[Snyk] Fix for 2 vulnerabilities

[Omrisnyk]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • large-file/package.json
  • large-file/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	168/1000 Why? Confidentiality impact: High, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 2, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 7.03, Likelihood: 2.39, Score Version: V5	Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459	Yes	Proof of Concept
	125/1000 Why? Confidentiality impact: None, Integrity impact: High, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 0, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.08, Score Version: V5	Improper Verification of Cryptographic Signature SNYK-JS-BROWSERIFYSIGN-6037026	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: browserify-sign

• 4.2.2 - 2023-10-25
  

  v4.2.2

• 4.2.1 - 2020-08-04
  

  4.2.1

• 4.2.0 - 2020-05-18
  

  4.2.0

• 4.1.0 - 2020-05-05
  

  4.1.0

• 4.0.4 - 2017-03-28
  

  4.0.4

from browserify-sign GitHub release notes

Package name: karma

• 3.0.0 - 2018-08-09
  

  Bug Fixes

  • config: wait 20s for browser activity. (#3087) (88b977f)
  • config: Wait 30s for browser activity per Travis. (#3091) (f6d2f0e)
  • init: add "ChromeHeadless" to the browsers' options (#3096) (56fda53)
  • server: Exit clean on unhandledRejections. (#3092) (02f54c6), closes #3064
  • travis: Up the socket timeout 2->20s. (#3103) (732396a), closes #3102
  • travis: use the value not the key name. (#3097) (90f5546)
  • travis: validate TRAVIS_COMMIT if TRAVIS_PULL_REQUEST_SHA is not set. (#3094) (fba5d36)
  • travis: Validate TRAVIS_PULL_REQUEST_SHA rather than TRAVIS_COMMIT. (#3093) (a58fa45)

  BREAKING CHANGES

  Drop Support for Nodejs4 (#3082)

• 2.0.5 - 2018-07-24
  

  Bug Fixes

  • remove circular reference in Browser (518cb11), closes #3075
  • browser: ensure browser state is EXECUTING when tests start (#3074) (dc7265b), closes #1640
  • doc: Document release steps for admins (#3063) (a701732)
  • middleware: Obey the Promise API. (93ba05a)
  • server: pass bound port to preventEADDRINUSE issue. (#3065) (850a90b)

  Features

  • preprocessor: Allow preprocessor to handle binary files (#3054) (7b66e18)
• 2.0.4 - 2018-06-21
  

  Bug Fixes

  • deps: remove babel-core and babel call in wallaby. (#3044) (7da8ca0)
  • events: bind emitters with for..in. (#3059) (b99f03f), closes #3057
  • launcher: Only markCaptured browsers that are launched. (#3047) (f8f3ebc)
  • server: actually call stert(). (#3062) (40d836a)
  • server: Resurrect static function Server.start() lost in 2.0.3 (#3055) (c88ebc6)
• 2.0.3 - 2018-06-15
  

  Bug Fixes

  • BaseReporter: log message correctly with just one browser (#3045) (c1eb236)
  • browser: don't add already active socket again on reconnect (37a7958)
  • browser: filter browser logging by level (35965d9), closes #2228
  • browser: nicer "disconnect" - no more "Disconnectedundefined" (a987d63)
  • build: pin npm version in appveyor to v3, compat with node 4 (#2983) (bc1453e)
  • ci: Repaired AppVeyor for [email protected] (cbfd98c)
  • cli: override if an arg is defined multiple times (31eb2c2), closes #1192
  • cli: print UserAgent string verbatim if from an unknown browser (9d97226)
  • cli: restore shell completion in the npm package (f56b5a5), closes #2351
  • cli: Use bin field in package.json (6823926), closes #1351
  • client: add ES5 shim (14c30b7), closes #1529
  • client: add proxy support to stringify (be10116)
  • client: does not throws an error for non DOM object that has tagName property (ba55afb), closes #2139
  • client: don't crash if receive array-like results (e095411), closes #2061
  • client: dynamic protocol for socket.io (c986eef), closes #1400
  • client: Fix stringify serializing objects (0d0972a)
  • client: Revert back to old reloading detection (f1c22d6), closes #1656
  • client: serialise DOM objects (1f73be4), closes #1106
  • client: Update location detection for socket.io (7a23fa5)
  • client: Use supported shim path. (184f12e)
  • client: Wait for childwindow to load (c1bb15a)
  • client: Wait for iframe to be loaded (1631474), closes #1652
  • client.html: always open debug.html in a new browser process (d176bcf)
  • common: fix AppVeyor build (6c5e7d0)
  • common: more detailed info about error (424aacc)
  • common: Proxy function toString does not contain Proxy. (4fb3484)
  • common: stringify error on 'Cannot convert a Symbol value to a string' (#2990) (65b658a), closes #2856
  • config: #1113 Watching is not working properly on linux (c91ffbc)
  • config: add crossOriginAttribute config option (1e465b1)
  • config: Call debug log methods after setting the loglevel based upon config/cli-options. (a340dae)
  • config: Call debug log methods after setting the loglevel based upon config/cli-options. (99fd3f0)
  • config: corrects spelling in example config template (9fafc60)
  • config: Default remaining client options if any are set (632dd5e), closes #961
  • config: Error when browers option isn't array (b695460)
  • config: Log the final config just before use. (#3041) (05dd09a)
  • config: Retry install with appveyor-retry. (17d5791)
  • config: Workaround npm 5.4 windows bug (ec47d81)
  • context: Updated postMessage listener to stop validating non-Karma messages (306e565)
  • debug-runner: support asynchronous tests in the debug runner (a36f3eb), closes #2811
  • deps: freeze socket.io version (73e300d)
  • deps: Update dependencies (b9a4ce9), closes #1410
  • deps: Update log4js in package.json (#2996) (667b47e)
  • deps: update socket.io to version 2.0.3. (3b7b019), closes #2821 #2777
  • deps: Upgrade connect 3. (b490985), closes #1410
  • docs: fix stopper.stop wrong variable name. closes #2244 (0745a00)
  • docs: Remove mention of pre 1.0.0 version (#3010) (6847ca0)
  • eslint: Fix formatting for the new ESLint 1.8.0 (dc1bbab)
  • executor: ensure run_complete is emitted last (9c894f9), closes #2210
  • file_list: follow symlinks (ee26748)
  • file_list: Incorrect response after remove and add file (0dbc020)
  • file-list: always use file from first matcher (74bfdf3)
  • file-list: Ensure autowatchDelay is working (0f33268), closes #1520
  • file-list: Ensure autowatchDelay is working. (655599a), closes #1520
  • file-list: Ensure files are sorted and unique (9dc5f8b), closes #1498 #1499
  • file-list: ensure patterns are comparable (4d1bf3e), closes #2194
  • file-list: Normalize glob patterns (fb841a7), closes #1494
  • file-list: refresh resolves before 'file_list_modified' event (65f1eca), closes #1550
  • file-list: Stop polluting global environment with core-js (0988022)
  • file-list: Use correct find function (4cfaae9)
  • file-list: use lodash find() (3bd15a7), closes #1533
  • file-list: Use modified throttle instead of debounce (cb2aafb), closes #1545
  • files: Ignore included:false pattern (db42a7f), closes #1530
  • flaky-test: Add time to beforeEach() to allow plugins to load on first pass. (#3025) (31d9a08)
  • helper: Ensure browser detection is handled in the unkown case (9328f67)
  • helper: Patched replaceWinPath from choking on null values (caa4d21)
  • init: fix test-main.(js/coffee) generation (d8521ef), closes #1120 #896
  • init: Make the requirejs config template normalize paths (54dcce3), closes /github.com/karma-runner/karma/issues/513#issuecomment-48616784
  • karma: Escape quotes for file names. This fixes issue #1876. (9dff3f3)
  • launcher: Allow dynamic browser launches (2b7d703)
  • launcher: Continue with exit when SIGKILL fails (1eaccb4)
  • launcher: exclude concurrent browser on launcher restart (96f8f14), closes #2280
  • launcher: send sigkill on timeout when force killing (c615c1f)
  • launchers: Listen to the correct error event. (45a6922)
  • lint: exempt built files (#3024) (bc9acd3)
  • logging: Summarize SKIPPED tests in debug.html. (a01100f), closes #1111
  • logging: Upgrade to log4js 2.x API. (#2868) (f6f8707), closes #2858
  • middleware: Actually serve the favicon. (f12db63)
  • middleware: add file type to absolute urls (bd1f799)
  • middleware: avoid using deprecated Buffer API (018e6be), closes /nodejs.org/api/deprecations.html#deprecations_dep0005
  • middleware: change to use vanilla for loop (ac62cc0), closes #2671
  • middleware: Correct spelling of middleware logger name (9e9e7e6)
  • middleware: does not work with mootools (#2591) (2685e13)
  • middleware: ensure Range headers adhere more closely to RFC 2616 (8b1b4b1), closes #2310
  • middleware: fix WARN log when passing undefined error handler to promise.then (20b87de), closes #2227
  • middleware: Inject config.urlRoot. (569ca0e), closes #1516
  • middleware: update Buffer usage (3d94b8c)
  • package.json: sinon-chai 2.13 is not compatible with sinon 4.x (#2977) (e095b05)
  • preprocessor: Better handling of failing preprocessors (a2376b8), closes #1521
  • preprocessor: calculate sha1 on content returned from a preprocessor (6cf7955), closes #1204
  • preprocessor: Directory names with dots (4b5e094)
  • preprocessor: Improve handling of failed preprocessors (e726d1c), closes #1521
  • preprocessor: Lookup patterns once invoked (00a2781), closes #1340
  • preprocessor: renamed handeFile to readFileCallback (92a8c81)
  • preprocessor: retry if fs.readFile fails (4b60513)
  • preprocessor: Throw error if can't open file (bb4edde)
  • preprocessor: throw if retry fails (2789bf5)
  • preprocessor: treat *.gz files as binary (1b56932)
  • preprocessor: treat *.swf files as binary (62d7d38)
  • preprocessor: treat *.tgz, *.tbz2, *.txz & *.xz as binary (7b64244)
  • proxy: More useful proxyError log message (96640a7)
  • proxy: Pass protocol in target object to enable https requests (142db90)
  • proxy: Port mixup and infinite loop (05616a2), closes #1987
  • proxy: proxy to correct port (a483636)
  • reporter: Better handling of non string error (82f1c12), closes #1969 #1988
  • reporter: Disable source maps for URLs without line number (2080221), closes #1274
  • reporter: do not allow URL domains to span new lines (2c13404)
  • reporter: Enable sourcemaps for errors that without column # (086a542)
  • reporter: Ensure errors use the source map. (0407a22), closes #1495
  • reporter: Fix issue causing error stack not to be parsed correctly (ac4e1a9), closes #2930
  • reporter: inject correct config option (80bd726)
  • reporter: keep users exact formatError result (17c2c43)
  • reporter: preserve base/absolute word in error (b3798df)
  • reporter: remove console.log (b4e3694)
  • reporter: show file path correctly when urlRoot specified (34dc7d3), closes #2897
  • reporter: sourcemap not working in windows (a9516af), closes #1200
  • reporter: strip only hostname/port (fbbeccf), closes #2209
  • reporters: cannot read property map of undefined (305df2c), closes #1662
  • reporters: Fix results not being reported (6303566)
  • reporters: Revert the backwards-incompatible log priority order changes (316b944), closes #2582
  • reporters: Throwing error without loosing stack trace (8a515ae)
  • runner: Fix typo in CSS class name for .idle (fc5a7ce)
  • runner: Make process kill timeout configurable (ffaa054), closes #2447
  • runner: Make process kill timeout configurable - Fix Build (a128e5c), closes #2447
  • runner: Merge config.client.args with client.args provided by run (91de383), closes #1746
  • runner: Remove null characters from terminal output (3481500), closes #1343
  • runner: Test process kill timeout config (99a1d48), closes #2447
  • runner: Wait for file list refresh to finish before running (94cddc0)
  • server: check available port before start server (fix #1476, fix #3011) (a19b8d4)
  • server: complete acknowledgment (f4144b0)
  • server: exit with code 1 when failing due to missing browser (86e2ef2), closes #2403
  • server: Force clients disconnect on Windows (28239f4), closes #1109
  • server: Handle new socket.io internal format. (3ab78d6), closes #1782
  • server: log browser messages to the terminal (d1f924c), closes #2187
  • server: Remove Socket.IO listeners (c3f05ef), closes #2980
  • server: Start webserver and browsers after preprocessing completed (e0d2d23)
  • server: switch to sync write (6ec74ee)
  • server: Update timers for limited execution environments (9cfc1cd), closes #1519
  • socket.io: Force 0.9.16 which works with Chrome (840ee5f)
  • stringify: guard Symobl from IE (#3023) (538081c)
  • invalid characters in the headers on Node 5.6.0 (152337d)
  • test: locale in Expire header (db04cf0), closes #1741
  • test: update bundleResource test timeout (#3038) (d6060d4)
  • travis_ci: converted node versions as string (25ee6fc)
  • filter browser logging by level of LOG (89a7a1c), closes #2228
  • updater: Fix time unit on screen display from 'ms' to 'seconds'. (f39dd04)
  • a missed argument in a debug message (#3009) (af8c6e4)
  • Add crossorigin attribute to script HTML tags (5690ffe)
  • add emscripten memory image as binary suffix (f6b2b56)
  • call .resume to prevent browser output streams filling up (107cd02)
  • catch exceptions from SourceMapConsumer (5d42e64)
  • Change timing on test (0cb6204)
  • ignore jsVersion configuration property in Firefox 59+ (2694d54), closes #2957
  • make window.parent.karma available in debugged context (3e7eaeb)
  • Merge config child nodes on config.set() (65b688a), closes karma-runner/grunt-karma#165 karma-runner/grunt-karma#166
  • Remove inadvertently added dependency to mock-fs (ad5f6b5)
  • remove support of jsVersion configuration property (#3002) (2bb4e36), closes #2911
  • restore backward compatibility for [email protected] (648b357)
  • Safeguard IE against console.log (0b5ff8f), closes #1209
  • Setting default value for config in runner and stopper (414db89)
  • Switch all requires from fs to graceful-fs (1e21aaa)
  • upgrade http-proxy module for bug fixes (09c75fe)
  • Upgrade socket.io to 1.4.5 (2f51a9f)
  • UTs: Correct proxy listeners expectation (af9c84a)
  • watcher: Close file watchers on exit event (7181025)
  • watcher: handle paths on Windows (6164d86)
  • web-server: Allow karma to run in project which path contains HTML URL encoded characters. Karma fails on Jenkins when it checks out branches containing '/' as it converts it to '%2F'. Fixes errors seen on #1751, #61. (da1930f)
  • Wrap url.parse to always return an object for query property (72452e9), closes #1182
  • web-server: cache static files (eb5bd53)
  • web-server: Correctly update filesPromise on files updated (32eec8d)
  • web-server: Ensure filesPromise is always resolvable (892fa89), closes #1544
  • web-server: Restart disconnected browser in non-singleRun mode. (f6587dc)
  • web-server: Update config on every request (8ef475f), closes #1972

  Code Refactoring

  • context: Future-proofed context.html and debug.html for modularity (43f6a1a), closes #1984

  Features

  • Add stopper to the public API (3d4fa00)
  • add an option to run the tests by dynamically loading test scripts without iframe (aa42c41)
  • Add engine support for iojs@3. (eb1c8d2)
  • Add possibility to stop a karma server (66ae80b)
  • add support for node 6 (0b8dc2c)
  • add support for node@7 (eb407ab), closes #2559
  • adding support for before middleware (51b4206)
  • Allow custom browser names (60ba85f)
  • allow frameworks to add preprocessors (f6f5eec)
  • Allow frameworks to inject middleware (d972f3d)
  • better string representation of errors (c9e1ca9)
  • deprecate helper._ (5c6b151), closes #1812
  • Do not fail on empty test suite (8004763), closes #926
  • drop core-js and babel where possible (60dfc5c)
  • Fail on launcher-, reporter-, plugin-, or preprocessor-load errors. (fca930e), closes #855
  • serve ePub as binary files (82ed0c6)
  • api: add constants to the public api (ee10977), closes #2361
  • api: expose config.parseConfig on the public api (7d2c1ae)
  • browser: add browser_info event (09ac7d7), closes #2192
  • browser: Emit a browser error when a disconnect occurs. (e36ba6c)
  • ci: disable testing of node versions below 4 (ec92ea9)
  • cli: Add .config/karma.conf.js to the default lookup path (49bf1aa), closes #1387
  • cli: Better CLI args validation (73d31c2), closes #603
  • cli: Warn on commands with underscores. (0801a7f)
  • client: capture confirm & prompt (3a618b3), closes #694
  • client: log global error stack trace (523d608), closes #2812
  • config: Add forceJSONP option (8627d67)
  • config: Add a clearContext config to prevent clearing of context. (5fc8ee7)
  • config: Add configuration for adding javascript version. (0239c75), closes #1719
  • config: add nocache option for file patterns (6ef7e7b)
  • config: add restartOnFileChange option (1082f35)
  • config: add support for TypeScript (6445310)
  • config: allow config to be a default export (9976dce)
  • config: Allow custom context and debug files, with feature test and some specs. (225c0e5)
  • config: allow to use newer versions of CoffeeScript (c1fcf42)
  • config: mime config option support (d562383), closes #1735
  • config: Pass CLI arguments to karma.config.js. (70cf903), closes #1561
  • config: remove polling usage (b0f41c7), closes #2669
  • deps: add support for node@8 (ea32194), closes #2754
  • deps: add support for node@8 (7feaee3), closes #2754
  • deps: update socket.io to 1.7.4 to avoid issue with [email protected] (264442b), closes #2593
  • file-list: Upgrade bluebird to v.3 (f5c252f)
  • file-list: Use glob.sync for better speed (1b65cde)
  • grunt: run check_clean before starting release. (#2978) (a3ff6c8)
  • init: install coffee-script automatically (e876db6), closes #1152
  • launcher: Add concurrency limit (1741deb), closes #1465
  • launcher: Enable specification of retry-limit (cc5547c), closes #1126
  • launcher: output stderr for failing launchers (7d33398)
  • launcher: trim whitespace in browser name (334f9fb)
  • launcher: trim whitespace in browser name (871d46f)
  • logger: Add date/time stamp to log output (4a59443)
  • logger: Add date/time stamp to log output (a4b5cdd)
  • logging: Add colors and log-level options to run-command (9d4e234), closes #1067
  • logging: Add colors and log-level options to run-command (2d29165), closes #1067
  • logging: Add logging-setup function (