[Snyk] Upgrade: chai-as-promised, dateformat #9
Conversation
Snyk has created this PR to upgrade:
- chai-as-promised from 7.1.2 to 8.0.0.
See this package in npm: https://www.npmjs.com/package/chai-as-promised
- dateformat from 4.6.3 to 5.0.3.
See this package in npm: https://www.npmjs.com/package/dateformat
See this project in Snyk:
https://app.snyk.io/org/okeamah/project/b8d36d74-9dfe-4af3-88c4-4dfecdde45d7?utm_source=github&utm_medium=referral&page=upgrade-pr
![sourcery-ai[bot]](https://avatars.githubusercontent.com/in/48477?s=60&v=4){kind=small}
There was a problem hiding this comment.
We have skipped reviewing this pull request. Here's why:
- It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
- We don't review packaging changes - Let us know if you'd like us to change this.
|
🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎ To accept the risk, merge this PR and you will not be notified again.
Next stepsWhat is a critical CVE?Contains a Critical Common Vulnerability and Exposure (CVE). Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Take a deeper look at the dependencyTake a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev. Remove the packageIf you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency. Mark a package as acceptable riskTo ignore an alert, reply with a comment starting with
|
|
This PR is stale because it has been open 14 days with no activity. Remove stale label or comment or this will be closed in 5 days. |
Snyk has created this PR to upgrade multiple dependencies.
👯 The following dependencies are linked and will therefore be updated together.ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
chai-as-promised
⚠️ This is a major version upgrade, and may be a breaking change | 3 months ago
⚠️ This is a major version upgrade, and may be a breaking change | 3 years ago
from 7.1.2 to 8.0.0 | 2 versions ahead of your current version
on 2024-06-09
dateformat
from 4.6.3 to 5.0.3 | 4 versions ahead of your current version
on 2022-02-19
Release notes
Package name: chai-as-promised
-
8.0.0 - 2024-06-09
- Migrate CI to GitHub Actions by @ WikiRik in #283
- feat: upgrade dev toolchain by @ 43081j in #285
- chore: add prettier by @ 43081j in #286
- feat: move to ESM-only by @ 43081j in #287
- fix: raise a nicer error when non-object errors are matched by @ 43081j in #294
- chore: allow publishing prereleases by @ 43081j in #295
- fix: update repo in package.json by @ 43081j in #296
- chore: relicense as MIT by @ 43081j in #299
- @ WikiRik made their first contribution in #283
-
8.0.0-beta.1 - 2024-05-14
- fix: update repo in package.json by @ 43081j in #296
-
7.1.2 - 2024-05-11
- docs(README): add example of how to use async/await by @ jedwards1211 in #222
- Updated README.md to reflect functionality by @ James-Firth in #247
- feat: support chai 5.x in peer dependency by @ 43081j in #284
- @ jedwards1211 made their first contribution in #222
- @ James-Firth made their first contribution in #247
- @ 43081j made their first contribution in #284
from chai-as-promised GitHub release notesWhat's Changed
New Contributors
Full Changelog: v7.1.2...v8.0.0
What's Changed
Full Changelog: v8.0.0-beta.0...v8.0.0-beta.1
What's Changed
New Contributors
Full Changelog: v7.1.1...v7.1.2
Package name: dateformat
-
5.0.3 - 2022-02-19
- Fix deprecation warning
-
5.0.2 - 2021-10-16
- Update docs for dateformat imports
-
5.0.1 - 2021-09-21
- Bundle Size Reductions
- Fixed
- Introduced breaking changes to imports, now imports are as format
-
5.0.0 - 2021-09-21
-
4.6.3 - 2021-09-21
from dateformat GitHub release notesAutomatic extension resolution of the "main" field is deprecated for ES modules.Thanks to @ nestedscope for their contributions ❤️
Thanks to @ BendingBender for their contributions ❤️
Zformat issue in Australia (details)import dateFormat from "dateformat";Thanks to @ jimmywarting and @ mikegreiling for their contributions ❤️
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information: