Skip to content

MLE-24228 Bumping mocha and glob #1033

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 18, 2025
Merged

MLE-24228 Bumping mocha and glob #1033

merged 1 commit into from
Nov 18, 2025

Conversation

@rjrudin
Copy link
Contributor

@rjrudin rjrudin commented Nov 18, 2025

Fixes some CVEs

Copilot AI review requested due to automatic review settings November 18, 2025 16:22
Copilot AI reviewed Nov 18, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR updates two npm dependencies (mocha and glob) to fix security vulnerabilities. The mocha version is bumped from 11.7.4 to 11.7.5, and glob is updated from 10.3.11 to 12.0.0.

  • Updated mocha to version 11.7.5
  • Updated glob to version 12.0.0 to address a command injection vulnerability (GHSA-5j98-mcp5-4vw2)
  • Updated CONTRIBUTING.md documentation to reflect the new glob version and its security context

Reviewed Changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated no comments.

File Description
package.json Updates mocha to 11.7.5 and glob to 12.0.0 in devDependencies and overrides sections
CONTRIBUTING.md Updates documentation for glob dependency with new version number and vulnerability details

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@github-actions
Copy link

github-actions bot commented Nov 18, 2025

Copyright Validation Results
Total: 3 | Passed: 0 | Failed: 0 | Skipped: 3 | at: 2025-11-18 16:22:17 UTC | commit: fd332fe

⏭️ Skipped (Excluded) Files

  • CONTRIBUTING.md
  • package-lock.json
  • package.json

✅ All files have valid copyright headers!

@rjrudin rjrudin merged commit 15308b2 into develop Nov 18, 2025
5 of 6 checks passed
@rjrudin rjrudin deleted the feature/audit-fix branch November 18, 2025 16:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@anu3990 anu3990 Awaiting requested review from anu3990 anu3990 is a code owner

@BillFarber BillFarber Awaiting requested review from BillFarber BillFarber is a code owner

@stevebio stevebio Awaiting requested review from stevebio stevebio is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rjrudin