STCLI-226: Upgrade Mocha from 9 to 10 fixing ReDoS

julianladisch · julianladisch · commit fddb3c9411f2 · 2023-02-04T17:04:29.000+01:00
mocha before version 10.1.0 has a Regular Expression Denial of Service (ReDoS) vulnerability in the clean function in utils.js: * https://github.com/mochajs/mocha/releases/tag/v10.1.0 Mocha 9 has reached its end of life and is no longer supported. stripes-cli uses mocha ^9.0.0 and should upgrade to a supported version that is not vulnerable.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # Change history for stripes-cli
 
+## 2.6.3 IN PROGRESS
+
+* Upgrade `mocha` from 9 to 10 fixing ReDoS. Refs STCLI-226.
+
 ## [2.6.2](https://github.com/folio-org/stripes-cli/tree/v2.6.2) (2023-01-30)
 [Full Changelog](https://github.com/folio-org/stripes-cli/compare/v2.6.1...v2.6.2)
 
diff --git a/README.md b/README.md
@@ -1,6 +1,6 @@
 # Stripes CLI
 
-Copyright (C) 2017-2020 The Open Library Foundation
+Copyright (C) 2017-2023 The Open Library Foundation
 
 This software is distributed under the terms of the Apache License,
 Version 2.0. See the file "[LICENSE](LICENSE)" for more information.
diff --git a/package.json b/package.json
@@ -52,7 +52,7 @@
     "karma-webpack": "^5.0.0",
     "kopy": "^9.4.2",
     "lodash": "^4.17.5",
-    "mocha": "^9.0.0",
+    "mocha": "^10.2.0",
     "mocha-jenkins-reporter": "^0.4.1",
     "morgan": "^1.10.0",
     "node-fetch-npm": "^2.0.2",
