Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade karma from 5.1.1 to 6.3.4 #561

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

kopach
Copy link
Owner

@kopach kopach commented Feb 28, 2024

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 631/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.2
Missing Release of Resource after Effective Lifetime
SNYK-JS-INFLIGHT-6095116
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: karma The new version differs by 86 commits.
  • 2b71a3c chore(release): 6.3.4 [skip ci]
  • 36467a8 fix: bump production dependencies within SemVer ranges (#3682)
  • 943a6ac chore(release): 6.3.3 [skip ci]
  • f4aeac3 fix(server): clean up vestigial code from proxy (#3640)
  • 94cf15e docs: updates to the documentation to support new markdown renderer (#3672)
  • cc9420d chore: replace `init` scripts with a dependency on itself (#3674)
  • d0fad69 docs: add more information on `config.preprocessor_priority` (#3673)
  • 5176aff docs: Assorted link fixes (#3671)
  • 913682d chore(license): Update copyright notice to 2021 [ci skip] (#3667)
  • 267b477 chore(release): 6.3.2 [skip ci]
  • 0055bc5 fix: fix running tests in IE9 (#3668)
  • 026fff8 chore(release): 6.3.1 [skip ci]
  • c0962e3 fix(client): clearContext after complete sent (#3657)
  • 3eb7ee7 chore(release): 6.3.0 [skip ci]
  • 4c9097a feat: support asynchronous `config.set()` call in karma.conf.js (#3660)
  • d3ff91a test(plugins): add missing tests for plugin resolution logic (#3661)
  • a2bca0d chore(release): 6.2.0 [skip ci]
  • 39831b1 feat(plugins): add support wildcard config for scoped package plugin (#3659)
  • 10afab1 chore(release): 6.1.2 [skip ci]
  • 3fc6fda fix(commitlint): skip task on master (#3650)
  • 5bfcf5f fix: patch karma to allow loading virtual packages (#3663)
  • f52a071 chore(release): 6.1.1 [skip ci]
  • 99908c3 docs(plugins): add more information about plugins (#3649)
  • 474f4e1 fix(config): check extension before ts-node register (#3651)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

Copy link

codeclimate bot commented Feb 28, 2024

Code Climate has analyzed commit 4f21d1d and detected 0 issues on this pull request.

View more on Code Climate.

Copy link

sonarcloud bot commented Feb 28, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants