, 2019

Update mocha to resolve NPM security reports.

mocha 4.0.0 would have been sufficient, but we might as well keep up with the latest major version now, as this doesn't appear to break anything, and will help us to resolve further security warnings much faster.

@mcandre
Copy link
Author

mcandre commented Sep 26, 2019

Based on the CI results, it appears that the dependency tree now requires Node.js 6.16+.

We could modify the Travis configuration accordingly. What's the course of action?

@mcandre
Copy link
Author

mcandre commented Sep 26, 2019

See #182

@dougwilson
Copy link
Contributor

Security issues in dev dependencies do not effect end users, as they are not installed when on does "npm install hbs".

dougwilson added a commit that referenced this pull request Sep 27, 2019
dougwilson added a commit that referenced this pull request Sep 27, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants