[Snyk] Fix for 30 vulnerabilities

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches. Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Issue	Breaking Change	Exploit Maturity
Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255	Yes	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	Yes	Proof of Concept
Denial of Service (DoS) SNYK-JS-AXIOS-174505	Yes	Proof of Concept
Denial of Service (DoS) SNYK-JS-ENGINEIO-1056749	Yes	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
Cross-site Scripting (XSS) SNYK-JS-KARMA-2395349	Yes	Proof of Concept
Open Redirect SNYK-JS-KARMA-2396325	Yes	No Known Exploit
Information Exposure SNYK-JS-LOG4JS-2348757	Yes	No Known Exploit
Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
Command Injection SNYK-JS-NODEMAILER-1038834	Yes	Proof of Concept
HTTP Header Injection SNYK-JS-NODEMAILER-1296415	Yes	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-REDIS-1255645	Yes	No Known Exploit
Insecure Defaults SNYK-JS-SOCKETIO-1024859	Yes	Proof of Concept
Denial of Service (DoS) SNYK-JS-SOCKETIOPARSER-1056752	Yes	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	Yes	Proof of Concept
XML External Entity (XXE) Injection SNYK-JS-XMLDOM-1084960	No	No Known Exploit
Arbitrary Code Injection SNYK-JS-XMLHTTPREQUESTSSL-1082936	Yes	Proof of Concept
Access Restriction Bypass SNYK-JS-XMLHTTPREQUESTSSL-1255647	Yes	Proof of Concept
Regular Expression Denial of Service (ReDoS) npm:braces:20180219	No	Proof of Concept
Uninitialized Memory Exposure npm:concat-stream:20160901	Yes	Mature

Commit messages

Package name: jasmine-reporters

The new version differs by 9 commits.

a0110b7 Merge pull request #202 from JS31096/master
ef4ae5f Update package.json
89ca9b0 chore: bump package version to 2.3.3
0c724ca Update package.json
4487b61 2.3.2
f9e2b26 (JUnitXMLReporter) add `options.suppressDisabled` to exclude `disabled=".."` from XML output (#190)
f3e94f5 * JUnit: report total time in seconds, not milliseconds
67f762e Merge pull request #188 from alistairjcbrown/total-time-seconds
e4131a5 Calculate total time in seconds

See the full diff

Package name: karma

The new version differs by 250 commits.

ab4b328 chore(release): 6.3.16 [skip ci]
ff7edbb fix(security): mitigate the "Open Redirect Vulnerability"
c1befa0 chore(release): 6.3.15 [skip ci]
d9dade2 fix(helper): make mkdirIfNotExists helper resilient to concurrent calls
653c762 ci: prevent duplicate CI tasks on creating a PR
c97e562 chore(release): 6.3.14 [skip ci]
91d5acd fix: remove string template from client code
69cfc76 fix: warn when `singleRun` and `autoWatch` are `false`
839578c fix(security): remove XSS vulnerability in `returnUrl` query param
db53785 chore(release): 6.3.13 [skip ci]
5bf2df3 fix(deps): bump log4js to resolve security issue
36ad678 chore(release): 6.3.12 [skip ci]
41bed33 fix: remove depreciation warning from log4js
c985155 docs: create security.md
c96f0c5 chore(release): 6.3.11 [skip ci]
a5219c5 fix(deps): pin colors package to 1.4.0 due to security vulnerability
de0df2f test: fix version regex in the CLI test case
eddb2e8 chore(release): 6.3.10 [skip ci]
0d24bd9 fix(logger): create parent folders if they are missing
b8eafe9 chore(release): 6.3.9 [skip ci]
cf318e5 test: add test case for restarting test run on file change
92ffe60 fix: restartOnFileChange option not restarting the test run
b153355 style: fix grammar error in browser capture log message
8f798d5 chore(release): 6.3.8 [skip ci]

See the full diff

With a Snyk patch:

Severity	Issue	Exploit Maturity
	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No Known Exploit
	Prototype Pollution npm:extend:20180424	No Known Exploit
	Prototype Pollution npm:hoek:20180212	Proof of Concept
	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	No Known Exploit
	Remote Memory Exposure npm:request:20160119	No Known Exploit
	Uninitialized Memory Exposure npm:stringstream:20180511	Mature
	Regular Expression Denial of Service (ReDoS) npm:tough-cookie:20170905	No Known Exploit
	Uninitialized Memory Exposure npm:tunnel-agent:20170305	Proof of Concept

Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the effected dependencies could be upgraded.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Server-Side Request Forgery (SSRF) 🦉 Cross-site Scripting (XSS) 🦉 Open Redirect 🦉 More lessons are available in Snyk Learn