Mocha: content_security_policy - EvalError: Refused to evaluate a string

The problem: I've had to add the following line to a chrome extension manifest file in order for the latest version of Mocha to work: "content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self';",

Without this line, mocha scripts fails to run with the following error:

mocha.js:13165 Uncaught EvalError: Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' blob: filesystem:".

    at Function (<anonymous>)
    at mocha.js:13165
    at createCommonjsModule (mocha.js:16)
    at mocha.js:12456
    at mocha.js:4
    at mocha.js:5

The mentioned workaround was found here: https://stackoverflow.com/a/48047578 but ideally we don't want to meddle with the content_security_policy

The error seems related to the following piece of code in mocha.js :

      // In sloppy mode, unbound `this` refers to the global object, fallback to
      // Function constructor if we're in global strict mode. That is sadly a form
      // of indirect eval which violates Content Security Policy.
      function () {
        return this;
      }() || Function("return this")());

This looks like a regression in the newer versions of Mocha as this issue doesn't occur after downgrading to Mocha 8.1.3 .

What I've tried:
Experimented with different devtool settings including "cheap-module-source-map" and false

How I'm running Mocha: Slightly differently because of testing a chrome extension with a specific page. But the core idea works in other projects and shouldn't be related to the described error.

mocha.setup("bdd");
mocha.timeout(8000);
// set up all the relevant tests
mocha.run()

How I'm working around this at the moment: Downgraded to Mocha 8.1.3