[Snyk] Upgrade mocha from 10.8.2 to 11.7.1

[Dargon789]

Snyk has created this PR to upgrade mocha from 10.8.2 to 11.7.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 14 versions ahead of your current version.

• The recommended version was released 3 months ago.

Release notes

Package name: mocha

• 11.7.1 - 2025-06-24
  

  11.7.1 (2025-06-24)

  🩹 Fixes

  • always fallback to import() if require() fails (#5384) (295c168)

  🧹 Chores

  • add esm loader test (#5383) (f58e49f)
• 11.7.0 - 2025-06-18
  

  11.7.0 (2025-06-18)

  🌟 Features

  • use require to load esm (#5366) (41e24a2)
• 11.6.0 - 2025-06-09
  

  11.6.0 (2025-06-09)

  🌟 Features

  • bump workerpool from ^6.5.1 to ^9.2.0 (#5350) (581a3c5)
• 11.5.0 - 2025-05-23
  

  11.5.0 (2025-05-22)

  🌟 Features

  • bump mimimatch from ^5.1.6 to ^9.0.5 (#5349) (a3dea85)
• 11.4.0 - 2025-05-19
  

  11.4.0 (2025-05-19)

  🌟 Features

  • bump diff from ^5.2.0 to ^7.0.0 (#5348) (554d6bb)

  📚 Documentation

  • added CHANGELOG.md note around 11.1 yargs-parser update (#5362) (618415d)
• 11.3.0 - 2025-05-16
  

  11.3.0 (2025-05-16)

  🌟 Features

  • add option to use posix exit code upon fatal signal (#4989) (91bbf85)

  📚 Documentation

  • Deploy new site alongside old one (#5360) (6c96545)
  • mention explicit browser support range (#5354) (c514c0b)
  • update Node.js version requirements for 11.x (#5329) (abf3dd9)

  🧹 Chores

  • remove prerelease setting in release-please config (#5363) (8878f22)
• 11.2.2 - 2025-04-10
  

  11.2.2 (2025-04-10)

  🩹 Fixes

  • deps: update chokidar to v4 (#5256) (8af0f1a)

  📚 Documentation

  • add ClientRedirects.astro (#5324) (b88d441)
  • add example/tests.html to docs-next (#5325) (6ec5762)
• 11.2.1 - 2025-04-10
  

  11.2.1 (2025-04-10)

  🩹 Fixes

  • switch from ansi-colors to picocolors (#5323) (7c08d09)

  📚 Documentation

  • fix new website typos, improve readability (#5312) (fbceb19)

  🧹 Chores

  • "force" Netlify to use npm to build new site (#5319) (3a46855)
  • Fix tests (#5320) (18699a0)
• 11.2.0 - 2025-03-17
  

  11.2.0 (2025-03-17)

  🌟 Features

  • enable reporters to show relative paths of tests (#5292) (81ea666)

  📚 Documentation

  • add instructions for API docs (#5287) (b720ec1)
  • add new website using Astro Starlight (#5246) (b1f1cb7)
  • improve third-party reporter docs (#5285) (c5a0ef5)

  🧹 Chores

  • enabled eslint-plugin-n (#5280) (945d6e3)
  • pin node-lts tests to 22.11.0 (#5279) (664e1f4)
  • replace fs-extra with newer fs built-ins (#5284) (75dcf8c)
• 11.1.0 - 2025-01-02
  

  11.1.0 (2025-01-02)

  🌟 Features

  • bump yargs to 17 (#5165) (8f1c8d8)
    • Note that this also included a version bump of yargs-parser from ^20.2.9 to ^21.1., which fixed a bug that caused extra quotes in file paths to be removed.
      See #5341 for more information.
• 11.0.2 - 2024-12-09
• 11.0.1 - 2024-12-02
• 11.0.0 - 2024-11-11
• 11.0.0-beta - 2024-11-23
• 10.8.2 - 2024-10-30

from mocha GitHub release notes

---

Important

• Warning: This PR contains a major version upgrade, and may be a breaking change.
• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[vercel]

Deployment failed with the following error:

Resource is limited - try again in 5 hours (more than 100, code: "api-deployments-free-per-day").

Learn More: https://vercel.com/dargon789s-projects?upgradeToPro=build-rate-limit

[codesandbox]

Review or Edit in CodeSandbox

Open the branch in Web Editor • VS Code • Insiders

Open Preview

[gemini-code-assist]

Summary of Changes

Hello @Dargon789, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request automates the process of keeping project dependencies current by upgrading the mocha testing framework. The primary goal is to enhance security and maintainability by incorporating the latest features and fixes. However, given that this is a significant major version bump, it's crucial to verify that the changes do not introduce regressions or breaking issues within the existing codebase.

Highlights

• Dependency Upgrade: Upgraded the mocha testing framework from version 10.8.2 to 11.7.1.
• Potential Breaking Change: This is a major version upgrade, spanning 14 versions, and may introduce breaking changes. Review and thorough testing are recommended.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in issue comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
npm/mocha	^11.7.1	🟢 7.3	Details Check Score Reason Code-Review 🟢 9 Found 26/27 approved changesets -- score normalized to 9 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Maintained 🟢 10 30 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo License 🟢 10 license file detected Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Packaging 🟢 10 packaging workflow detected SAST 🟢 4 SAST tool is not run on all commits -- score normalized to 4 Vulnerabilities ⚠️ 0 60 existing vulnerabilities detected

Scanned Files

• packages/hardhat-ethers/package.json

[gemini-code-assist]

Code Review

This pull request upgrades mocha from v10 to v11, which is a major version update. This upgrade introduces significant breaking changes, most notably requiring Node.js v18.0.0 or newer. It's crucial to verify that your CI and local development environments are configured to use a compatible Node.js version before merging.

I've added a review comment regarding the @types/mocha dependency, which should also be updated to ensure type compatibility with the new mocha version. Apart from these considerations, the upgrade is a good step to keep dependencies current.

[gemini-code-assist]

While upgrading mocha to a new major version, it's important to also update its type definitions to maintain type safety and avoid potential build issues. The current version specifier for @types/mocha on line 52 is ">=9.1.0", which is very broad and may not be compatible with the breaking changes in Mocha v11.

To ensure compatibility, I recommend updating @types/mocha to a more recent version, like ^10.0.6 (the latest available), and using a caret ^ for better dependency management.