Skip to content

build(deps-dev): bump expect from 28.1.3 to 29.6.1#81

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/expect-29.6.1
Closed

build(deps-dev): bump expect from 28.1.3 to 29.6.1#81
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/expect-29.6.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 6, 2023

Copy link
Copy Markdown
Contributor

Bumps expect from 28.1.3 to 29.6.1.

Release notes

Sourced from expect's releases.

v29.6.1

Fixes

  • [jest-circus] Revert #14110 as it was a breaking change

Full Changelog: jestjs/jest@v29.6.0...v29.6.1

v29.6.0

Features

  • [jest-circus, jest-snapshot] Add support for snapshot matchers in concurrent tests (#14139)
  • [jest-cli] Include type definitions to generated config files (#14078)
  • [jest-snapshot] Support arrays as property matchers (#14025)
  • [jest-core, jest-circus, jest-reporter, jest-runner] Added support for reporting about start individual test cases using jest-circus (#14174)

Fixes

  • [jest-circus] Prevent false test failures caused by promise rejections handled asynchronously (#14110)
  • [jest-config] Handle frozen config object (#14054)
  • [jest-config] Allow coverageDirectory and collectCoverageFrom in project config (#14180)
  • [jest-core] Always use workers in watch mode to avoid crashes (#14059).
  • [jest-environment-jsdom, jest-environment-node] Fix assignment of customExportConditions via testEnvironmentOptions when custom env subclass defines a default value (#13989)
  • [jest-matcher-utils] Fix copying value of inherited getters (#14007)
  • [jest-mock] Tweak typings to allow jest.replaceProperty() replace methods (#14008)
  • [jest-mock] Improve user input validation and error messages of spyOn and replaceProperty methods (#14087)
  • [jest-runtime] Bind jest.isolateModulesAsync to this (#14083)
  • [jest-runtime] Forward wrapperLength to the Script constructor as columnOffset for accurate debugging (#14148)
  • [jest-runtime] Guard _isMockFunction access with in (#14188)
  • [jest-snapshot] Fix a potential bug when not using prettier and improve performance (#14036)
  • [@jest/transform] Do not instrument .json modules (#14048)

Chore & Maintenance

  • [*] Update semver dependency to get vulnerability fix (#14262)
  • [docs] Updated documentation for the --runTestsByPath CLI command (#14004)
  • [docs] Updated documentation regarding the synchronous fallback when asynchronous code transforms are unavailable (#14056)
  • [docs] Update jest statistics of use and downloads in website Index.

New Contributors

... (truncated)

Changelog

Sourced from expect's changelog.

29.6.1

Fixes

  • [jest-circus] Revert #14110 as it was a breaking change

29.6.0

Features

  • [jest-circus, jest-snapshot] Add support for snapshot matchers in concurrent tests (#14139)
  • [jest-cli] Include type definitions to generated config files (#14078)
  • [jest-snapshot] Support arrays as property matchers (#14025)
  • [jest-core, jest-circus, jest-reporter, jest-runner] Added support for reporting about start individual test cases using jest-circus (#14174)

Fixes

  • [jest-circus] Prevent false test failures caused by promise rejections handled asynchronously (#14110)
  • [jest-config] Handle frozen config object (#14054)
  • [jest-config] Allow coverageDirectory and collectCoverageFrom in project config (#14180)
  • [jest-core] Always use workers in watch mode to avoid crashes (#14059).
  • [jest-environment-jsdom, jest-environment-node] Fix assignment of customExportConditions via testEnvironmentOptions when custom env subclass defines a default value (#13989)
  • [jest-matcher-utils] Fix copying value of inherited getters (#14007)
  • [jest-mock] Tweak typings to allow jest.replaceProperty() replace methods (#14008)
  • [jest-mock] Improve user input validation and error messages of spyOn and replaceProperty methods (#14087)
  • [jest-runtime] Bind jest.isolateModulesAsync to this (#14083)
  • [jest-runtime] Forward wrapperLength to the Script constructor as columnOffset for accurate debugging (#14148)
  • [jest-runtime] Guard _isMockFunction access with in (#14188)
  • [jest-snapshot] Fix a potential bug when not using prettier and improve performance (#14036)
  • [@jest/transform] Do not instrument .json modules (#14048)

Chore & Maintenance

  • [*] Update semver dependency to get vulnerability fix (#14262)
  • [docs] Updated documentation for the --runTestsByPath CLI command (#14004)
  • [docs] Updated documentation regarding the synchronous fallback when asynchronous code transforms are unavailable (#14056)
  • [docs] Update jest statistics of use and downloads in website Index.

29.5.0

Features

  • [jest-changed-files] Support Sapling (#13941)
  • [jest-circus, @jest/cli, jest-config] Add feature to randomize order of tests via CLI flag or through the config file(#12922)
  • [jest-cli, jest-config, @jest/core, jest-haste-map, @jest/reporters, jest-runner, jest-runtime, @jest/types] Add workerThreads configuration option to allow using worker threads for parallelization (#13939)
  • [jest-cli] Export yargsOptions (#13970)
  • [jest-config] Add openHandlesTimeout option to configure possible open handles warning. (#13875)
  • [@jest/create-cache-key-function] Allow passing length argument to createCacheKey() function and set its default value to 16 on Windows (#13827)
  • [jest-message-util] Add support for AggregateError (#13946 & #13947)
  • [jest-message-util] Add support for Error causes in test and it (#13935 & #13966)

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [expect](https://github.com/facebook/jest/tree/HEAD/packages/expect) from 28.1.3 to 29.6.1.
- [Release notes](https://github.com/facebook/jest/releases)
- [Changelog](https://github.com/jestjs/jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/jest/commits/v29.6.1/packages/expect)

---
updated-dependencies:
- dependency-name: expect
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jul 6, 2023
@github-actions

github-actions Bot commented Jul 6, 2023

Copy link
Copy Markdown
Contributor
# npm audit report

clean-css  <4.1.11
Regular Expression Denial of Service in clean-css - https://github.com/advisories/GHSA-wxhq-pm8v-cw75
fix available via `npm audit fix --force`
Will install jade@1.9.2, which is a breaking change
node_modules/clean-css
  jade  >=0.30.0
  Depends on vulnerable versions of clean-css
  Depends on vulnerable versions of constantinople
  Depends on vulnerable versions of transformers
  node_modules/jade

constantinople  <3.1.1
Severity: critical
Sandbox Bypass Leading to Arbitrary Code Execution in constantinople - https://github.com/advisories/GHSA-4vmm-mhcq-4x9j
fix available via `npm audit fix --force`
Will install jade@1.9.2, which is a breaking change
node_modules/constantinople

semver  <7.5.2
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix --force`
Will install nodemon@1.14.9, which is a breaking change
node_modules/@babel/core/node_modules/semver
node_modules/@babel/helper-compilation-targets/node_modules/semver
node_modules/builtins/node_modules/semver
node_modules/conventional-changelog-core/node_modules/semver
node_modules/conventional-changelog-writer/node_modules/semver
node_modules/eslint-plugin-import/node_modules/semver
node_modules/eslint-plugin-n/node_modules/semver
node_modules/eslint-plugin-react/node_modules/semver
node_modules/git-semver-tags/node_modules/semver
node_modules/istanbul-lib-instrument/node_modules/semver
node_modules/make-dir/node_modules/semver
node_modules/meow/node_modules/read-pkg/node_modules/semver
node_modules/meow/node_modules/semver
node_modules/rewire/node_modules/semver
node_modules/semver
node_modules/simple-update-notifier/node_modules/semver
node_modules/standard-version/node_modules/semver
node_modules/superagent/node_modules/semver
node_modules/synp/node_modules/semver
  @babel/core  <=7.22.5
  Depends on vulnerable versions of semver
  node_modules/@babel/core
  @babel/helper-compilation-targets  7.8.1 - 7.22.5
  Depends on vulnerable versions of semver
  node_modules/@babel/helper-compilation-targets
  conventional-changelog-writer  *
  Depends on vulnerable versions of meow
  Depends on vulnerable versions of semver
  node_modules/conventional-changelog-writer
    conventional-changelog-core  *
    Depends on vulnerable versions of conventional-changelog-writer
    Depends on vulnerable versions of conventional-commits-parser
    Depends on vulnerable versions of git-raw-commits
    Depends on vulnerable versions of git-semver-tags
    Depends on vulnerable versions of read-pkg
    Depends on vulnerable versions of read-pkg-up
    node_modules/conventional-changelog-core
      conventional-changelog  >=1.0.0
      Depends on vulnerable versions of conventional-changelog-core
      node_modules/conventional-changelog
        standard-version  *
        Depends on vulnerable versions of conventional-changelog
        Depends on vulnerable versions of conventional-recommended-bump
        Depends on vulnerable versions of git-semver-tags
        node_modules/standard-version
  eslint-plugin-import  >=2.27.4
  Depends on vulnerable versions of semver
  node_modules/eslint-plugin-import
    standard  >=17.0.0-0
    Depends on vulnerable versions of eslint-config-standard-jsx
    Depends on vulnerable versions of eslint-plugin-import
    Depends on vulnerable versions of eslint-plugin-react
    node_modules/standard
  eslint-plugin-react  7.19.0 || >=7.26.0
  Depends on vulnerable versions of semver
  node_modules/eslint-plugin-react
    eslint-config-standard-jsx  >=11.0.0-0
    Depends on vulnerable versions of eslint-plugin-react
    node_modules/eslint-config-standard-jsx
  git-semver-tags  *
  Depends on vulnerable versions of meow
  Depends on vulnerable versions of semver
  node_modules/git-semver-tags
    conventional-recommended-bump  >=1.0.0
    Depends on vulnerable versions of conventional-commits-parser
    Depends on vulnerable versions of git-raw-commits
    Depends on vulnerable versions of git-semver-tags
    Depends on vulnerable versions of meow
    node_modules/conventional-recommended-bump
  istanbul-lib-instrument  >=1.2.0
  Depends on vulnerable versions of semver
  node_modules/istanbul-lib-instrument
    nyc  >=7.0.0-alpha.1
    Depends on vulnerable versions of caching-transform
    Depends on vulnerable versions of find-cache-dir
    Depends on vulnerable versions of istanbul-lib-instrument
    Depends on vulnerable versions of istanbul-lib-report
    Depends on vulnerable versions of istanbul-reports
    Depends on vulnerable versions of make-dir
    Depends on vulnerable versions of spawn-wrap
    node_modules/nyc
  make-dir  2.0.0 - 3.1.0
  Depends on vulnerable versions of semver
  node_modules/make-dir
    caching-transform  >=3.0.2
    Depends on vulnerable versions of make-dir
    node_modules/caching-transform
    find-cache-dir  2.1.0 - 3.3.2
    Depends on vulnerable versions of make-dir
    node_modules/find-cache-dir
    istanbul-lib-report  >=2.0.5
    Depends on vulnerable versions of make-dir
    node_modules/istanbul-lib-report
      istanbul-reports  >=3.0.0-alpha.0
      Depends on vulnerable versions of istanbul-lib-report
      node_modules/istanbul-reports
    spawn-wrap  >=2.0.0-beta.0
    Depends on vulnerable versions of make-dir
    node_modules/spawn-wrap
  nodemon  1.4.10-alpha.1 - 1.4.10-alpha.3 || >=1.14.10
  Depends on vulnerable versions of semver
  Depends on vulnerable versions of simple-update-notifier
  node_modules/nodemon
  normalize-package-data  <=2.5.0
  Depends on vulnerable versions of semver
  node_modules/meow/node_modules/read-pkg/node_modules/normalize-package-data
  node_modules/normalize-package-data
    read-package-json  0.4.0 - 2.1.2
    Depends on vulnerable versions of normalize-package-data
    node_modules/read-package-json
      read-installed  *
      Depends on vulnerable versions of read-package-json
      Depends on vulnerable versions of semver
      node_modules/read-installed
        @cyclonedx/bom  <=3.10.6
        Depends on vulnerable versions of read-installed
        node_modules/@cyclonedx/bom
    read-pkg  <=5.2.0
    Depends on vulnerable versions of normalize-package-data
    node_modules/meow/node_modules/read-pkg
    node_modules/read-pkg
      read-pkg-up  <=7.0.1
      Depends on vulnerable versions of read-pkg
      node_modules/meow/node_modules/read-pkg-up
      node_modules/read-pkg-up
        meow  3.4.0 - 9.0.0
        Depends on vulnerable versions of read-pkg-up
        node_modules/meow
          conventional-commits-parser  >=2.1.5
          Depends on vulnerable versions of meow
          node_modules/conventional-commits-parser
          git-raw-commits  >=1.3.4
          Depends on vulnerable versions of meow
          node_modules/git-raw-commits
  simple-update-notifier  1.0.7 - 1.1.0
  Depends on vulnerable versions of semver
  node_modules/simple-update-notifier

taffydb  *
Severity: high
TaffyDB can allow access to any data items in the DB - https://github.com/advisories/GHSA-mxhp-79qh-mcx6
fix available via `npm audit fix`
node_modules/taffydb
  jsdoc  3.2.0-dev - 3.6.11
  Depends on vulnerable versions of taffydb
  node_modules/jsdoc-api/node_modules/jsdoc
    jsdoc-api  4.0.0 - 7.1.1
    Depends on vulnerable versions of jsdoc
    node_modules/jsdoc-api

uglify-js  <=2.5.0
Severity: critical
Regular Expression Denial of Service in uglify-js - https://github.com/advisories/GHSA-c9f4-xj24-8jqx
Incorrect Handling of Non-Boolean Comparisons During Minification in uglify-js - https://github.com/advisories/GHSA-34r7-q49f-h37c
fix available via `npm audit fix --force`
Will install jade@1.9.2, which is a breaking change
node_modules/transformers/node_modules/uglify-js
  transformers  >=2.0.0
  Depends on vulnerable versions of uglify-js
  node_modules/transformers

word-wrap  *
Severity: moderate
word-wrap vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-j8xg-fqg3-53r7
fix available via `npm audit fix`
node_modules/word-wrap
  optionator  0.8.3 - 0.9.1
  Depends on vulnerable versions of word-wrap
  node_modules/optionator

42 vulnerabilities (1 low, 34 moderate, 4 high, 3 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

@dependabot @github

dependabot Bot commented on behalf of github Jul 27, 2023

Copy link
Copy Markdown
Contributor Author

Superseded by #84.

@dependabot dependabot Bot closed this Jul 27, 2023
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/expect-29.6.1 branch July 27, 2023 15:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant