[Snyk] Upgrade karma from 4.2.0 to 4.4.1

[snyk-bot]

Snyk has created this PR to upgrade karma from 4.2.0 to 4.4.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 3 versions ahead of your current version.
• The recommended version was released 2 years ago, on 2019-10-18.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-LODASH-608086	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-590103	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Command Injection SNYK-JS-LODASH-1040724	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-567746	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Denial of Service (DoS) SNYK-JS-HTTPPROXY-569139	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: karma

• 4.4.1 - 2019-10-18
  

  Bug Fixes

  • deps: back to karma-browserstack-launcher 1.4 (#3361) (1cd87ad)
  • server: Add test coverage for config.singleRun true branch. (#3384) (259be0d)
  • if preprocessor is async function and doesn't return a content then await donePromise (#3387) (f91be24)
• 4.4.0 - 2019-10-17
  

  Bug Fixes

  • runner: remove explicit error on all tests failed (#3369) (f8005c6), closes #3367

  Features

  • client: Add trusted types support (#3360) (019bfd4)
  • Preprocessor can return Promise (#3376) (3ffcd83)
  • config: add failOnSkippedTests option. (#3374) (4ed3af0)
  • config: clientDisplayNone sets client elements display none. (#3348) (6235e68)
  • deps: Remove core-js dependency. (#3379) (0d70809)
• 4.3.0 - 2019-08-27
  

  Bug Fixes

  • build: switch from yarn to package-lock.json (#3351) (6c5add2)
  • config: Simpilfy error proceesing. (#3345) (582a406), closes #3339
  • deps: lodash update. (#3341) (5614c04)
  • server: Simplify 'dom' inclusion. (#3356) (5f13e11)
  • test: test:client silently failing on Travis (#3343) (1489e9a), closes /travis-ci.org/karma-runner/karma/jobs/537027667#L1046
  • travis: Pin to trusty (#3347) (1c6c690)

  Features

  • async: frameworks can be loaded asynchronously (#3297) (177e2ef), closes #851
  • config: socket.io server pingTimeout config option. (#3355) (817fbbd)
  • preprocessor: preprocessor_priority execution order. (#3303) (c5f3560)
  • runner: feat(runner): (62d4c5a), closes #2121 #2799 #2121 #2799
• 4.2.0 - 2019-07-12
  

  Bug Fixes

  • logging: Util inspect for logging the config. (#3332) (70b72a9)
  • reporter: format stack with 1-based column (#3325) (182c04d), closes #3324
  • server: Add error handler for webserver socket. (#3300) (fe9a1dd)

from karma GitHub release notes

Commit messages

Package name: karma

• 25d415e chore: release v4.4.1
• 67ec618 chore: update contributors
• f91be24 fix: if preprocessor is async function and doesn't return a content then await donePromise (Fix #3356 and #3394 latex text layout for Japanese document sphinx-doc/sphinx#3387)
• 259be0d fix(server): Add test coverage for config.singleRun true branch. (autodoc support packages sphinx-doc/sphinx#3384)
• 1cd87ad fix(deps): back to karma-browserstack-launcher 1.4 (Ugly, break csv-table in latexpdf output sphinx-doc/sphinx#3361)
• df114e1 Refactor (How to use github pages from master /docs folder elegantly with sphinx sphinx-doc/sphinx#3382)
• fbad778 chore: release v4.4.0
• 5aa4361 chore: update contributors
• 4ed3af0 feat(config): add failOnSkippedTests option. (Update toctree.rst sphinx-doc/sphinx#3374)
• c7bab36 docs(commit-msg): Add failOnFailingTestSuite option to docs (Use Ubuntu/trusty for testing sphinx-doc/sphinx#3380)
• 0d70809 feat(deps): Remove core-js dependency. (Fix #3378: latex: Support :widths: option of table directives sphinx-doc/sphinx#3379)
• 3ffcd83 feat: Preprocessor can return Promise (Adding auto-generated page to toctree sphinx-doc/sphinx#3376)
• f8005c6 fix(runner): remove explicit error on all tests failed (Error: Sphinx requires at least Python 2.7 or 3.4 to run. sphinx-doc/sphinx#3369)
• f2eba15 chore: travis - upgrade on new version Ubuntu 16.04 (Lack of float support for right-aligned SVG figures in HTML documents (maybe a missing CSS class) sphinx-doc/sphinx#3371)
• eab7e5b chore(appveyor): Notification config. (Problem with rendering Sphinx substitutions sphinx-doc/sphinx#3375)
• 6235e68 feat(config): clientDisplayNone sets client elements display none. (literalinclude pyobject and decorators sphinx-doc/sphinx#3348)
• 019bfd4 feat(client): Add trusted types support (Man page generation bug sphinx-doc/sphinx#3360)
• fa6be15 chore: release v4.3.0
• 0ed9eba chore: update contributors
• 5f13e11 fix(server): Simplify 'dom' inclusion. (Page layout for Japanese manual docclass has a shorter text area sphinx-doc/sphinx#3356)
• 817fbbd feat(config): socket.io server pingTimeout config option. (Unable to properly format numpy argument for tuple. Guidance requested. sphinx-doc/sphinx#3355)
• c5f3560 feat(preprocessor): preprocessor_priority execution order. (Doctest execution only for specific Python versions sphinx-doc/sphinx#3303)
• 6c5add2 fix(build): switch from yarn to package-lock.json (intersphinx links must be fully qualified sphinx-doc/sphinx#3351)
• 1c6c690 fix(travis): Pin to trusty (Search is broken (as in: JS is broken) sphinx-doc/sphinx#3347)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs