[Snyk] Fix for 5 vulnerabilities

[aliscco]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • test/fixtures/qs-package/node_modules/snyk/node_modules/request/package.json
  • test/fixtures/qs-package/node_modules/snyk/node_modules/request/.snyk

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:eslint:20180222	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Yes	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	Yes	No Known Exploit
	576/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.1	Uninitialized Memory Exposure npm:tunnel-agent:20170305	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: eslint

The new version differs by 250 commits.

• 22ff6f3 4.18.2
• 817b84b Build: changelog update for 4.18.2
• 6b71fd0 Fix: table@4.0.2, because 4.0.3 needs "ajv": "^6.0.1" (#10022)
• 3c697de Chore: fix incorrect comment about linter.verify return value (#10030)
• 9df8653 Chore: refactor parser-loading out of linter.verify (#10028)
• f6901d0 Fix: remove catastrophic backtracking vulnerability (fixes #10002) (#10019)
• e4f52ce Chore: Simplify dataflow in linter.verify (#10020)
• 33177cd Chore: make library files non-executable (#10021)
• 558ccba Chore: refactor directive comment processing (#10007)
• 18e15d9 Chore: avoid useless catch clauses that just rethrow errors (#10010)
• a1c3759 Chore: refactor populating configs with defaults in linter (#10006)
• aea07dc Fix: Make max-len ignoreStrings ignore JSXText (fixes #9954) (#9985)
• 8c237d8 4.18.1
• 537b5c3 Build: changelog update for 4.18.1
• f417506 Fix: ensure no-await-in-loop reports the correct node (fixes #9992) (#9993)
• 3e99363 Docs: Fixed typo in key-spacing rule doc (#9987)
• 7c2cd70 Docs: deprecate experimentalObjectRestSpread (#9986)
• 883a2a2 4.18.0
• 89d55ca Build: changelog update for 4.18.0
• 70f22f3 Chore: Apply memoization to config creation within glob utils (#9944)
• 0e4ae22 Update: fix indent bug with binary operators/ignoredNodes (fixes #9882) (#9951)
• 47ac478 Update: add named imports and exports for object-curly-newline (#9876)
• e8efdd0 Fix: support Rest/Spread Properties (fixes #9885) (#9943)
• f012b8c Fix: support Async iteration (fixes #9891) (#9957)

See the full diff

Package name: hawk

The new version differs by 23 commits.

• 57ebb93 Merge branch 'master' of github.com:hueniverse/hawk
• cf359f5 Normalize time methods. Closes [Snyk] Security upgrade django from 2.0.1 to 2.2.26 #184
• 8851f6c Merge pull request [Snyk] Security upgrade python from 3.6-slim to 3.7.12-slim #183 from hiyosi/master
• 506467f Add a implementation link.
• 97f3f21 Merge pull request [Snyk] Security upgrade node-fetch from 2.6.0 to 3.1.1 #179 from geek/patch-1
• bb0dd40 Typo
• 936f46f Merge pull request [Snyk] Security upgrade node-fetch from 2.6.0 to 3.1.1 #177 from gergoerdosi/readme
• 92eecbf Remove HTML tags
• e3f071a Merge pull request [Snyk] Security upgrade marked from 0.3.5 to 4.0.10 #174 from a-r-d/master
• c370a8c update readme - occuring -> occurring
• f9ee7fd Bupm version to fix npm issue
• 0833f99 Fix minor DoS attack on long headers or uris. Closes [Snyk] Security upgrade sanitize from 4.6.2 to 5.2.1 #168
• b5d51eb client.authenticate() callback. Closes [Snyk] Security upgrade actionpack from 4.2.5 to 4.2.5 #165. Closes [Snyk] Security upgrade actionpack from 4.2.5 to 4.2.5 #166
• 6ea996d Linting
• ab5d2b5 Merge pull request [Snyk] Security upgrade django from 1.6.1 to 2.2.26 #159 from jeduan/master
• 7968197 Fixes build for browser clients
• 73938ee Merge pull request [Snyk] Security upgrade django from 1.6.1 to 2.2.26 #156 from edmorley/update-travis-badge
• 1fdfc63 Update the README Travis badge to use the new preferred URLs
• fae8544 version
• a4486be noise
• 4fc847c ES5 build. Closes [Snyk] Security upgrade django from 1.6.1 to 2.2.26 #154
• 0e3621b node4
• e011181 es6. Closes [Snyk] Security upgrade django from 2.0.1 to 2.2.26 #153

See the full diff

Package name: karma

The new version differs by 73 commits.

• db41e8e chore: release v2.0.0
• 0a1a8ef chore: update contributors
• 1afcb09 chore: add yarn.lock
• f64e1e0 Merge pull request [Snyk] Upgrade node-uuid from 1.4.0 to 1.4.8 snyk/cli#2899 from outsideris/fix-bad-url-in-stacktrace
• 78ad12f refactor(server): move compile step to first run
• 34dc7d3 fix(reporter): show file path correctly when urlRoot specified
• b53929a Merge pull request [Snyk] Fix for 1 vulnerabilities #2712 from macjohnny/patch-1
• c9e1ca9 feat: better string representation of errors
• 10fac07 Merge pull request [Snyk] Upgrade qs from 0.0.6 to 0.6.6 snyk/cli#2885 from karma-runner/prep-2
• 00e3f88 chore: remove yarn.lock for now
• 60dfc5c feat: drop core-js and babel where possible
• 0e1907d test: improve linting and fix test on node 4
• af0efda test(e2e): update cucumber step definitions
• c3ccc5d chore(ci): focus on even node versions
• bf25094 chore(deps): update to latest
• d93cc5f docs(config): Document port collision scenario.
• 871d46f feat(launcher): trim whitespace in browser name
• 99fd3f0 fix(config): Call debug log methods after setting the loglevel based upon config/cli-options.
• 7bd54ed Merge pull request [Snyk] Upgrade lodash from 4.17.15 to 4.17.21 snyk/cli#2890 from reda-alaoui/patch-1
• 91e916a docs(config): Document port collision scenario.
• 334f9fb feat(launcher): trim whitespace in browser name
• e23c0d4 Merge pull request [Snyk] Fix for 1 vulnerabilities #2837 from JakeChampion/logs
• a340dae fix(config): Call debug log methods after setting the loglevel based upon config/cli-options.
• 6d353dc docs: improve comments in config.tpl.*

See the full diff

Package name: tunnel-agent

The new version differs by 6 commits.

• 67df643 0.6.0
• 9ca95ec Use .from
• 8a7c86e 0.5.1
• 5fe6221 0.5.0
• 5bbaf62 Merge pull request [Snyk] Security upgrade django from 1.6.1 to 1.6.3 #25 from request/safe-buffer
• cdc47b9 Migrating to safe-buffer for security reasons.

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	No Known Exploit
	576/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.1	Uninitialized Memory Exposure npm:tunnel-agent:20170305	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution