Skip to content

[Snyk] Security upgrade mocha from 9.2.2 to 10.6.0#158

Open
snyk-io[bot] wants to merge 17 commits into
mainfrom
snyk-fix-55f5118df02270b5f3d5b3f086b1fe58
Open

[Snyk] Security upgrade mocha from 9.2.2 to 10.6.0#158
snyk-io[bot] wants to merge 17 commits into
mainfrom
snyk-fix-55f5118df02270b5f3d5b3f086b1fe58

Conversation

@snyk-io

@snyk-io snyk-io Bot commented Nov 19, 2025

Copy link
Copy Markdown

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

  • packages/google-cloud-ids/samples/package.json

Vulnerabilities that will be fixed with an upgrade:

Issue Score
medium severity Prototype Pollution
SNYK-JS-JSYAML-13961110		   49  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

Dargon789 and others added 17 commits June 9, 2025 03:27
@Dargon789
Add .circleci/config.yml
9f387e3
@Dargon789
Merge branch 'main' into circleci-project-setup
a4e38c6
@Dargon789
Merge branch 'googleapis:main' into circleci-project-setup
1d3fdda
@Dargon789
Merge branch 'main' into circleci-project-setup
6a67f0f
@Dargon789
Create google.yml (#1)
dca4dca 
Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com>
@Dargon789
Merge pull request #2 from Dargon789/circleci-project-setup
a547187 
Circleci project setup
@Dargon789
Merge branch 'googleapis:main' into main
5f35bf4
@Dargon789
Update config.yml (#3)
b2c33d1 
Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com>
@Dargon789
Merge branch 'googleapis:main' into main
cae191b
@Dargon789
Merge branch 'googleapis:main' into main
da6ab58
@Dargon789
Merge branch 'googleapis:main' into main
7dff2c1
@Dargon789
Merge branch 'googleapis:main' into main
7fa1c7f
@snyk-io @Dargon789
feat: upgrade c8 from 9.1.0 to 10.1.3
0837c22 
Snyk has created this PR to upgrade c8 from 9.1.0 to 10.1.3.

See this package in npm:
c8

See this project in Snyk:
https://app.snyk.io/org/dargon789/project/68a3328a-d2b6-4975-b7db-af96a29fc4ac?utm_source=github-cloud-app&utm_medium=referral&page=upgrade-pr
@snyk-io @Dargon789
feat: upgrade c8 from 9.1.0 to 10.1.3
b37e491 
Snyk has created this PR to upgrade c8 from 9.1.0 to 10.1.3.

See this package in npm:
c8

See this project in Snyk:
https://app.snyk.io/org/dargon789/project/e2757016-0d48-429d-8c99-bffba0039c3a?utm_source=github-cloud-app&utm_medium=referral&page=upgrade-pr
@Dargon789
Merge branch 'googleapis:main' into main
243de53
@Dargon789
Update google.yml (#11)
3c8b463 
Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com>
@snyk-io
fix: packages/google-cloud-ids/samples/package.json to reduce vulnera…
f235d23 
…bilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-JSYAML-13961110
@snyk-io

snyk-io Bot commented Nov 19, 2025

Copy link
Copy Markdown
Author

Snyk checks have passed. No issues have been found so far.

Status Scanner Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

Dargon789 pushed a commit that referenced this pull request Apr 14, 2026
@kolodny @GautamSharda
Switch src/ to use ES classes (#158)
eb9fc1c 
Fixes #85 

- [x] Tests and linter pass
- [x] Code coverage does not decrease (if any source code was changed)
- [x] Appropriate docs were updated (if necessary)

---

This PR should be ready to go. I believe this requires a major semver bump. I figured the test files shouldn't be updated in the same PR. The only thing that really needs to be pointed out is that classes shouldn't be instantiatable without the new keyword:

```js
const client1 = new Bigtable()
const client2 = Bigtable() // Error: Class constructor Foo cannot be invoked without 'new'
```

I was on the fence about requiring people to use the `new` keyword or not, and chose to make it optional. I did this by using a proxy:

```js
Bigtable = new Proxy(Bigtable, {
  apply(target, thisArg, argumentsList) {
    return new target(...argumentsList);
  },
});
```

Let me know if this should be removed. I didn't add that to the semi-private classes since the common case of creating one is something like `instance.table(...)` and not `new Table(...)`

Note - This was removed in review

As before, most of this was done via lebab so there may be some issues so please do go through it again to make sure nothing terrible is being done.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Dargon789