[Snyk] Fix for 14 vulnerabilities

[aliscco]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • node_modules/js-yaml/node_modules/esprima/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	584/1000 Why? Has a fix available, CVSS 7.4	Directory Traversal SNYK-JS-ADMZIP-1065796	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-SOCKETIOPARSER-1056752	Yes	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Improper Input Validation SNYK-JS-SOCKETIOPARSER-3091012	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-USERAGENT-174737	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:parsejson:20170908	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: karma

The new version differs by 250 commits.

• 1b48637 chore(release): 5.0.0 [skip ci]
• a5dbe89 Update issue templates (#3460)
• 1074f38 chore(ci): rely on karma-runnre/integration-tests for saucelabs config (#3462)
• 4d45cf0 chore(ci): remove more old connection security stuffs (#3459)
• be76fcc chore(ci): use travis UI for sauce config (#3458)
• a04a542 chore(ci): remove secure encryption var (#3457)
• 1eaf35e fix: install semantic-release as a regular dev dependency (#3455)
• 0647109 docs: Fix simple typo, overriden -> overridden (#3453)
• ec1e69a fix(server): replace optimist on yargs lib (#3451)
• ffad7fa refactor(launcher): use class syntax (#3437)
• 7166ce2 fix(server): detection new MS Edge Chromium (#3440)
• b8b2ed8 fix(ci): echo travis env that gates release after_success (#3446)
• 33a069f refactor: use native Promise instead of Bluebird (#3436)
• 131d154 refactor: drop safe-buffer dependency in favor of native Buffer (#3438)
• cb1bcbf fix(server): cleanup import of the removed method (#3439)
• 5c334f5 fix(server): createPreprocessor was removed (#3435)
• d7128d4 refactor(server): remove PromiseContainer class (#3416)
• 057d527 feat(docs): document `DEFAULT_LISTEN_ADDR` constant (#3443)
• a673aa8 ci: drop node 8, adopt node 12 (#3430)
• 9eb6436 chore(server): Convert PromiseContainer to object and remove (#3401)
• 0856234 chore(travis): release on node 10 success (#3428)
• 708ae13 feat(preprocessor): obey Pattern.isBinary when set (#3422)
• 00d536f chore(test): logLevel debug in proxy test (#3427)
• da9d8bd chore(docs): delete PULL_REQUEST_TEMPLATE.md

See the full diff

Package name: karma-sauce-launcher

The new version differs by 65 commits.

• 18420c8 chore(release): 4.1.5 [skip ci]
• 7e75e17 fix: Update sauce lib ([Snyk] Fix for 17 vulnerabilities #207)
• b1cf182 docs(readme): add semantic-release badge to README ([Snyk] Fix for 4 vulnerabilities #178)
• 498d084 chore(release): 4.1.4 [skip ci]
• 10e93cc fix: remove heartbeat function ([Snyk] Security upgrade mocha from 7.2.0 to 10.1.0 #205)
• c23ba6a Revert 74eea92 ([Snyk] Security upgrade mocha from 6.2.3 to 10.1.0 #204)
• befef86 chore(release): 4.1.3 [skip ci]
• b1c589b fix(release): Replace calls to renamed `.title()` with `.getTitle()`
• 75b4d9d added null check ([Snyk] Fix for 5 vulnerabilities #199)
• f70a032 chore(release): 4.1.2 [skip ci]
• 65210f2 fix: no need to copy package.json to dist ([Snyk] Security upgrade mocha from 2.2.1 to 10.1.0 #196)
• 76978ef chore(release): 4.1.1 [skip ci]
• f99a0e1 fix: add files field to package.json ([Snyk] Fix for 11 vulnerabilities #194)
• bf74e7c chore(release): add npmignore to allow dist/ to publish ([Snyk] Security upgrade tap from 5.8.0 to 14.6.8 #193)
• be82044 chore(release): 4.1.0 [skip ci]
• d4f7649 feat(release): add build step to semantic-release in Travis ([Snyk] Security upgrade mocha from 6.2.3 to 10.1.0 #192)
• 09e1288 chore(release): 4.0.0 [skip ci]
• 64217e4 chore(release): force-trigger a semantic release ([Snyk] Fix for 14 vulnerabilities #189)
• a5dc780 chore(release): add npm publish config to semantic-release ([Snyk] Fix for 3 vulnerabilities #188)
• d79e9d1 chore(node): drop support for Node 8 ([Snyk] Security upgrade tap from 7.1.2 to 15.0.0 #186)
• 17c5073 docs(readme): add semantic-release badge to README ([Snyk] Fix for 2 vulnerabilities #185)
• 6b29f29 chore(release): 2.0.0 [skip ci]
• 869b7fd Merge pull request [Snyk] Fix for 20 vulnerabilities #184 from karma-runner/rcebulko-stable
• a7f3203 chore(semantic-release): update node version check in travis

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 4be093d 2.2.0
• 2278469 2.2.0-rc.8
• b946eb4 Merge pull request #3988 from malstoun/bug/2664
• 260e413 Merge pull request #3986 from webpack/bugfix/revert_use_of_buffer_dot_from
• 0ec7de9 Fix regression with watch cli opt, add tests for this case
• 72226db add missing disable line
• 4d30675 build fresh yarn.lock file to remove buffer polyfill
• 91c1f35 fix(node): rollback changes of Buffer.from to new Buffer() and bump down travis to 4.3 min node v
• 0b47602 2.2.0-rc.7
• db6ccbc Merge pull request #3978 from webpack/bugfix/conditional-reexports
• 82a5b03 Merge pull request #3977 from malstoun/bug/2664
• fc1a43b Merge pull request #3976 from timse/rely-on-defaults
• a44694a hoist exports declarations too
• 682bde8 Fix lint
• c6d7d90 Add tests
• af8d49e remove defaults values to shave a few bytes
• 9796696 2.2.0-rc.6
• e9bdb05 Merge pull request #3971 from webpack/bugfix/fix_available_vars_in_fmtp
• bd45bdc add test case for global in harmony modules
• bfccb20 fix PR
• 5a3a23f fix(nmf): Fix exports for var injection to include free glob exports or arguments
• 437dce4 2.2.0-rc.5
• 91cb1df Merge pull request #3970 from webpack/ci/appveyor
• 9fd55e5 Merge pull request #3969 from webpack/bugfix/issue-3964

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Directory Traversal
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn