[Snyk] Fix for 1 vulnerabilities

[Omrisnyk]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • large-file/package.json
  • large-file/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity	Reachability
	160/1000 Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 0, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.67, Score Version: V5	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	Yes	Proof of Concept	No Path Found

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: follow-redirects

• 1.15.6 - 2024-03-14
  No content.
• 1.15.5 - 2024-01-12
  No content.
• 1.15.4 - 2023-12-30
  No content.
• 1.15.3 - 2023-09-19
  No content.
• 1.15.2 - 2022-09-13
  No content.
• 1.15.1 - 2022-05-26
  No content.
• 1.15.0 - 2022-05-03
  No content.
• 1.14.9 - 2022-02-18
  No content.
• 1.14.8 - 2022-02-08
  No content.
• 1.14.7 - 2022-01-10
  No content.
• 1.14.6 - 2021-12-08
• 1.14.5 - 2021-10-30
• 1.14.4 - 2021-09-14
• 1.14.3 - 2021-09-02
• 1.14.2 - 2021-08-18
• 1.14.1 - 2021-05-09
• 1.14.0 - 2021-04-25
• 1.13.3 - 2021-02-27
• 1.13.2 - 2021-01-25
• 1.13.1 - 2020-12-13
• 1.13.0 - 2020-08-10
• 1.12.1 - 2020-06-18
• 1.12.0 - 2020-06-16
• 1.11.0 - 2020-03-29
• 1.10.0 - 2020-01-26
• 1.9.1 - 2020-01-25
• 1.9.0 - 2019-09-06
• 1.8.1 - 2019-08-27
• 1.8.0 - 2019-08-27
• 1.7.0 - 2019-02-13
• 1.6.1 - 2019-01-03
• 1.6.0 - 2018-12-25
• 1.5.10 - 2018-11-19
• 1.5.9 - 2018-10-09
• 1.5.8 - 2018-09-11
• 1.5.7 - 2018-08-22
• 1.5.6 - 2018-08-21
• 1.5.5 - 2018-08-13
• 1.5.4 - 2018-08-13
• 1.5.3 - 2018-08-13
• 1.5.2 - 2018-08-01
• 1.5.1 - 2018-07-05
• 1.5.0 - 2018-05-19
• 1.4.1 - 2018-01-24

from follow-redirects GitHub release notes

Package name: karma

• 5.0.8 - 2020-05-18
  

  5.0.8 (2020-05-18)

  Bug Fixes

  • dependencies: update and unlock socket.io dependency (#3513) (b60391f)
  • dependencies: update to latest log4js major (#3514) (47f1cb2)
• 5.0.7 - 2020-05-16
  

  5.0.7 (2020-05-16)

  Bug Fixes

  • detect type for URLs with query parameter or fragment identifier (#3509) (f399063), closes #3497
• 5.0.6 - 2020-05-16
  

  5.0.6 (2020-05-16)

  Bug Fixes

  • dependencies: update production dependencies (#3512) (0cd696f)
• 5.0.5 - 2020-05-07
  

  5.0.5 (2020-05-07)

  Bug Fixes

  • cli: restore command line help contents (#3502) (e99da31), closes #3474
• 5.0.4 - 2020-04-30
  

  5.0.4 (2020-04-30)

  Bug Fixes

  • browser: make sure that empty results array is still recognized (#3486) (fa95fa3)
• 5.0.3 - 2020-04-29
  

  5.0.3 (2020-04-29)

  Bug Fixes

  • client: flush resultsBuffer on engine upgrade (#3212) (e44ca94), closes #3211
• 5.0.2 - 2020-04-16
  

  5.0.2 (2020-04-16)

  Bug Fixes

  • ci: stop the proxy before killing the child, handle errors (#3472) (abe9af6), closes #3464
• 5.0.1 - 2020-04-10
  

  5.0.1 (2020-04-10)

  Bug Fixes

  • file-list: do not define fs.statAsync (#3467) (55a59e7)
• 5.0.0 - 2020-04-09
  

  5.0.0 (2020-04-09)

  Bug Fixes

  • install semantic-release as a regular dev dependency (#3455) (1eaf35e)
  • ci: echo travis env that gates release after_success (#3446) (b8b2ed8)
  • ci: poll every 10s to avoid rate limit. (#3388) (91e7e00)
  • middleware/runner: handle file list rejections (#3400) (80febfb), closes #3396 #3396
  • server: cleanup import of the removed method (#3439) (cb1bcbf)
  • server: createPreprocessor was removed (#3435) (5c334f5)
  • server: detection new MS Edge Chromium (#3440) (7166ce2)
  • server: replace optimist on yargs lib (#3451) (ec1e69a), closes #2473
  • server: Report original error message (#3415) (79ee331), closes #3414

  Code Refactoring

  • use native Promise instead of Bluebird (#3436) (33a069f), closes /github.com/karma-runner/karma/pull/3060#discussion_r284797390

  Continuous Integration

  • drop node 8, adopt node 12 (#3430) (a673aa8)

  Features

  • docs: document DEFAULT_LISTEN_ADDR constant (#3443) (057d527), closes #2479
  • karma-server: added log to the server.js for uncaught exception (#3399) (adc6a66)
  • preprocessor: obey Pattern.isBinary when set (#3422) (708ae13), closes #3405

  BREAKING CHANGES

  • Karma plugins which rely on the fact that Karma uses Bluebird promises may break as Bluebird-specific API is no longer available on Promises returned by the Karma core
  • server: Deprecated createPreprocessor removed, karma-browserify < 7 version doesn't work
  • no more testing on node 8.
• 4.4.1 - 2019-10-18
  

  Bug Fixes

  • deps: back to karma-browserstack-launcher 1.4 (#3361) (1cd87ad)
  • server: Add test coverage for config.singleRun true branch. (#3384) (259be0d)
  • if preprocessor is async function and doesn't return a content then await donePromise (#3387) (f91be24)
• 4.4.0 - 2019-10-17
• 4.3.0 - 2019-08-27
• 4.2.0 - 2019-07-12
• 4.1.0 - 2019-04-15
• 4.0.1 - 2019-02-28
• 4.0.0 - 2019-01-23
• 3.1.4 - 2018-12-17
• 3.1.3 - 2018-12-01
• 3.1.2 - 2018-12-01
• 3.1.1 - 2018-10-23
• 3.1.0 - 2018-10-22
• 3.0.0 - 2018-08-09
• 2.0.5 - 2018-07-24
• 2.0.4 - 2018-06-21
• 2.0.3 - 2018-06-15

from karma GitHub release notes

Commit messages

Package name: follow-redirects

The new version differs by 194 commits.

• 35a517c Release version 1.15.6 of the npm package.
• c4f847f Drop Proxy-Authorization across hosts.
• 8526b4a Use GitHub for disclosure.
• b1677ce Release version 1.15.5 of the npm package.
• d8914f7 Preserve fragment in responseUrl.
• 6585820 Release version 1.15.4 of the npm package.
• 7a6567e Disallow bracketed hostnames.
• 05629af Prefer native URL instead of deprecated url.parse.
• 1cba8e8 Prefer native URL instead of legacy url.resolve.
• 72bc2a4 Simplify _processResponse error handling.
• 3d42aec Add bracket tests.
• bcbb096 Do not directly set Error properties.
• 192dbe7 Release version 1.15.3 of the npm package.
• bd8c81e Fix resource leak on destroy.
• 9c728c3 Split linting and testing.
• d388fe2 build: harden ci.yml permissions
• 9655237 Release version 1.15.2 of the npm package.
• 6e2b86d Default to localhost if no host given.
• 449e895 Throw invalid URL error on relative URLs.
• e30137c Use type functions.
• 76ea31f ternary operator syntax fix
• 84c00b0 HTTP header lines are separated by CRLF.
• d28bcbf Create SECURITY.md ([Snyk(Unlimited)] Upgrade lodash from 4.17.10 to 4.17.11 snyk-fixtures/npm-lockfiles#202)
• 62a551c Release version 1.15.1 of the npm package.

See the full diff

Package name: karma

The new version differs by 246 commits.

• 16010eb chore(release): 5.0.8 [skip ci]
• a409696 chore: remove unused `grunt lint` command ([Snyk(Unlimited)] Upgrade sgr-composer from 0.5.0 to 0.5.3 snyk-fixtures/npm-lockfiles#3515)
• 47f1cb2 fix(dependencies): update to latest log4js major ([Snyk(Unlimited)] Upgrade term-ng from 0.8.1 to 0.8.5 snyk-fixtures/npm-lockfiles#3514)
• b60391f fix(dependencies): update and unlock socket.io dependency ([Snyk(Unlimited)] Upgrade lodash from 4.17.10 to 4.17.15 snyk-fixtures/npm-lockfiles#3513)
• 4d49948 chore(release): 5.0.7 [skip ci]
• f399063 fix: detect type for URLs with query parameter or fragment identifier ([Snyk(Unlimited)] Upgrade consolidate from 0.14.5 to 0.15.1 snyk-fixtures/npm-lockfiles#3509)
• 17b50bc chore(release): 5.0.6 [skip ci]
• 0cd696f fix(dependencies): update production dependencies ([Snyk(Unlimited)] Upgrade @thebespokepixel/string from 0.5.2 to 0.5.10 snyk-fixtures/npm-lockfiles#3512)
• 7c24a03 chore: fix broken HTML markup in the changelog file ([Snyk(Unlimited)] Upgrade cfenv from 1.1.0 to 1.2.2 snyk-fixtures/npm-lockfiles#3507)
• fdc4f9d refactor(test): remove no debug matching option ([Snyk(Unlimited)] Upgrade dustjs-helpers from 1.5.0 to 1.7.4 snyk-fixtures/npm-lockfiles#3504)
• 35d57e9 chore(release): 5.0.5 [skip ci]
• e99da31 fix(cli): restore command line help contents ([Snyk(Unlimited)] Upgrade dustjs-linkedin from 2.5.0 to 2.7.5 snyk-fixtures/npm-lockfiles#3502)
• 4f2fe56 chore: add Node 14 to the build matrix ([Snyk(Unlimited)] Upgrade st from 0.2.4 to 0.5.5 snyk-fixtures/npm-lockfiles#3501)
• 100b227 refactor(test): move execKarma into the World ([Snyk(Unlimited)] Upgrade errorhandler from 1.2.0 to 1.5.1 snyk-fixtures/npm-lockfiles#3500)
• f375884 refactor(test): reduce execKarma to a reasonable size ([Snyk(Unlimited)] Upgrade express from 4.12.4 to 4.17.1 snyk-fixtures/npm-lockfiles#3496)
• a3d1f11 refactor(test): add common method to start server in background ([Snyk(Unlimited)] Upgrade body-parser from 1.9.0 to 1.19.0 snyk-fixtures/npm-lockfiles#3495)
• e4a5126 refactor(test): write config file in its own steps ([Snyk(Unlimited)] Upgrade mongoose from 4.2.4 to 4.13.19 snyk-fixtures/npm-lockfiles#3494)
• 0bd5c2b refactor(test): adjust sandbox folder location and simplify config logic ([Snyk(Unlimited)] Upgrade consolidate from 0.14.5 to 0.15.1 snyk-fixtures/npm-lockfiles#3493)
• b788f94 refactor(test): extract proxy into a separate Given claim ([Snyk(Unlimited)] Upgrade humanize-ms from 1.0.1 to 1.2.1 snyk-fixtures/npm-lockfiles#3492)
• 633f833 chore(release): 5.0.4 [skip ci]
• 810489d refactor(test): migrate Proxy to ES2015 ([Snyk(Unlimited)] Upgrade adm-zip from 0.4.7 to 0.4.13 snyk-fixtures/npm-lockfiles#3490)
• fa95fa3 fix(browser): make sure that empty results array is still recognized ([Snyk(Unlimited)] Upgrade dustjs-linkedin from 2.5.0 to 2.7.5 snyk-fixtures/npm-lockfiles#3486)
• 255bf67 refactor(test): migrate World to ES2015 ([Snyk(Unlimited)] Upgrade cookie-parser from 1.3.3 to 1.4.4 snyk-fixtures/npm-lockfiles#3489)
• be5db67 chore(test): remove usage of deprecated defineSupportCode ([Snyk(Unlimited)] Upgrade dustjs-helpers from 1.5.0 to 1.7.4 snyk-fixtures/npm-lockfiles#3488)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.