chore(deps): bump mocha from 11.1.0 to 11.7.5 (#195)

eablack · web-flow · commit 7ca6b420a8d6 · 2026-04-20T12:29:30.000-04:00
## Summary

Updates mocha from 11.1.0 to 11.7.5 to resolve multiple security
vulnerabilities identified by `npm audit`.

This update resolves the following vulnerabilities:
- **brace-expansion** (moderate severity) - Zero-step sequence causes
process hang and memory exhaustion
- **lodash** (high severity) - Code injection and prototype pollution
vulnerabilities
- **serialize-javascript** (moderate severity) - CPU exhaustion DoS via
crafted array-like objects

After this update, the project goes from 10 vulnerabilities (6 low, 3
moderate, 1 high) down to 7 low severity vulnerabilities.

## Type of Change

### Patch Updates (patch semver update)

- [x] **deps**: Dependency upgrade

## Testing

**Notes**:

This is a dev dependency upgrade for the testing framework. All existing
tests should continue to pass.

**Steps**:

1. Passing CI suffices

## Screenshots (if applicable)

N/A

## Related Issues

N/A
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -8,6 +8,8 @@ updates:
       time: '12:00'
       day: 'sunday'
       timezone: 'America/Los_Angeles'
+    commit-message:
+      prefix: 'deps'
   - package-ecosystem: 'npm'
     directory: '/'
     open-pull-requests-limit: 5
@@ -16,6 +18,8 @@ updates:
       time: '12:00'
       day: 'sunday'
       timezone: 'America/Los_Angeles'
+    commit-message:
+      prefix: 'deps'
     groups:
       dev-patch-minor-dependencies:
         dependency-type: 'development'
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,10 +7,10 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
 
 ## [1.2.1](https://github.com/heroku/heroku-mcp-server/compare/mcp-server-v1.2.0...mcp-server-v1.2.1) (2026-03-17)
 
-
 ### Miscellaneous Chores
 
-* release 1.2.1 ([#178](https://github.com/heroku/heroku-mcp-server/issues/178)) ([8316f13](https://github.com/heroku/heroku-mcp-server/commit/8316f1346cc95cc7d9df1ad21261f10edab74043))
+- release 1.2.1 ([#178](https://github.com/heroku/heroku-mcp-server/issues/178))
+  ([8316f13](https://github.com/heroku/heroku-mcp-server/commit/8316f1346cc95cc7d9df1ad21261f10edab74043))
 
 ## [1.2.0](https://github.com/heroku/heroku-mcp-server/compare/mcp-server-v1.1.0...mcp-server-v1.2.0) (2026-02-18)
 
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -32,7 +32,7 @@
     "eslint-config-oclif": "^6.0.144",
     "eslint-plugin-mocha": "^11.2.0",
     "husky": "^9.1.7",
-    "mocha": "^11.1.0",
+    "mocha": "^11.7.5",
     "nyc": "^17.1.0",
     "prettier": "^3.8.1",
     "shx": "^0.4.0",
diff --git a/src/tools/deploy-to-heroku.spec.ts b/src/tools/deploy-to-heroku.spec.ts
@@ -8,7 +8,7 @@ import {
   DeployToHeroku,
   isSafeSourceRelativePath,
   MAX_SOURCE_RELATIVE_PATH_LENGTH,
-  OneOffDynoConfig,
+  OneOffDynoConfig
 } from './deploy-to-heroku.js';
 import AppService from '../services/app-service.js';
 import SourceService from '../services/source-service.js';
