[Snyk] Upgrade: chai-spies, node-fetch, sinon

[tiff-es]

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

chai-spies
from 1.0.0 to 1.1.0 | 1 version ahead of your current version | 10 months ago
on 2023-10-31
node-fetch
from 2.3.0 to 2.7.0 | 18 versions ahead of your current version | a year ago
on 2023-08-23
sinon
from 7.3.1 to 7.5.0 | 4 versions ahead of your current version | 5 years ago
on 2019-09-23

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Prototype Pollution SNYK-JS-LODASH-6139239	696	Proof of Concept
	Code Injection SNYK-JS-LODASH-1040724	696	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-450202	696	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-567746	696	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-608086	696	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	696	Proof of Concept
	Information Exposure SNYK-JS-NODEFETCH-2342118	696	No Known Exploit
	Denial of Service SNYK-JS-NODEFETCH-674311	696	No Known Exploit

Release notes

Package name: chai-spies

• 1.1.0 - 2023-10-31
  

  What's Changed

  • Update rollup to the latest version 🚀 by @ Greenkeeper in #94
  • Update rollup to the latest version 🚀 by @ Greenkeeper in #95
  • Update rollup to the latest version 🚀 by @ Greenkeeper in #96
  • Update rollup to the latest version 🚀 by @ Greenkeeper in #98
  • updated interface docs for clarity and to show the proper API by @ gregdardis in #105
  • Add TypeScript Setup To README by @ JimLynchCodes in #111
  • chore(travis): updates node versions for testing by @ stalniy in #113
  • chore(rollup): update rollup to the latest version by @ stalniy in #112
  • Fix restoring multiple spies by @ stalniy in #114
  • Replace Travis with GitHub actions by @ sebamarynissen in #119
  • Support spy.on with nullish prototype by @ sebamarynissen in #118

  New Contributors

  • @ Greenkeeper made their first contribution in #94
  • @ gregdardis made their first contribution in #105
  • @ JimLynchCodes made their first contribution in #111
  • @ sebamarynissen made their first contribution in #119

  Full Changelog: 1.0.0...v1.1.0

• 1.0.0 - 2018-01-12
  

  This is a major release which introduces many new featues, such as sandboxes, as well as new convenience methods and assertions.

  This major release also comes with some breaking changes:

  Breaking Changes

  • removed reset method. #35 (@ stalniy)
    You will need to update any callsites to spy.reset() to instead assign a new spy to that variable or property.

  • exposes original function body in spy.toString calls #93 (@ stalniy)
    If you check the spy.toString() output in your tests, this will need to be changed to accomodate for this change.

  Features

  • added spy.returns #35 (@ stalniy)
    Allows to create spies that return constant value

  • added spy.on #61 (#38, @ stalniy)
    Allows to add spies on existing methods

  • added posibility to replace original method when spying with spy.on #68 (#62, @ stalniy)

  chai.spy.on(array, 'push', returns => 5)
  chai.spy.on(array, 'push', function() {
    // custom implementation
  })

  • added spy.restore #61 (#38, @ stalniy)
    Allows to remove spies added by spy.on and restore original method implementation

  • added support for sanboxes #61 (#38, @ stalniy)
    Now it's possible to create sanboxes and track/restore spies in sandbox

  • added support for nth call checks #75 (#59, @ cnexans)
    Allows to check spy arguments on specified call

  const spy = chai.spy()

  spy(1); // first call
  spy(2); // second call
  spy(3); // third call
  spy(i); // nth call

  expect(spy).to.have.been.first.called.with(1)
  expect(spy).to.have.been.second.called.with(2)
  expect(spy).to.have.been.third.called.with(3)
  expect(spy).on.nth(i).be.called.with(i)

  Bug Fixes

  • removed dead links in README #84, #80 (#79, @ damianb)
  • fixed formatting in README #67 (@ jethrolarson)
  • added MIT license to package.json #58 (@ reiz)
  • fixed .with when multiple identical arguments are passed in spy call #56 (#45, @ meeber)
  • updated reference to github repository #42 (@ robcolburn)

  Documentation

  • better organization for spy methods #92 (@ stalniy)
  • added documentation about sanboxes #92 (@ stalniy)

from chai-spies GitHub release notes

Package name: node-fetch

• 2.7.0 - 2023-08-23
  

  2.7.0 (2023-08-23)

  Features

  • AbortError (#1744) (9b9d458)
• 2.6.13 - 2023-08-18
  

  2.6.13 (2023-08-18)

  Bug Fixes

  • Remove the default connection close header (#1765) (65ae25a), closes #1735 #1473 #1736
• 2.6.12 - 2023-06-29
  

  2.6.12 (2023-06-29)

  Bug Fixes

  • socket variable testing for undefined (#1726) (8bc3a7c)
• 2.6.11 - 2023-05-09
  

  2.6.11 (2023-05-09)

  Reverts

  • Revert "fix: handle bom in text and json (#1739)" (#1741) (afb36f6), closes #1739 #1741
• 2.6.10 - 2023-05-08
  

  2.6.10 (2023-05-08)

  Bug Fixes

  • handle bom in text and json (#1739) (29909d7)
• 2.6.9 - 2023-01-30
  

  2.6.9 (2023-01-30)

  Bug Fixes

  • "global is not defined" (#1704) (70f592d)
• 2.6.8 - 2023-01-13
  

  2.6.8 (2023-01-13)

  Bug Fixes

  • headers: don't forward secure headers on protocol change (#1605) (fddad0e), closes #1599
  • premature close with chunked transfer encoding and for async iterators in Node 12 (#1172) (50536d1), closes #1064 /github.com/node-fetch/node-fetch/pull/1064#issuecomment-849167400
  • prevent hoisting of the undefined global variable in browser.js (#1534) (8bb6e31)
• 2.6.7 - 2022-01-16
• 2.6.6 - 2021-10-31
• 2.6.5 - 2021-09-22
• 2.6.4 - 2021-09-21
• 2.6.3 - 2021-09-20
• 2.6.2 - 2021-09-06
• 2.6.1 - 2020-09-05
• 2.6.0 - 2019-05-16
• 2.5.0 - 2019-05-01
• 2.4.1 - 2019-04-27
• 2.4.0 - 2019-04-26
• 2.3.0 - 2018-11-13

from node-fetch GitHub release notes

Package name: sinon

• 7.5.0 - 2019-09-23
  

  7.5.0

• 7.4.2 - 2019-09-02
  

  7.4.2

• 7.4.1 - 2019-08-06
  

  7.4.1

• 7.3.2 - 2019-04-17
  

  7.3.2

• 7.3.1 - 2019-03-27
  

  7.3.1

from sinon GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs