toddmotto / echo

Lazy-loading images with data-* attributes
http://toddmotto.com/labs/echo
3.72k stars 505 forks source link

[Snyk] Security upgrade karma from 0.12.37 to 4.2.0 #141

Open jonathan-fielding opened 3 years ago

jonathan-fielding commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 479/1000
Why? Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-GLOBPARENT-1016905
Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: karma The new version differs by 250 commits.
  • 42933c9 chore: release v4.2.0
  • db1ea57 chore: update contributors
  • a1049c6 chore: update eslint packages to latest and fix complaints (#3312)
  • 70b72a9 fix(logging): Util inspect for logging the config. (#3332)
  • 1087926 fix typo: (#3334)
  • 182c04d fix(reporter): format stack with 1-based column (#3325)
  • f0c4677 docs(travis): Correct the docs to also show how to do it on Xenial (#3316)
  • 3aea7ec chore(deps): update core-js -> ^3.1.3 (#3321)
  • 5e11340 chore: revert back to Mocha 4 (#3313)
  • 1205bce chore(test): fix flaky test cases (#3314)
  • 7f40349 Cleanup dependencies (#3309)
  • 7828bea chore: update braces and chokidar to latest versions (#3307)
  • fe9a1dd fix(server): Add error handler for webserver socket. (#3300)
  • 13ed695 chore: release v4.1.0
  • d844a48 chore: update contributors
  • ce6825f fix(client): Only create the funky object if message is not a string (#3298)
  • 7968db6 fix(client): Enable loading different file types when running in parent mode without iframe (#3289)
  • 6556ab4 fix(launcher): Log state transitions in debug (#3294)
  • 7eb48c5 fix(middleware): log invalid filetype (#3292)
  • c7ebf0b chore: release v4.0.1
  • c190c4a chore: update contributors
  • 375bb5e fix(filelist): correct logger name. (#3262)
  • c43f584 fix: remove vulnerable dependency combine-lists (#3273)
  • 4ec4f6f fix: remove vulnerable dependency expand-braces (#3270)
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: šŸ§ View latest project report

šŸ›  Adjust project settings

šŸ“š Read more about Snyk's upgrade and patch logic