Skip to content

feat!: require jsdoc 4.x #22

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

feat!: require jsdoc 4.x #22

wants to merge 1 commit into from

Conversation

@KoenDG
Copy link

@KoenDG KoenDG commented Jul 20, 2025

This PR #19 seems abandoned?

It was stated publish.js had too many changes.

I went over these changes, they were all whitespace changes, save the 1 dependency change. I reverted all these changes, except the change to the jsdoc/taffydb import. Effectively that becomes a drop-in replacement.

Apart from that, the jsdoc related packages had received an update in the mean time, so I upgraded those versions.

Disclaimer: I have no knowledge of the impact of these changes, this PR is a fully copy of the previous PR, minus the whitespace changes that made publish.js too big to check.

Hoping this can get merged to then have a look at other outdated dependencies, that potentially carry vulnerabilities with them.

@linux-foundation-easycla
Copy link

linux-foundation-easycla bot commented Jul 20, 2025
edited
Loading

CLA Signed

The committers listed above are authorized under a signed CLA.

  • ✅ login: KoenDG / name: Koen De Groote (0d4dc6e)

@KoenDG
Picking up the seemingly abandonned pull request at mochajs#19
0d4dc6e 
It was stated publish.js had too many changes.
I went over them, they were all whitespace changes. Reverted them all, only the change to jsdoc/taffydb remains, as is the goal of this PR.

Update jsdoc/salty to latest version.

Update jsdoc from 4.0.3 to 4.0.4

Bunch of squashing done while testing reverting the whitespace so the diff is minimal.
@KoenDG
Copy link
Author

KoenDG commented Aug 16, 2025

@JoshuaKGoldberg Sorry to ping directly. Saw your name on the previous ticket, only reference I have. Should I ping someone else about this?

Is this still something that's desired?

I'm just doing it because there's a lot of CVEs on this old code and just updating this dependency makes most of them go away.

@JoshuaKGoldberg
Copy link
Member

JoshuaKGoldberg commented Aug 18, 2025

👋 thanks for sending this @KoenDG, and thanks for the ping! I'd neglected to subscribe to this repository and so missed your PR.

I have no knowledge of the impact of these changes

Is there a reason you want to push this work forward? For mochajs.org we're planning on migrating over to mochajs.org/next, eventually deprecating this repository. mochajs/mocha#5309

@KoenDG
Copy link
Author

KoenDG commented Aug 19, 2025

I wound up here while looking for the source of certain vulnerabilities, and looking to see if I could update the dependencies to fix that.

The project seems to be a direct dependency of mocha itself.

Running npm ci on this project alone prints the following:

32 vulnerabilities (6 low, 5 moderate, 19 high, 2 critical)

So I thought I would see what I can do to fix that.

It's likely these vulnerabilities aren't exposed in such a way they can impact a live project, but still, it's not a good look to have critical and high level vulnerabilities in one's dependencies.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@KoenDG @JoshuaKGoldberg