turkdevops / karma-jasmine

A Karma plugin - adapter for Jasmine testing framework.
MIT License
0 stars 0 forks source link

[Snyk] Security upgrade karma from 5.0.8 to 6.0.0 #119

Open snyk-bot opened 2 years ago

snyk-bot commented 2 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
critical severity 776/1000
Why? Recently disclosed, Has a fix available, CVSS 9.8
Improper Input Validation
SNYK-JS-SOCKETIOPARSER-3091012
Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: karma The new version differs by 54 commits.
  • 3653caf chore(release): 6.0.0 [skip ci]
  • 04a811d fix(ci): abandon browserstack tests for Safari and IE (#3615)
  • 4bf90f7 feat(client): update banner with connection, test status, ping times (#3611)
  • 68c4a3a chore(test): run client tests without grunt wrapper (#3604)
  • fec972f fix(middleware): catch errors when loading a module (#3605)
  • 3fca456 fix(server): clean up close-server logic (#3607)
  • 1c9c2de fix(test): mark all second connections reconnects (#3598)
  • 87f7e5e chore(license): Update copyright notice to 2020 [ci skip] (#3568)
  • e6b045f chore(deps): npm audit fix the package-lock.json (#3603)
  • 3c649fa chore(build): remove obsolete Grunt tasks (#3602)
  • 8997b74 fix(test): clear up clearContext (#3597)
  • fe0e24a chore(build): unify client bundling scripts (#3600)
  • 1a65bf1 feat(server): remove deprecated static methods (#3595)
  • fb76ed6 chore(test): remove usage of deprecated buffer API (#3596)
  • 35a5842 feat(server): print stack of unhandledrejections (#3593)
  • 4a8178f fix(client): do not reset karmaNavigating in unload handler (#3591)
  • 603bbc0 feat(cli): error out on unexpected options or parameters (#3589)
  • 7a3bd55 feat: remove support for running dart code in the browser (#3592)
  • 1b9e1de fix(deps): bump socket-io to v3 (#3586)
  • 3fed0bc fix(cve): update yargs to 16.1.1 to fix cve-2020-7774 in y18n (#3578)
  • f819fa8 fix(cve): update ua-parser-js to 0.7.23 to fix CVE-2020-7793 (#3584)
  • 05dc288 fix(context): do not error when karma is navigating (#3565)
  • e5086fc docs: clarify `browser_complete` vs `run_complete`
  • ead31cd chore(release): 5.2.3 [skip ci]
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Improper Input Validation

guardrails[bot] commented 2 years ago

:warning: We detected 4 security issues in this pull request:

Mode: paranoid | Total findings: 4 | Considered vulnerability: 4

Vulnerable Libraries (4)
Severity | Details ----- | -------- Medium | [pkg:npm/ua-parser-js@0.7.32@0.7.32](https://github.com/turkdevops/karma-jasmine/blob/0ef3ba87f2c141515d5a165dc87a3bf8f84a50ec/package-lock.json#L7354) (t) - **no patch available** Critical | [pkg:npm/socket.io-parser@4.0.5@4.0.5](https://github.com/turkdevops/karma-jasmine/blob/0ef3ba87f2c141515d5a165dc87a3bf8f84a50ec/package-lock.json#L6911) (t) - **no patch available** Critical | [pkg:npm/socket.io@3.1.2@3.1.2](https://github.com/turkdevops/karma-jasmine/blob/0ef3ba87f2c141515d5a165dc87a3bf8f84a50ec/package-lock.json#L6871) (t) - **no patch available** Medium | [karma@6.0.0](https://github.com/turkdevops/karma-jasmine/blob/0ef3ba87f2c141515d5a165dc87a3bf8f84a50ec/package.json#L44) upgrade to: *>6.3.15* More info on how to fix Vulnerable Libraries in [JavaScript](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/using_vulnerable_libraries.html?utm_source=ghpr#).

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.