Bump chai from 4.5.0 to 5.1.2

[dependabot]

Bumps chai from 4.5.0 to 5.1.2.

Release notes

Sourced from chai's releases.

v5.1.2

What's Changed

• Fix secret name in publish action by @​koddsson in chaijs/chai#1614
• Publish npm packages with provenance by @​koddsson in chaijs/chai#1615
• build(deps-dev): bump braces from 3.0.2 to 3.0.3 by @​dependabot in chaijs/chai#1625
• chore: bump loupe and deep-eql by @​43081j in chaijs/chai#1635
• build(deps-dev): bump @​75lb/deep-merge from 1.1.1 to 1.1.2 by @​dependabot in chaijs/chai#1636
• build(deps): bump rollup from 4.9.1 to 4.22.4 by @​dependabot in chaijs/chai#1637
• chore: update deep dependencies by @​43081j in chaijs/chai#1641
• chore: upgrade loupe by @​43081j in chaijs/chai#1646
• Support big int in approximently by @​koddsson in chaijs/chai#1606

Full Changelog: chaijs/chai@v5.1.1...v5.1.2

v5.1.1

What's Changed

• Set up ESLint for JSDoc comments by @​koddsson in chaijs/chai#1605
• build(deps-dev): bump ip from 1.1.8 to 1.1.9 by @​dependabot in chaijs/chai#1608
• Correct Mocha import instructions by @​MattiSG in chaijs/chai#1611
• fix: support some virtual contexts in toThrow by @​43081j in chaijs/chai#1609

New Contributors

• @​MattiSG made their first contribution in chaijs/chai#1611

Full Changelog: chaijs/chai@v5.1.0...v5.1.1

v5.1.0

What's Changed

• Remove useless guards and add parentheses to constuctors by @​koddsson in chaijs/chai#1593
• Cleanup jsdoc comments by @​koddsson in chaijs/chai#1596
• Convert comments in "legal comments" format to jsdoc or normal comments by @​koddsson in chaijs/chai#1598
• Implement iterable assertion by @​koddsson in chaijs/chai#1592
• Assert interface fix by @​developer-bandi in chaijs/chai#1601
• Set support in same members by @​koddsson in chaijs/chai#1583
• Fix publish script by @​koddsson in chaijs/chai#1602

New Contributors

• @​developer-bandi made their first contribution in chaijs/chai#1601

Full Changelog: chaijs/chai@v5.0.3...v5.1.0

v5.0.3

Fix bad v5.0.2 publish.

Full Changelog: chaijs/chai@v5.0.2...v5.0.3

v5.0.2

What's Changed

• build(deps): bump nanoid and mocha by @​dependabot in chaijs/chai#1558

... (truncated)

Commits

• 1b17805 Support big int in approximently (#1606)
• 346421f chore: upgrade loupe (#1646)
• 01ac941 chore: update deep dependencies (#1641)
• baf6ce9 build(deps): bump rollup from 4.9.1 to 4.22.4 (#1637)
• ca5d462 build(deps-dev): bump @​75lb/deep-merge from 1.1.1 to 1.1.2 (#1636)
• 3ce5944 chore: bump loupe and deep-eql (#1635)
• ec18925 build(deps-dev): bump braces from 3.0.2 to 3.0.3 (#1625)
• 5ab5b86 Publish npm packages with provenance (#1615)
• 14fcf6b Fix secret name in publish action (#1614)
• 37263c0 fix: support some virtual contexts in toThrow (#1609)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
npm/assertion-error	2.0.1	🟢 4.7	Details Check Score Reason Code-Review 🟢 6 Found 17/25 approved changesets -- score normalized to 6 Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/chai	5.1.2	🟢 5.2	Details Check Score Reason Code-Review 🟢 6 Found 18/26 approved changesets -- score normalized to 6 Maintained 🟢 6 6 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 6 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy ⚠️ 0 security policy file not detected Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Packaging ⚠️ -1 packaging workflow not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected
npm/check-error	2.1.1	🟢 3.7	Details Check Score Reason Code-Review 🟢 8 Found 15/18 approved changesets -- score normalized to 8 Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 2 dependency not pinned by hash detected -- score normalized to 2 Signed-Releases ⚠️ -1 no releases found Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 41 existing vulnerabilities detected
npm/deep-eql	5.0.2	🟢 3.3	Details Check Score Reason Code-Review 🟢 5 Found 14/26 approved changesets -- score normalized to 5 Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Security-Policy ⚠️ 0 security policy file not detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 20 existing vulnerabilities detected
npm/loupe	3.1.2	🟢 3.8	Details Check Score Reason Maintained ⚠️ 1 2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1 Code-Review 🟢 8 Found 24/30 approved changesets -- score normalized to 8 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Packaging ⚠️ -1 packaging workflow not detected Signed-Releases ⚠️ -1 no releases found Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 53 existing vulnerabilities detected
npm/pathval	2.0.0	🟢 3.2	Details Check Score Reason Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Code-Review 🟢 8 Found 8/9 approved changesets -- score normalized to 8 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow ⚠️ -1 no workflows found Token-Permissions ⚠️ -1 No tokens found Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies ⚠️ -1 no dependencies found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 59 existing vulnerabilities detected
npm/chai	^5.1.2	🟢 5.2	Details Check Score Reason Code-Review 🟢 6 Found 18/26 approved changesets -- score normalized to 6 Maintained 🟢 6 6 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 6 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy ⚠️ 0 security policy file not detected Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Packaging ⚠️ -1 packaging workflow not detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected

Scanned Manifest Files

package-lock.json

• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]

package.json

• chai@^5.1.2
• chai@^4.5.0

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[dependabot]

Looks like chai is up-to-date now, so this is no longer needed.