[Snyk] Fix for 18 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-ENGINEIO-1056749	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Prototype Pollution SNYK-JS-LODASH-590103	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	No Known Exploit
	434/1000 Why? Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Insecure Defaults SNYK-JS-SOCKETIO-1024859	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-SOCKETIOPARSER-1056752	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:jasmine-core:20180216	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: jasmine-core

The new version differs by 109 commits.

• 557fb4e proper links in release notes
• ee52023 Bump version to 3.1
• 91296a4 Remove Safari 7 from Travis matrix
• 1923461 Ignore more browser fields when formatting Errors
• 71116d3 don't lock to 2.99 in dev
• 63cc7ca Use Jasmine's arrayContains, instead of includes for better support
• fdecf02 Merge branch 'print_exception_properties' of https://github.com/jbunton-atlassian/jasmine into jbunton-atlassian-print_exception_properties
• 11f4d89 Merge branch 'node-load-errors'
• 1149d4e Use j$.pp instead of JSON.stringify() for pretty printing
• 9ee85c3 Remove duplicate ignored property
• 0367ca5 Merge branch 'patch-closing-statement' of https://github.com/Sylhare/jasmine
• 763a83c Display error properties for failed specs
• 7fb53dc Fixing missing semi-colons
• a9a112e Fixed release notes link
• 0184808 Updated README for 3.0
• 1ac2a6f Allow node to report load time errors
• 785f62c Fix naming and check functions for empty/notEmpty specs
• d8c154a Update empty and notEmpty specs for better IE11 support
• c974c47 Merge branch 'master' of https://github.com/sjolicoeur/jasmine into sjolicoeur-master
• 2b27bd3 Add API docs for async reporters
• 3b77f38 Return <anonymous> for functions that have no actual words between keyword and (
• 1182757 Moved toHaveClass matcher into core so that it can be used in Karma
• 8326ecf Merge branch 'deprecation-object' of https://github.com/UziTech/jasmine into UziTech-deprecation-object
• cd6a0de Merge pull request #1505 from codetriage-readme-bot/codetriage-badge

See the full diff

Package name: karma

The new version differs by 250 commits.

• 3653caf chore(release): 6.0.0 [skip ci]
• 04a811d fix(ci): abandon browserstack tests for Safari and IE (#3615)
• 4bf90f7 feat(client): update banner with connection, test status, ping times (#3611)
• 68c4a3a chore(test): run client tests without grunt wrapper (#3604)
• fec972f fix(middleware): catch errors when loading a module (#3605)
• 3fca456 fix(server): clean up close-server logic (#3607)
• 1c9c2de fix(test): mark all second connections reconnects (#3598)
• 87f7e5e chore(license): Update copyright notice to 2020 [ci skip] (#3568)
• e6b045f chore(deps): npm audit fix the package-lock.json (#3603)
• 3c649fa chore(build): remove obsolete Grunt tasks (#3602)
• 8997b74 fix(test): clear up clearContext (#3597)
• fe0e24a chore(build): unify client bundling scripts (#3600)
• 1a65bf1 feat(server): remove deprecated static methods (#3595)
• fb76ed6 chore(test): remove usage of deprecated buffer API (#3596)
• 35a5842 feat(server): print stack of unhandledrejections (#3593)
• 4a8178f fix(client): do not reset karmaNavigating in unload handler (#3591)
• 603bbc0 feat(cli): error out on unexpected options or parameters (#3589)
• 7a3bd55 feat: remove support for running dart code in the browser (#3592)
• 1b9e1de fix(deps): bump socket-io to v3 (#3586)
• 3fed0bc fix(cve): update yargs to 16.1.1 to fix cve-2020-7774 in y18n (#3578)
• f819fa8 fix(cve): update ua-parser-js to 0.7.23 to fix CVE-2020-7793 (#3584)
• 05dc288 fix(context): do not error when karma is navigating (#3565)
• e5086fc docs: clarify `browser_complete` vs `run_complete`
• ead31cd chore(release): 5.2.3 [skip ci]

See the full diff

Package name: watchify

The new version differs by 9 commits.

• 7b27a3c 4.0.0
• 5d4842a bump deps (#380)
• b840f29 disable package-lock.json
• bae5e02 update chokidar and anymatch (#378)
• 3445775 ci: use github actions (#379)
• f79e59f Change URLs from "Substack" (someones personal site & acc) to "browserify" (#369)
• bd2f677 ci: run on more node versions
• 563a90d Merge pull request #367 from Trott/update-readme-badge
• bb2b429 chore: Fix Travis-CI badge in readme.markdown

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic