Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk] Security upgrade karma from 2.0.5 to 5.0.8 #62

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade karma from 2.0.5 to 5.0.8 #62

wants to merge 1 commit into from

Conversation

MaxMood96
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 726/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.1		 Arbitrary Code Injection
SNYK-JS-XMLHTTPREQUESTSSL-1082936		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: karma The new version differs by 227 commits.
  • 16010eb chore(release): 5.0.8 [skip ci]
  • a409696 chore: remove unused `grunt lint` command (#3515)
  • 47f1cb2 fix(dependencies): update to latest log4js major (#3514)
  • b60391f fix(dependencies): update and unlock socket.io dependency (#3513)
  • 4d49948 chore(release): 5.0.7 [skip ci]
  • f399063 fix: detect type for URLs with query parameter or fragment identifier (#3509)
  • 17b50bc chore(release): 5.0.6 [skip ci]
  • 0cd696f fix(dependencies): update production dependencies (#3512)
  • 7c24a03 chore: fix broken HTML markup in the changelog file (#3507)
  • fdc4f9d refactor(test): remove no debug matching option (#3504)
  • 35d57e9 chore(release): 5.0.5 [skip ci]
  • e99da31 fix(cli): restore command line help contents (#3502)
  • 4f2fe56 chore: add Node 14 to the build matrix (#3501)
  • 100b227 refactor(test): move execKarma into the World (#3500)
  • f375884 refactor(test): reduce execKarma to a reasonable size (#3496)
  • a3d1f11 refactor(test): add common method to start server in background (#3495)
  • e4a5126 refactor(test): write config file in its own steps (#3494)
  • 0bd5c2b refactor(test): adjust sandbox folder location and simplify config logic (#3493)
  • b788f94 refactor(test): extract proxy into a separate Given claim (#3492)
  • 633f833 chore(release): 5.0.4 [skip ci]
  • 810489d refactor(test): migrate Proxy to ES2015 (#3490)
  • fa95fa3 fix(browser): make sure that empty results array is still recognized (#3486)
  • 255bf67 refactor(test): migrate World to ES2015 (#3489)
  • be5db67 chore(test): remove usage of deprecated defineSupportCode (#3488)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Arbitrary Code Injection

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@MaxMood96 @snyk-bot