[Snyk] Fix for 1 vulnerabilities

[aliscco]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • test/fixtures/qs-package/node_modules/snyk/node_modules/async/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-LODASH-6139239	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: jshint

The new version differs by 250 commits.

• d5c1a00 v2.9.6
• ab3ab85 [[FIX]] Do not warn about non-ambiguous linebreaks
• eaca85b [[CHORE]] Improve test coverage for ASI warning
• 0a66710 [[FIX]] Relax restriction on asgnmnt to arguments
• 3aa02db [[FIX]] Tolerate division following closing brace
• 55aa54e [[FIX]] Correct restriction on function name
• ff71d3c [[FIX]] Remove warning W100
• bcb3b23 [[CHORE]] Complete Lodash update (fix: remove vscode terminal error from go-plugin snyk/cli#3283)
• 030713d [[DOCS]] Introduce administration e-mail address
• 7993101 [[FIX]] Fix "is is" message typos
• 578575d Merge pull request fix: unmanaged cancelled jobs snyk/cli#3254 from mathiasbynens/unicode-10
• d763e70 Use old Unicode version for ES5 identifiers
• 77414e8 Update to Unicode v11
• 5995a9f [[FIX]] Restrict IdentifierNames in ES5 code
• f2ce8fe [[TEST]] Add regression test
• 8df4a32 [[FIX]] Correct spelling of Uint8ClampedArray
• 274d2be [[DOCS]] Add a code of conduct
• e0b4e91 [[CHORE]] Update to latest version of Lodash
• 6b7feae Merge branch 'master' into unicode-10
• 5276788 [[TEST]] Use `test262-stream`
• 98316fe [[TEST]] Extend Test262 "expectations" file
• 32aa96a [[TEST]] Reformat Test262 "expectations" file
• 3b125e5 Update identifier data to ES2015+ and Unicode 10
• 157a508 [[CHORE]] Correct linting violation

See the full diff

Package name: karma

The new version differs by 250 commits.

• db41e8e chore: release v2.0.0
• 0a1a8ef chore: update contributors
• 1afcb09 chore: add yarn.lock
• f64e1e0 Merge pull request [Snyk] Upgrade node-uuid from 1.4.0 to 1.4.8 snyk/cli#2899 from outsideris/fix-bad-url-in-stacktrace
• 78ad12f refactor(server): move compile step to first run
• 34dc7d3 fix(reporter): show file path correctly when urlRoot specified
• b53929a Merge pull request [Snyk] Fix for 1 vulnerabilities #2712 from macjohnny/patch-1
• c9e1ca9 feat: better string representation of errors
• 10fac07 Merge pull request [Snyk] Security upgrade python from 3.6-slim to 3.13.0rc2-slim #2885 from karma-runner/prep-2
• 00e3f88 chore: remove yarn.lock for now
• 60dfc5c feat: drop core-js and babel where possible
• 0e1907d test: improve linting and fix test on node 4
• af0efda test(e2e): update cucumber step definitions
• c3ccc5d chore(ci): focus on even node versions
• bf25094 chore(deps): update to latest
• d93cc5f docs(config): Document port collision scenario.
• 871d46f feat(launcher): trim whitespace in browser name
• 99fd3f0 fix(config): Call debug log methods after setting the loglevel based upon config/cli-options.
• 7bd54ed Merge pull request [Snyk] Security upgrade ember-cli from 0.2.7 to 5.12.0 #2890 from reda-alaoui/patch-1
• 91e916a docs(config): Document port collision scenario.
• 334f9fb feat(launcher): trim whitespace in browser name
• e23c0d4 Merge pull request [Snyk] Fix for 1 vulnerabilities #2837 from JakeChampion/logs
• a340dae fix(config): Call debug log methods after setting the loglevel based upon config/cli-options.
• 6d353dc docs: improve comments in config.tpl.*

See the full diff

Package name: karma-browserify

The new version differs by 45 commits.

• 1f03ab2 5.3.0
• 3d1ae96 chore(package): bump dev dependencies
• 1796716 chore(project): bump lodash dependency
• adce20f 5.2.0
• 2a60185 chore(project): support browserify @ 16
• cba9ba9 chore(lint): ignore example/node_modules
• 72af250 chore(example): bump browserify + watchify versions
• 573db5b 5.1.3
• ff944e7 chore(package): allow browserify@15
• 6e0fcce 5.1.2
• 88673c4 chore(npmignore): ignore dev configuration(s)
• 0fed147 chore(project): remove grunt + jshint
• 08141de chore(ci): test against node {4,6,8}
• 21bd468 chore(project): bump dev dependencies
• e42a5be chore(project): release v5.1.1
• dba0a80 chore(package): allow browserify@14
• a87c211 chore(project): release v5.1.0
• dc49a26 feat(bro): respect externalRequireName
• b963ae9 chore(project): add all task
• e1f85e0 test(bro): verify TypeScript compile error behavior
• 866680d chore(project): release v5.0.5
• b613c00 fix(project): add missing comma to pkg
• ae3d09f chore(project): remove node 0.10 / npm 1 support via pkg.engines / travis
• 1ea06cb chore(project): use broader semver ranges for peer deps

See the full diff

Package name: nyc

The new version differs by 172 commits.

• 3a9a4dc adds cache functionality, thanks @ jamestalmage \o/
• 4fe7f1f Merge pull request [Snyk] Security upgrade actionpack from 4.2.5 to 4.2.11.3 #119 from bcoe/cleanup
• 96915eb update changelog
• 09cac74 remove del dependency
• 7d41ab3 Merge pull request [Snyk] Security upgrade django from 1.6.1 to 2.2.24 #118 from bcoe/upgrade-spawn-wrap
• a2ab169 Merge pull request [Snyk] Security upgrade jinja2 from 2.7.2 to 2.11.3 #102 from jamestalmage/profiling-instructions
• 8cf8cec add profiling instructions
• e4d5c31 Merge pull request [Snyk] Security upgrade sanitize from 4.6.2 to 4.6.2 #108 from jamestalmage/caching-merge
• e664a65 update the changelog
• 1c4cfc7 switch to canonical version of spawn-wrap
• c3b47fc Record the hash in `hashCache` whether there was a cache miss or not.
• 4d4093b always check cache for source-map information.
• 03b958b Merge pull request [Snyk] Security upgrade json-schema from 0.2.2 to 0.4.0 #115 from bcoe/readme-nits
• c903a61 fix a couple minor nits I had with README.md
• 4553ce2 Merge pull request [Snyk] Security upgrade uglify-js from 2.4.24 to 3.14.3 #114 from isaacs/master
• 24e873b properly salt and hash the cache keys.
• 7247777 Update to latest versions of tap, glob, rimraf
• e29d0ae fix `_generateReport`
• 5ecd298 bump caching-transform
• 48c9510 run the tests twice. with and without cache
• c604d94 add enableCache flag
• 311fe2d use caching-transform
• 7fdbdda fix rebase to accomodate new Windows support
• f56b20b add test with contention for the cache

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution