[Snyk] Upgrade: , chai, chai-as-promised, mocha

[metatrust-v]

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

@openzeppelin/contracts
from 4.4.1 to 4.9.6 | 26 versions ahead of your current version | 6 months ago
on 2024-02-29
chai
from 4.3.4 to 4.5.0 | 9 versions ahead of your current version | a month ago
on 2024-07-25
chai-as-promised
from 7.1.1 to 7.1.2 | 1 version ahead of your current version | 4 months ago
on 2024-05-11
mocha
from 9.1.3 to 9.2.2 | 4 versions ahead of your current version | 2 years ago
on 2022-03-11

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GETFUNCNAME-5923417	751	Proof of Concept
	Information Exposure SNYK-JS-OPENZEPPELINCONTRACTS-2958047	751	No Known Exploit
	Information Exposure SNYK-JS-OPENZEPPELINCONTRACTS-2958050	751	No Known Exploit
	Incorrect Calculation SNYK-JS-OPENZEPPELINCONTRACTS-2964946	751	No Known Exploit
	Improper Verification of Cryptographic Signature SNYK-JS-OPENZEPPELINCONTRACTS-2980279	751	No Known Exploit
	Improper Input Validation SNYK-JS-OPENZEPPELINCONTRACTS-5425051	751	No Known Exploit
	Improper Encoding or Escaping of Output SNYK-JS-OPENZEPPELINCONTRACTS-5838352	751	No Known Exploit
	Information Exposure SNYK-JS-NANOID-2332193	751	Proof of Concept
	Function Call With Incorrect Argument SNYK-JS-OPENZEPPELINCONTRACTS-2336323	751	No Known Exploit
	Denial of Service (DoS) SNYK-JS-OPENZEPPELINCONTRACTS-2965798	751	No Known Exploit
	Denial of Service (DoS) SNYK-JS-OPENZEPPELINCONTRACTS-5425827	751	No Known Exploit
	Missing Authorization SNYK-JS-OPENZEPPELINCONTRACTS-5672116	751	No Known Exploit

Release notes

Package name: @openzeppelin/contracts

• 4.9.6 - 2024-02-29
  
  • Base64: Fix issue where dirty memory located just after the input buffer is affecting the result. (#4929)
• 4.9.5 - 2023-12-08
  
  • Multicall: Make aware of non-canonical context (i.e. msg.sender is not _msgSender()), allowing compatibility with ERC2771Context. Patch duplicated Address.functionDelegateCall in v4.9.4 (removed).
• 4.9.4 - 2023-12-07
  
  • ERC2771Context and Context: Introduce a _contextPrefixLength() getter, used to trim extra information appended to msg.data.
  • Multicall: Make aware of non-canonical context (i.e. msg.sender is not _msgSender()), allowing compatibility with ERC2771Context.
• 4.9.3 - 2023-07-28
  

  Note
  This release contains a fix for GHSA-g4vp-m682-qqmp.

  • ERC2771Context: Return the forwarder address whenever the msg.data of a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. msg.data.length is less than 20 bytes), as specified by ERC-2771. (#4481)
  • ERC2771Context: Prevent revert in _msgData() when a call originating from a trusted forwarder is not long enough to contain the request signer address (i.e. msg.data.length is less than 20 bytes). Return the full calldata in that case. (#4484)
• 4.9.2 - 2023-06-16
• 4.9.1 - 2023-06-07
• 4.9.0 - 2023-05-23
• 4.9.0-rc.1 - 2023-05-17
• 4.9.0-rc.0 - 2023-05-09
• 4.8.3 - 2023-04-13
• 4.8.2 - 2023-03-02
• 4.8.1 - 2023-01-13
• 4.8.0 - 2022-11-08
• 4.8.0-rc.2 - 2022-10-17
• 4.8.0-rc.1 - 2022-09-23
• 4.8.0-rc.0 - 2022-09-07
• 4.7.3 - 2022-08-10
• 4.7.2 - 2022-07-27
• 4.7.1 - 2022-07-20
• 4.7.0 - 2022-06-29
• 4.7.0-rc.0 - 2022-06-07
• 4.6.0 - 2022-04-26
• 4.6.0-rc.0 - 2022-03-31
• 4.5.0 - 2022-02-09
• 4.5.0-rc.0 - 2022-01-13
• 4.4.2 - 2022-01-11
• 4.4.1 - 2021-12-14

from @openzeppelin/contracts GitHub release notes

Package name: chai

• 4.5.0 - 2024-07-25
  
  • Update type detect (#1631) 1a36d35

  v4.4.1...v4.5.0

  What's Changed

  • Update type detect by @ koddsson in #1631

  Full Changelog: v4.4.1...v4.5.0

• 4.4.1 - 2024-01-12
  

  What's Changed

  • fix: removes ?? for node compat by @ 43081j in #1574

  Full Changelog: v4.4.0...v4.4.1

• 4.4.0 - 2024-01-05
  

  What's Changed

  • Allow deepEqual fonction to be configured globally (4.x.x branch) by @ forty in #1553

  Full Changelog: v4.3.10...v4.4.0

• 4.3.10 - 2023-09-28
• 4.3.9 - 2023-09-27
• 4.3.8 - 2023-08-24
• 4.3.7 - 2022-11-07
• 4.3.6 - 2022-01-26
• 4.3.5 - 2022-01-25
• 4.3.4 - 2021-03-12

from chai GitHub release notes

Package name: chai-as-promised

• 7.1.2 - 2024-05-11
  

  What's Changed

  • docs(README): add example of how to use async/await by @ jedwards1211 in #222
  • Updated README.md to reflect functionality by @ James-Firth in #247
  • feat: support chai 5.x in peer dependency by @ 43081j in #284

  New Contributors

  • @ jedwards1211 made their first contribution in #222
  • @ James-Firth made their first contribution in #247
  • @ 43081j made their first contribution in #284

  Full Changelog: v7.1.1...v7.1.2

• 7.1.1 - 2017-07-05
  

  Fixes ESLint accidentally being included as a dependency since v7.0.0.

from chai-as-promised GitHub release notes

Package name: mocha

• 9.2.2 - 2022-03-11
  

  9.2.2 / 2022-03-11

  Please also note our announcements.

  🐛 Fixes

  • #4842: Loading of reporter throws wrong error (@ juergba)

  • #4839: dry-run: prevent potential call-stack crash (@ juergba)

  🔩 Other

  • #4843: Update production dependencies (@ juergba)
• 9.2.1 - 2022-02-19
  

  9.2.1 / 2022-02-19

  Please also note our announcements.

  🐛 Fixes

  • #4832: Loading of config files throws wrong error (@ juergba)

  • #4799: Reporter: configurable maxDiffSize reporter-option (@ norla)

• 9.2.0 - 2022-01-24
  

  9.2.0 / 2022-01-24

  Please also note our announcements.

  🎉 Enhancements

  • #4813: Parallel: assign each worker a worker-id (@ forty)

  🔩 Other

  • #4818: Update production dependencies (@ juergba)
• 9.1.4 - 2022-01-14
  

  9.1.4 / 2022-01-14

  Please also note our announcements.

  🐛 Fixes

  • #4807: import throws wrong error if loader is used (@ giltayar)

  🔩 Other

  • #4777: Add Node v17 to CI test matrix (@ outsideris)
• 9.1.3 - 2021-10-15
  

  9.1.3 / 2021-10-15

  Please also note our announcements.

  🐛 Fixes

  • #4769: Browser: re-enable bdd ES6 style import (@ juergba)

  🔩 Other

  • #4764: Revert deprecation of EVENT_SUITE_ADD_* events (@ beatfactor)

from mocha GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs