Skip to content

Dependency Updates | February 2024#125

Open
mertssmnoglu wants to merge 9 commits intoiyzico:masterfrom
mertssmnoglu:deps-test
Open

Dependency Updates | February 2024#125
mertssmnoglu wants to merge 9 commits intoiyzico:masterfrom
mertssmnoglu:deps-test

Conversation

@mertssmnoglu
Copy link

@mertssmnoglu mertssmnoglu commented Feb 7, 2024
edited
Loading

Dependency Updates on February 2024

  • Mocha bumped it's latest version 10.x from 2.x
  • Should bumped it's latest version 13.x from 8.
  • Add nyc to see the test coverages. It dependes on istanbuljs.

Updated Scripts

  • test and sample scripts supports regex patterns
  • cover and coverall scripts updated

Bonus

  • mocha-lcov-reporter bumped it's latest version, but looks like it doesnt needed anymore
  • request bumped it's latest version, but i'ts DEPRECATED
  • coveralls bumped it's latest version, but it's not Maintained
  • Added package-lock.json Missing package-lock.json #122
  • supertest and istanbul libraries are not used. Test steps can pass without them. Removed 1-2 vulnerablity.

Conclusion

Before: 26 Vulnerabiliies
20240207_17h32m32s_grim

After: 2 Vulnerabilites
20240211_13h49m25s_grim

You can check the difference with npm audit command.

@erdemdmr

@mertssmnoglu mertssmnoglu mentioned this pull request Feb 7, 2024
Open
@mertssmnoglu
Copy link
Author

mertssmnoglu commented Jun 24, 2024

Please check this out too GHSA-grv7-fg5c-xmjg

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mertssmnoglu