[Snyk] Fix for 1 vulnerabilities

[smarkussen19]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • large-file/package.json
  • large-file/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	718/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: follow-redirects

The new version differs by 194 commits.

• 35a517c Release version 1.15.6 of the npm package.
• c4f847f Drop Proxy-Authorization across hosts.
• 8526b4a Use GitHub for disclosure.
• b1677ce Release version 1.15.5 of the npm package.
• d8914f7 Preserve fragment in responseUrl.
• 6585820 Release version 1.15.4 of the npm package.
• 7a6567e Disallow bracketed hostnames.
• 05629af Prefer native URL instead of deprecated url.parse.
• 1cba8e8 Prefer native URL instead of legacy url.resolve.
• 72bc2a4 Simplify _processResponse error handling.
• 3d42aec Add bracket tests.
• bcbb096 Do not directly set Error properties.
• 192dbe7 Release version 1.15.3 of the npm package.
• bd8c81e Fix resource leak on destroy.
• 9c728c3 Split linting and testing.
• d388fe2 build: harden ci.yml permissions
• 9655237 Release version 1.15.2 of the npm package.
• 6e2b86d Default to localhost if no host given.
• 449e895 Throw invalid URL error on relative URLs.
• e30137c Use type functions.
• 76ea31f ternary operator syntax fix
• 84c00b0 HTTP header lines are separated by CRLF.
• d28bcbf Create SECURITY.md ([Snyk] Fix for 4 vulnerabilities #202)
• 62a551c Release version 1.15.1 of the npm package.

See the full diff

Package name: karma

The new version differs by 246 commits.

• 16010eb chore(release): 5.0.8 [skip ci]
• a409696 chore: remove unused `grunt lint` command ([Snyk(Unlimited)] Upgrade sgr-composer from 0.5.0 to 0.5.3 snyk-fixtures/npm-lockfiles#3515)
• 47f1cb2 fix(dependencies): update to latest log4js major ([Snyk(Unlimited)] Upgrade term-ng from 0.8.1 to 0.8.5 snyk-fixtures/npm-lockfiles#3514)
• b60391f fix(dependencies): update and unlock socket.io dependency ([Snyk(Unlimited)] Upgrade lodash from 4.17.10 to 4.17.15 snyk-fixtures/npm-lockfiles#3513)
• 4d49948 chore(release): 5.0.7 [skip ci]
• f399063 fix: detect type for URLs with query parameter or fragment identifier ([Snyk(Unlimited)] Upgrade consolidate from 0.14.5 to 0.15.1 snyk-fixtures/npm-lockfiles#3509)
• 17b50bc chore(release): 5.0.6 [skip ci]
• 0cd696f fix(dependencies): update production dependencies ([Snyk(Unlimited)] Upgrade @thebespokepixel/string from 0.5.2 to 0.5.10 snyk-fixtures/npm-lockfiles#3512)
• 7c24a03 chore: fix broken HTML markup in the changelog file ([Snyk(Unlimited)] Upgrade cfenv from 1.1.0 to 1.2.2 snyk-fixtures/npm-lockfiles#3507)
• fdc4f9d refactor(test): remove no debug matching option ([Snyk(Unlimited)] Upgrade dustjs-helpers from 1.5.0 to 1.7.4 snyk-fixtures/npm-lockfiles#3504)
• 35d57e9 chore(release): 5.0.5 [skip ci]
• e99da31 fix(cli): restore command line help contents ([Snyk(Unlimited)] Upgrade dustjs-linkedin from 2.5.0 to 2.7.5 snyk-fixtures/npm-lockfiles#3502)
• 4f2fe56 chore: add Node 14 to the build matrix ([Snyk(Unlimited)] Upgrade st from 0.2.4 to 0.5.5 snyk-fixtures/npm-lockfiles#3501)
• 100b227 refactor(test): move execKarma into the World ([Snyk(Unlimited)] Upgrade errorhandler from 1.2.0 to 1.5.1 snyk-fixtures/npm-lockfiles#3500)
• f375884 refactor(test): reduce execKarma to a reasonable size ([Snyk(Unlimited)] Upgrade express from 4.12.4 to 4.17.1 snyk-fixtures/npm-lockfiles#3496)
• a3d1f11 refactor(test): add common method to start server in background ([Snyk(Unlimited)] Upgrade body-parser from 1.9.0 to 1.19.0 snyk-fixtures/npm-lockfiles#3495)
• e4a5126 refactor(test): write config file in its own steps ([Snyk(Unlimited)] Upgrade mongoose from 4.2.4 to 4.13.19 snyk-fixtures/npm-lockfiles#3494)
• 0bd5c2b refactor(test): adjust sandbox folder location and simplify config logic ([Snyk(Unlimited)] Upgrade consolidate from 0.14.5 to 0.15.1 snyk-fixtures/npm-lockfiles#3493)
• b788f94 refactor(test): extract proxy into a separate Given claim ([Snyk(Unlimited)] Upgrade humanize-ms from 1.0.1 to 1.2.1 snyk-fixtures/npm-lockfiles#3492)
• 633f833 chore(release): 5.0.4 [skip ci]
• 810489d refactor(test): migrate Proxy to ES2015 ([Snyk(Unlimited)] Upgrade adm-zip from 0.4.7 to 0.4.13 snyk-fixtures/npm-lockfiles#3490)
• fa95fa3 fix(browser): make sure that empty results array is still recognized ([Snyk(Unlimited)] Upgrade dustjs-linkedin from 2.5.0 to 2.7.5 snyk-fixtures/npm-lockfiles#3486)
• 255bf67 refactor(test): migrate World to ES2015 ([Snyk(Unlimited)] Upgrade cookie-parser from 1.3.3 to 1.4.4 snyk-fixtures/npm-lockfiles#3489)
• be5db67 chore(test): remove usage of deprecated defineSupportCode ([Snyk(Unlimited)] Upgrade dustjs-helpers from 1.5.0 to 1.7.4 snyk-fixtures/npm-lockfiles#3488)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.