[Snyk] Fix for 2 vulnerabilities

[aliscco]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • test/fixtures/qs-package/node_modules/snyk/node_modules/async/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	Yes	No Known Exploit
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: karma

The new version differs by 250 commits.

• 42933c9 chore: release v4.2.0
• db1ea57 chore: update contributors
• a1049c6 chore: update eslint packages to latest and fix complaints (Fix/v2 http proxy snyk/cli#3312)
• 70b72a9 fix(logging): Util inspect for logging the config. (feat: add support for requirements.txt files with BOM encoding snyk/cli#3332)
• 1087926 fix typo: ([Snyk] Security upgrade openjdk from 8-jdk-slim to 8-slim-buster snyk/cli#3334)
• 182c04d fix(reporter): format stack with 1-based column ([Snyk] Security upgrade python from 3.6-slim to 3.7.13-slim snyk/cli#3325)
• f0c4677 docs(travis): Correct the docs to also show how to do it on Xenial (fix: include the custom rules warning if feature flag is not enabled [CFG-1868] snyk/cli#3316)
• 3aea7ec chore(deps): update core-js -> ^3.1.3 (#3321)
• 5e11340 chore: revert back to Mocha 4 (chore: print a warning when the user uses paths outside CWD snyk/cli#3313)
• 1205bce chore(test): fix flaky test cases ([Snyk] Security upgrade python from 3.6-slim to 3.8-slim snyk/cli#3314)
• 7f40349 Cleanup dependencies (chore(ci): persist v2 artifacts in a single job snyk/cli#3309)
• 7828bea chore: update braces and chokidar to latest versions ([Snyk] Security upgrade python from 3.6-slim to 3.10-slim snyk/cli#3307)
• fe9a1dd fix(server): Add error handler for webserver socket. (chore: bump driftctl version snyk/cli#3300)
• 13ed695 chore: release v4.1.0
• d844a48 chore: update contributors
• ce6825f fix(client): Only create the funky object if message is not a string ([Snyk-dev] Security upgrade alpine from 3.12.0 to 3.12.12 snyk/cli#3298)
• 7968db6 fix(client): Enable loading different file types when running in parent mode without iframe (chore: bump driftctl version snyk/cli#3289)
• 6556ab4 fix(launcher): Log state transitions in debug (#3294)
• 7eb48c5 fix(middleware): log invalid filetype ([Snyk-dev] Security upgrade alpine from 3.12.0 to 3.14.6 snyk/cli#3292)
• c7ebf0b chore: release v4.0.1
• c190c4a chore: update contributors
• 375bb5e fix(filelist): correct logger name. (refactor: create only one project group per execution snyk/cli#3262)
• c43f584 fix: remove vulnerable dependency combine-lists (chore: remove unused FF from code snyk/cli#3273)
• 4ec4f6f fix: remove vulnerable dependency expand-braces (chore(ci): split build jobs snyk/cli#3270)

See the full diff

Package name: karma-browserify

The new version differs by 10 commits.

• 9081a68 chore(project): release v5.0.0
• 3417225 chore(project): add browserify 13 compatibility
• 47b8a43 docs(README): document browserify and watchify dependencies
• ffd145c chore(bro): make watchify an optional dependency
• 84138e2 chore(example): add explicit browserify/watchify versions
• b9ad424 chore(travis): test against stable Node.JS
• 6d91d86 chore(deps): depend on browserify + watchify as peer dependencies
• 1537cd7 Add missing dev dependencies
• 13e74e2 chore(deps): bump dependencies to latest version(s)
• ace2dfb feat(bro): throw bundle error in client

See the full diff

Package name: karma-mocha-reporter

The new version differs by 2 commits.

• f1b2eac chore: Release v2.0.0
• b638643 chore: move karma to peerDependencies

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Uncontrolled resource consumption