Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk] Security upgrade karma from 2.0.3 to 5.0.8 #139

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade karma from 2.0.3 to 5.0.8 #139

wants to merge 1 commit into from

Conversation

Omrisnyk
Copy link
Owner

@Omrisnyk Omrisnyk commented Feb 2, 2024

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • large-file/package.json
    • large-file/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity Reachability
medium severity 67/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 0, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.83, Score Version: V5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-NODEMAILER-6219989		 Yes Proof of Concept No Path Found

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: karma
  • 5.0.8 - 2020-05-18

    5.0.8 (2020-05-18)

    Bug Fixes

    • dependencies: update and unlock socket.io dependency (#3513) (b60391f)
    • dependencies: update to latest log4js major (#3514) (47f1cb2)
  • 5.0.7 - 2020-05-16

    5.0.7 (2020-05-16)

    Bug Fixes

    • detect type for URLs with query parameter or fragment identifier (#3509) (f399063), closes #3497
  • 5.0.6 - 2020-05-16

    5.0.6 (2020-05-16)

    Bug Fixes

    • dependencies: update production dependencies (#3512) (0cd696f)
  • 5.0.5 - 2020-05-07

    5.0.5 (2020-05-07)

    Bug Fixes

  • 5.0.4 - 2020-04-30

    5.0.4 (2020-04-30)

    Bug Fixes

    • browser: make sure that empty results array is still recognized (#3486) (fa95fa3)
  • 5.0.3 - 2020-04-29

    5.0.3 (2020-04-29)

    Bug Fixes

  • 5.0.2 - 2020-04-16

    5.0.2 (2020-04-16)

    Bug Fixes

    • ci: stop the proxy before killing the child, handle errors (#3472) (abe9af6), closes #3464
  • 5.0.1 - 2020-04-10

    5.0.1 (2020-04-10)

    Bug Fixes

  • 5.0.0 - 2020-04-09

    5.0.0 (2020-04-09)

    Bug Fixes

    Code Refactoring

    Continuous Integration

    Features

    • docs: document DEFAULT_LISTEN_ADDR constant (#3443) (057d527), closes #2479
    • karma-server: added log to the server.js for uncaught exception (#3399) (adc6a66)
    • preprocessor: obey Pattern.isBinary when set (#3422) (708ae13), closes #3405

    BREAKING CHANGES

    • Karma plugins which rely on the fact that Karma uses Bluebird promises may break as Bluebird-specific API is no longer available on Promises returned by the Karma core
    • server: Deprecated createPreprocessor removed, karma-browserify < 7 version doesn't work
    • no more testing on node 8.
  • 4.4.1 - 2019-10-18

    Bug Fixes

    • deps: back to karma-browserstack-launcher 1.4 (#3361) (1cd87ad)
    • server: Add test coverage for config.singleRun true branch. (#3384) (259be0d)
    • if preprocessor is async function and doesn't return a content then await donePromise (#3387) (f91be24)
  • 4.4.0 - 2019-10-17
  • 4.3.0 - 2019-08-27
  • 4.2.0 - 2019-07-12
  • 4.1.0 - 2019-04-15
  • 4.0.1 - 2019-02-28
  • 4.0.0 - 2019-01-23
  • 3.1.4 - 2018-12-17
  • 3.1.3 - 2018-12-01
  • 3.1.2 - 2018-12-01
  • 3.1.1 - 2018-10-23
  • 3.1.0 - 2018-10-22
  • 3.0.0 - 2018-08-09
  • 2.0.5 - 2018-07-24
  • 2.0.4 - 2018-06-21
  • 2.0.3 - 2018-06-15
from karma GitHub release notes
Commit messages
Package name: karma The new version differs by 246 commits.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

@snyk-bot
fix: large-file/package.json & large-file/package-lock.json to reduce…
fecb4b8 
… vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NODEMAILER-6219989
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@Omrisnyk @snyk-bot