search

18F / fedramp-dashboard

https://marketplace.fedramp.gov
Creative Commons Zero v1.0 Universal
21 stars 19 forks source link

[Snyk] Security upgrade karma from 6.3.2 to 6.3.5 #172

Open JJediny opened 1 year ago

JJediny commented 1 year ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **661/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 7.5 | Denial of Service (DoS)
[SNYK-JS-ENGINEIO-3136336](https://snyk.io/vuln/SNYK-JS-ENGINEIO-3136336) | No | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: karma The new version differs by 17 commits.
  • 389d816 chore(release): 6.3.5 [skip ci]
  • 56cda53 chore: use karmarunnerbot's token for semantic-release actions
  • d69b77a chore(ci/client/browserstack): reduce the `captureTimeout`
  • 105da90 fix(client): prevent socket.io from hanging due to mocked clocks (#3695)
  • ab9ebf8 chore: add DOCS_GITHUB_TOKEN secret for updating karma documentation
  • 4b3b072 chore(ci/client/browserstack): modify concurrency and timeout settings
  • 67e4690 chore(cd): use GITHUB_TOKEN instead of GH_TOKEN
  • 9a99189 chore: migrate to GitHub Actions for CI (#3701)
  • 2b71a3c chore(release): 6.3.4 [skip ci]
  • 36467a8 fix: bump production dependencies within SemVer ranges (#3682)
  • 943a6ac chore(release): 6.3.3 [skip ci]
  • f4aeac3 fix(server): clean up vestigial code from proxy (#3640)
  • 94cf15e docs: updates to the documentation to support new markdown renderer (#3672)
  • cc9420d chore: replace `init` scripts with a dependency on itself (#3674)
  • d0fad69 docs: add more information on `config.preprocessor_priority` (#3673)
  • 5176aff docs: Assorted link fixes (#3671)
  • 913682d chore(license): Update copyright notice to 2021 [ci skip] (#3667)
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/tts/project/3cf7ef92-4c73-4460-8b00-da6842cbf980?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/tts/project/3cf7ef92-4c73-4460-8b00-da6842cbf980?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"02f0ec59-7cd0-4b33-a164-293696c4910f","prPublicId":"02f0ec59-7cd0-4b33-a164-293696c4910f","dependencies":[{"name":"karma","from":"6.3.2","to":"6.3.5"}],"packageManager":"npm","projectPublicId":"3cf7ef92-4c73-4460-8b00-da6842cbf980","projectUrl":"https://app.snyk.io/org/tts/project/3cf7ef92-4c73-4460-8b00-da6842cbf980?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-ENGINEIO-3136336"],"upgrade":["SNYK-JS-ENGINEIO-3136336"],"isBreakingChange":false,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore"],"priorityScoreList":[661]}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Denial of Service (DoS)](https://learn.snyk.io/lessons/redos/javascript/?loc=fix-pr)