Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade karma from 1.3.0 to 2.0.0 #397

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

snyk-bot
Copy link

@snyk-bot snyk-bot commented Jul 9, 2020

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • integrations/friendbuy/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
medium severity Prototype Pollution
SNYK-JS-LODASH-567746
Yes Proof of Concept
Commit messages
Package name: karma The new version differs by 192 commits.
  • db41e8e chore: release v2.0.0
  • 0a1a8ef chore: update contributors
  • 1afcb09 chore: add yarn.lock
  • f64e1e0 Merge pull request #2899 from outsideris/fix-bad-url-in-stacktrace
  • 78ad12f refactor(server): move compile step to first run
  • 34dc7d3 fix(reporter): show file path correctly when urlRoot specified
  • b53929a Merge pull request #2712 from macjohnny/patch-1
  • c9e1ca9 feat: better string representation of errors
  • 10fac07 Merge pull request #2885 from karma-runner/prep-2
  • 00e3f88 chore: remove yarn.lock for now
  • 60dfc5c feat: drop core-js and babel where possible
  • 0e1907d test: improve linting and fix test on node 4
  • af0efda test(e2e): update cucumber step definitions
  • c3ccc5d chore(ci): focus on even node versions
  • bf25094 chore(deps): update to latest
  • d93cc5f docs(config): Document port collision scenario.
  • 871d46f feat(launcher): trim whitespace in browser name
  • 99fd3f0 fix(config): Call debug log methods after setting the loglevel based upon config/cli-options.
  • 7bd54ed Merge pull request #2890 from reda-alaoui/patch-1
  • 91e916a docs(config): Document port collision scenario.
  • 334f9fb feat(launcher): trim whitespace in browser name
  • e23c0d4 Merge pull request #2837 from JakeChampion/logs
  • a340dae fix(config): Call debug log methods after setting the loglevel based upon config/cli-options.
  • 6d353dc docs: improve comments in config.tpl.*

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

This was referenced Mar 23, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant