[Snyk] Security upgrade karma from 4.0.1 to 5.0.8 #391

snyk-bot · 2021-01-08T03:28:33Z

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- packages/opencensus-web-exporter-ocagent/package.json
- packages/opencensus-web-exporter-ocagent/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Insecure Defaults SNYK-JS-SOCKETIO-1024859	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: karma

The new version differs by 126 commits.

16010eb chore(release): 5.0.8 [skip ci]
a409696 chore: remove unused `grunt lint` command (#3515)
47f1cb2 fix(dependencies): update to latest log4js major (#3514)
b60391f fix(dependencies): update and unlock socket.io dependency (#3513)
4d49948 chore(release): 5.0.7 [skip ci]
f399063 fix: detect type for URLs with query parameter or fragment identifier (#3509)
17b50bc chore(release): 5.0.6 [skip ci]
0cd696f fix(dependencies): update production dependencies (#3512)
7c24a03 chore: fix broken HTML markup in the changelog file (#3507)
fdc4f9d refactor(test): remove no debug matching option (#3504)
35d57e9 chore(release): 5.0.5 [skip ci]
e99da31 fix(cli): restore command line help contents (#3502)
4f2fe56 chore: add Node 14 to the build matrix (#3501)
100b227 refactor(test): move execKarma into the World (#3500)
f375884 refactor(test): reduce execKarma to a reasonable size (#3496)
a3d1f11 refactor(test): add common method to start server in background (#3495)
e4a5126 refactor(test): write config file in its own steps (#3494)
0bd5c2b refactor(test): adjust sandbox folder location and simplify config logic (#3493)
b788f94 refactor(test): extract proxy into a separate Given claim (#3492)
633f833 chore(release): 5.0.4 [skip ci]
810489d refactor(test): migrate Proxy to ES2015 (#3490)
fa95fa3 fix(browser): make sure that empty results array is still recognized (#3486)
255bf67 refactor(test): migrate World to ES2015 (#3489)
be5db67 chore(test): remove usage of deprecated defineSupportCode (#3488)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

…/opencensus-web-exporter-ocagent/package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-SOCKETIO-1024859

fix: packages/opencensus-web-exporter-ocagent/package.json & packages…

584017d

…/opencensus-web-exporter-ocagent/package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-SOCKETIO-1024859

snyk-bot requested review from draffensperger, johnbryan and mayurkale22 as code owners January 8, 2021 03:28

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Security upgrade karma from 4.0.1 to 5.0.8 #391

[Snyk] Security upgrade karma from 4.0.1 to 5.0.8 #391

snyk-bot commented Jan 8, 2021

[Snyk] Security upgrade karma from 4.0.1 to 5.0.8 #391

Are you sure you want to change the base?

[Snyk] Security upgrade karma from 4.0.1 to 5.0.8 #391

Conversation

snyk-bot commented Jan 8, 2021

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade: