Skip to content

[Snyk] Security upgrade karma from 3.0.0 to 6.0.0 #928

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade karma from 3.0.0 to 6.0.0 #928

wants to merge 1 commit into from

Conversation

@adamlaska
Copy link
Owner

@adamlaska adamlaska commented Jun 18, 2024

This PR was automatically created by Snyk using the credentials of a real user.


![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)

Snyk has created this PR to fix 1 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

  • standalone-packages/codesandbox-browserfs/package.json
  • standalone-packages/codesandbox-browserfs/yarn.lock

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

Vulnerabilities that will be fixed with an upgrade:

Issue Score
high severity Denial of Service (DoS)
SNYK-JS-WS-7266574		   768  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS)

@snyk-bot
fix: standalone-packages/codesandbox-browserfs/package.json & standal…
178e6fd 
…one-packages/codesandbox-browserfs/yarn.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-WS-7266574
@google-cla
Copy link

google-cla bot commented Jun 18, 2024

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

@socket-security
Copy link

socket-security bot commented Jun 18, 2024

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@commitlint/[email protected] Transitive: filesystem +15 1.47 MB marionebl
npm/@commitlint/[email protected] None 0 8.13 kB marionebl
npm/@semantic-release/[email protected] filesystem +2 19.1 kB semantic-release-bot
npm/@semantic-release/[email protected] None +4 120 kB semantic-release-bot
npm/@semantic-release/[email protected] None 0 5.04 kB semantic-release-bot
npm/@semantic-release/[email protected] None +2 37.3 kB semantic-release-bot
npm/@semantic-release/[email protected] None +1 26.6 kB semantic-release-bot
npm/@types/[email protected] None 0 480 kB types
npm/[email protected] None 0 4.78 kB isaacs
npm/[email protected] network 0 34.2 kB tootallnate
npm/[email protected] network 0 33.6 kB fengmk2
npm/[email protected] None +3 17.6 kB nexdrew
npm/[email protected] None 0 5.35 kB thlorenz
npm/[email protected] None 0 14.7 kB iarna
npm/[email protected] None 0 33.9 kB kriskowal
npm/[email protected] Transitive: eval +1 73.3 kB hzoo
npm/[email protected] None 0 19.1 kB iarna
npm/[email protected] environment, eval 0 620 kB esailija
npm/[email protected] None +1 12.4 kB sindresorhus
npm/[email protected] None 0 2.7 kB juliangruber
npm/[email protected] None 0 10 kB jahewson
npm/[email protected] None 0 10.4 kB 75lb
npm/[email protected] environment, filesystem 0 102 kB zkat
npm/[email protected] None 0 5.08 kB iarna
npm/[email protected] None 0 4.32 kB sindresorhus
npm/[email protected] None 0 2.6 kB floatdrop
npm/[email protected] environment 0 24.7 kB sindresorhus
npm/[email protected] environment 0 11.8 kB watson
npm/[email protected] None 0 4.37 kB silverwind
npm/[email protected] None 0 8.51 kB shannonmoeller
npm/[email protected] None 0 3.15 kB sindresorhus
npm/[email protected] Transitive: environment +1 98 kB turbo87
npm/[email protected] None 0 0 B

🚮 Removed packages: npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected]

View full report↗︎

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

do-not-merge

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@adamlaska @snyk-bot