Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk] Fix for 1 vulnerabilities #148

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 1 vulnerabilities #148

wants to merge 1 commit into from

Conversation

Omrisnyk
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • large-file/package.json
    • large-file/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity Reachability
medium severity 160/1000
Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 0, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.67, Score Version: V5		 Information Exposure
SNYK-JS-FOLLOWREDIRECTS-6444610		 Yes Proof of Concept No Path Found

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: follow-redirects
  • 1.15.6 - 2024-03-14
    No content.
  • 1.15.5 - 2024-01-12
    No content.
  • 1.15.4 - 2023-12-30
    No content.
  • 1.15.3 - 2023-09-19
    No content.
  • 1.15.2 - 2022-09-13
    No content.
  • 1.15.1 - 2022-05-26
    No content.
  • 1.15.0 - 2022-05-03
    No content.
  • 1.14.9 - 2022-02-18
    No content.
  • 1.14.8 - 2022-02-08
    No content.
  • 1.14.7 - 2022-01-10
    No content.
  • 1.14.6 - 2021-12-08
  • 1.14.5 - 2021-10-30
  • 1.14.4 - 2021-09-14
  • 1.14.3 - 2021-09-02
  • 1.14.2 - 2021-08-18
  • 1.14.1 - 2021-05-09
  • 1.14.0 - 2021-04-25
  • 1.13.3 - 2021-02-27
  • 1.13.2 - 2021-01-25
  • 1.13.1 - 2020-12-13
  • 1.13.0 - 2020-08-10
  • 1.12.1 - 2020-06-18
  • 1.12.0 - 2020-06-16
  • 1.11.0 - 2020-03-29
  • 1.10.0 - 2020-01-26
  • 1.9.1 - 2020-01-25
  • 1.9.0 - 2019-09-06
  • 1.8.1 - 2019-08-27
  • 1.8.0 - 2019-08-27
  • 1.7.0 - 2019-02-13
  • 1.6.1 - 2019-01-03
  • 1.6.0 - 2018-12-25
  • 1.5.10 - 2018-11-19
  • 1.5.9 - 2018-10-09
  • 1.5.8 - 2018-09-11
  • 1.5.7 - 2018-08-22
  • 1.5.6 - 2018-08-21
  • 1.5.5 - 2018-08-13
  • 1.5.4 - 2018-08-13
  • 1.5.3 - 2018-08-13
  • 1.5.2 - 2018-08-01
  • 1.5.1 - 2018-07-05
  • 1.5.0 - 2018-05-19
  • 1.4.1 - 2018-01-24
from follow-redirects GitHub release notes
Package name: karma
  • 5.0.8 - 2020-05-18

    5.0.8 (2020-05-18)

    Bug Fixes

    • dependencies: update and unlock socket.io dependency (#3513) (b60391f)
    • dependencies: update to latest log4js major (#3514) (47f1cb2)
  • 5.0.7 - 2020-05-16

    5.0.7 (2020-05-16)

    Bug Fixes

    • detect type for URLs with query parameter or fragment identifier (#3509) (f399063), closes #3497
  • 5.0.6 - 2020-05-16

    5.0.6 (2020-05-16)

    Bug Fixes

    • dependencies: update production dependencies (#3512) (0cd696f)
  • 5.0.5 - 2020-05-07

    5.0.5 (2020-05-07)

    Bug Fixes

  • 5.0.4 - 2020-04-30

    5.0.4 (2020-04-30)

    Bug Fixes

    • browser: make sure that empty results array is still recognized (#3486) (fa95fa3)
  • 5.0.3 - 2020-04-29

    5.0.3 (2020-04-29)

    Bug Fixes

  • 5.0.2 - 2020-04-16

    5.0.2 (2020-04-16)

    Bug Fixes

    • ci: stop the proxy before killing the child, handle errors (#3472) (abe9af6), closes #3464
  • 5.0.1 - 2020-04-10

    5.0.1 (2020-04-10)

    Bug Fixes

  • 5.0.0 - 2020-04-09

    5.0.0 (2020-04-09)

    Bug Fixes

    Code Refactoring

    Continuous Integration

    Features

    • docs: document DEFAULT_LISTEN_ADDR constant (#3443) (057d527), closes #2479
    • karma-server: added log to the server.js for uncaught exception (#3399) (adc6a66)
    • preprocessor: obey Pattern.isBinary when set (#3422) (708ae13), closes #3405

    BREAKING CHANGES

    • Karma plugins which rely on the fact that Karma uses Bluebird promises may break as Bluebird-specific API is no longer available on Promises returned by the Karma core
    • server: Deprecated createPreprocessor removed, karma-browserify < 7 version doesn't work
    • no more testing on node 8.
  • 4.4.1 - 2019-10-18

    Bug Fixes

    • deps: back to karma-browserstack-launcher 1.4 (#3361) (1cd87ad)
    • server: Add test coverage for config.singleRun true branch. (#3384) (259be0d)
    • if preprocessor is async function and doesn't return a content then await donePromise (#3387) (f91be24)
  • 4.4.0 - 2019-10-17
  • 4.3.0 - 2019-08-27
  • 4.2.0 - 2019-07-12
  • 4.1.0 - 2019-04-15
  • 4.0.1 - 2019-02-28
  • 4.0.0 - 2019-01-23
  • 3.1.4 - 2018-12-17
  • 3.1.3 - 2018-12-01
  • 3.1.2 - 2018-12-01
  • 3.1.1 - 2018-10-23
  • 3.1.0 - 2018-10-22
  • 3.0.0 - 2018-08-09
  • 2.0.5 - 2018-07-24
  • 2.0.4 - 2018-06-21
  • 2.0.3 - 2018-06-15
from karma GitHub release notes
Commit messages
Package name: follow-redirects The new version differs by 194 commits.
  • 35a517c Release version 1.15.6 of the npm package.
  • c4f847f Drop Proxy-Authorization across hosts.
  • 8526b4a Use GitHub for disclosure.
  • b1677ce Release version 1.15.5 of the npm package.
  • d8914f7 Preserve fragment in responseUrl.
  • 6585820 Release version 1.15.4 of the npm package.
  • 7a6567e Disallow bracketed hostnames.
  • 05629af Prefer native URL instead of deprecated url.parse.
  • 1cba8e8 Prefer native URL instead of legacy url.resolve.
  • 72bc2a4 Simplify _processResponse error handling.
  • 3d42aec Add bracket tests.
  • bcbb096 Do not directly set Error properties.
  • 192dbe7 Release version 1.15.3 of the npm package.
  • bd8c81e Fix resource leak on destroy.
  • 9c728c3 Split linting and testing.
  • d388fe2 build: harden ci.yml permissions
  • 9655237 Release version 1.15.2 of the npm package.
  • 6e2b86d Default to localhost if no host given.
  • 449e895 Throw invalid URL error on relative URLs.
  • e30137c Use type functions.
  • 76ea31f ternary operator syntax fix
  • 84c00b0 HTTP header lines are separated by CRLF.
  • d28bcbf Create SECURITY.md ([Snyk] Security upgrade tap from 5.8.0 to 18.0.0 #202)
  • 62a551c Release version 1.15.1 of the npm package.

See the full diff

Package name: karma The new version differs by 246 commits.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@Omrisnyk @snyk-bot