Mocha update needed to resolve Regular Expression Denial of Service (ReDoS)

[molyholy]

Description of the bug/issue

Vulnerability described here https://security.snyk.io/package/npm/mocha/9.2.2

[AutomatedTester]

@beatfactor I remember you saying something about Mocha as a dependency. Is this something we can just upgrade or is this the ESM issue I remember you mentioning?

[beatfactor]

We would need to use Mocha 10 but it will probably introduce breaking changes.

[telion2]

Hello, what the status on this?
Btw. These are the changes from 9.2.2 -> 10.2.0:
mochajs/mocha@v9.2.2...v10.2.0
Or here as a list of breaking changes: https://github.com/mochajs/mocha/releases/tag/v10.0.0
Looks like they dropped support for IE and Node 12.

So will you upgrade, replace mocha or hope that mocha fixes the Issue for 9.2.2?

[telion2]

For those who want a fix asap: You can add:

//package.json
"overrides": {
    "mocha": "^10.2.0"
  }

in your package.json, hit npm install and try if it works for you. It worked in my projects without issue.