[Snyk] Upgrade: lodash, , browserify, chai, mocha, gulp-shell, gulp-terser, karma, karma-chrome-launcher

[Exkaleburx]

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

lodash
from 4.17.15 to 4.17.21 | 6 versions ahead of your current version | 4 years ago
on 2021-02-20
@kollavarsham/gulp-coveralls
from 0.2.9 to 0.6.0 | 13 versions ahead of your current version | 2 years ago
on 2023-01-16
browserify
from 16.5.0 to 16.5.2 | 2 versions ahead of your current version | 4 years ago
on 2020-08-03
chai
from 4.2.0 to 4.5.0 | 14 versions ahead of your current version | 2 months ago
on 2024-07-25
mocha
from 6.2.2 to 6.2.3 | 1 version ahead of your current version | 4 years ago
on 2020-03-25
gulp-shell
from 0.6.5 to 0.8.0 | 3 versions ahead of your current version | 5 years ago
on 2020-02-12
gulp-terser
from 1.2.0 to 1.4.1 | 6 versions ahead of your current version | 4 years ago
on 2020-10-31
karma
from 6.4.0 to 6.4.4 | 4 versions ahead of your current version | 2 months ago
on 2024-07-29
karma-chrome-launcher
from 3.1.1 to 3.2.0 | 1 version ahead of your current version | a year ago
on 2023-04-20

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GETFUNCNAME-5923417	751	Proof of Concept
	Uncaught Exception SNYK-JS-SOCKETIO-7278048	751	No Known Exploit
	Denial of Service (DoS) SNYK-JS-SOCKETIOPARSER-5596892	751	No Known Exploit
	Code Injection SNYK-JS-LODASH-1040724	751	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-567746	751	Proof of Concept
	Prototype Poisoning SNYK-JS-QS-3153490	751	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-608086	751	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-6139239	751	Proof of Concept
	Prototype Pollution SNYK-JS-AJV-584908	751	No Known Exploit
	Denial of Service (DoS) SNYK-JS-ENGINEIO-3136336	751	No Known Exploit
	Uncaught Exception SNYK-JS-ENGINEIO-5496331	751	No Known Exploit
	Denial of Service (DoS) SNYK-JS-WS-7266574	751	Proof of Concept
	Prototype Pollution SNYK-JS-ASYNC-2441827	751	Proof of Concept
	Prototype Pollution SNYK-JS-CACHEDPATHRELATIVE-2342653	751	Proof of Concept
	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	751	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	751	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	751	Proof of Concept
	Prototype Pollution SNYK-JS-PATHVAL-596926	751	Proof of Concept

Release notes

Package name: lodash

• 4.17.21 - 2021-02-20
  

  Bump to v4.17.21

• 4.17.20 - 2020-08-13
  

  Bump to v4.17.20.

• 4.17.19 - 2020-07-08
  

  Bump to v4.17.19

• 4.17.18 - 2020-07-08
• 4.17.17 - 2020-07-08
• 4.17.16 - 2020-07-08
  

  Rebuild lodash and docs

• 4.17.15 - 2019-07-19
  

  4.17.15

from lodash GitHub release notes

Package name: @kollavarsham/gulp-coveralls

• 0.6.0 - 2023-01-16
  
  • build: update package-lock.json 763fb1b
  • build: upgrade dependencies 75b0f1e
  • Bump jshint from 2.13.4 to 2.13.5 7fb83ac
  • Bump minimist from 1.2.5 to 1.2.6 34d6423
  • Bump mocha from 9.2.1 to 9.2.2 5b5063e
  • Bump mocha from 9.2.0 to 9.2.1 be9fe99
  • Bump jshint from 2.13.3 to 2.13.4 afb0511
  • Bump mocha from 9.1.4 to 9.2.0 5683e10
  • Bump mocha from 9.1.3 to 9.1.4 d29cee0
  • Bump jshint from 2.13.2 to 2.13.3 a56a784
  • Bump jshint from 2.13.1 to 2.13.2 84809c6
  • Bump mocha from 9.1.2 to 9.1.3 35ab807
  • Bump mocha from 9.1.1 to 9.1.2 38ee5d9
  • Bump mocha from 9.1.0 to 9.1.1 e5b0a5d
  • Bump mocha from 9.0.3 to 9.1.0 c87000c
  • Bump jshint from 2.13.0 to 2.13.1 a5174be
  • Bump sinon from 11.1.1 to 11.1.2 48cafde
  • Bump mocha from 9.0.2 to 9.0.3 236e559
  • Bump mocha from 9.0.1 to 9.0.2 088c181
  • Bump coveralls from 3.1.0 to 3.1.1 01765d4
  • Bump mocha from 9.0.0 to 9.0.1 24ebd28
  • ci: update OS image e8f27ae
  • ci: add/deprecate nodejs versions 7db868e

  v0.5.0...v0.6.0

• 0.5.1 - 2023-01-16
  
  • build: update package-lock.json 763fb1b
  • build: upgrade dependencies 75b0f1e
  • Bump jshint from 2.13.4 to 2.13.5 7fb83ac
  • Bump minimist from 1.2.5 to 1.2.6 34d6423
  • Bump mocha from 9.2.1 to 9.2.2 5b5063e
  • Bump mocha from 9.2.0 to 9.2.1 be9fe99
  • Bump jshint from 2.13.3 to 2.13.4 afb0511
  • Bump mocha from 9.1.4 to 9.2.0 5683e10
  • Bump mocha from 9.1.3 to 9.1.4 d29cee0
  • Bump jshint from 2.13.2 to 2.13.3 a56a784
  • Bump jshint from 2.13.1 to 2.13.2 84809c6
  • Bump mocha from 9.1.2 to 9.1.3 35ab807
  • Bump mocha from 9.1.1 to 9.1.2 38ee5d9
  • Bump mocha from 9.1.0 to 9.1.1 e5b0a5d
  • Bump mocha from 9.0.3 to 9.1.0 c87000c
  • Bump jshint from 2.13.0 to 2.13.1 a5174be
  • Bump sinon from 11.1.1 to 11.1.2 48cafde
  • Bump mocha from 9.0.2 to 9.0.3 236e559
  • Bump mocha from 9.0.1 to 9.0.2 088c181
  • Bump coveralls from 3.1.0 to 3.1.1 01765d4
  • Bump mocha from 9.0.0 to 9.0.1 24ebd28

  v0.5.0...v0.5.1

• 0.5.0 - 2021-06-08
  
  • Bump mocha from 8.4.0 to 9.0.0 (#102) 16c9a06
  • remove support for v10 39b89c2
  • send to coveralls only from latest node version d85a794
  • remove travis; add GH actions 8d8cc02
  • update master to main 4361217
  • upgraded dependencies 4502bc5
  • updated package-lock.json a89edf9
  • Bump jshint from 2.12.0 to 2.13.0 (#101) 8c362a8
  • Bump sinon from 11.0.0 to 11.1.1 (#100) 852e02d

  v0.4.0...v0.5.0

• 0.4.0 - 2021-05-24
  
  • added 'files' section into package.json 606bfc9
  • upgraded dependencies 53b53dc
  • updated package-lock.json 5e0d8c0
  • Upgrade to GitHub-native Dependabot (#95) 6231940
  • [Security] Bump lodash from 4.17.20 to 4.17.21 (#96) 1ada743
  • Merge pull request #98 from kollavarsham/dependabot/npm_and_yarn/mocha-8.4.0 9224e87
  • Bump mocha from 8.3.2 to 8.4.0 7b3a33a
  • Merge pull request #97 from kollavarsham/dependabot/npm_and_yarn/hosted-git-info-2.8.9 5e1f6c1
  • [Security] Bump hosted-git-info from 2.8.8 to 2.8.9 09fd352
  • Bump sinon from 9.2.4 to 10.0.1 (#94) ca1f015
  • Merge pull request #93 from kollavarsham/dependabot/npm_and_yarn/y18n-3.2.2 6686d27
  • [Security] Bump y18n from 3.2.1 to 3.2.2 afc7b25
  • Merge pull request #91 from kollavarsham/dependabot/npm_and_yarn/mocha-8.3.2 0f0bdee
  • Bump mocha from 8.3.1 to 8.3.2 48a9f7f
  • Merge pull request #90 from kollavarsham/dependabot/npm_and_yarn/mocha-8.3.1 bab9e0a
  • Bump mocha from 8.3.0 to 8.3.1 a5a9370
  • Merge pull request #89 from kollavarsham/dependabot/npm_and_yarn/mocha-8.3.0 80d9364
  • Bump mocha from 8.2.1 to 8.3.0 4e0a738
  • Merge pull request #88 from kollavarsham/dependabot/npm_and_yarn/sinon-9.2.4 1b73991
  • Bump sinon from 9.2.3 to 9.2.4 786926a
  • Merge pull request #87 from kollavarsham/dependabot/npm_and_yarn/sinon-9.2.3 d998409
  • Bump sinon from 9.2.2 to 9.2.3 a1f5ae9
  • Merge pull request #86 from kollavarsham/dependabot/npm_and_yarn/sinon-9.2.2 1c89643
  • Bump sinon from 9.2.1 to 9.2.2 5a715d4
  • Merge pull request #85 from kollavarsham/dependabot/npm_and_yarn/ini-1.3.7 dc9c8c1
  • [Security] Bump ini from 1.3.5 to 1.3.7 9960d82
  • Merge pull request #84 from kollavarsham/dependabot/npm_and_yarn/mocha-8.2.1 bbf8df9
  • Bump mocha from 8.2.0 to 8.2.1 3c1181e
  • Merge pull request #83 from kollavarsham/dependabot/npm_and_yarn/sinon-9.2.1 6de0f8e
  • Bump sinon from 9.2.0 to 9.2.1 036d128

  v0.3.4...v0.4.0

• 0.3.4 - 2020-10-19
  
  • upgrade dependencies 2f550c1

  v0.3.3...v0.3.4

• 0.3.3 - 2020-10-03
  
  • upgrade dependencies 6776411
  • Bump sinon from 9.0.3 to 9.1.0 (#80) 22ef724
  • Merge pull request #79 from kollavarsham/dependabot/npm_and_yarn/vinyl-2.2.1 496bae0
  • Bump vinyl from 2.2.0 to 2.2.1 1e56eb1

  v0.3.2...v0.3.3

• 0.3.2 - 2020-09-08
  
  • upgrade dependencies e312afd
  • Merge pull request #78 from kollavarsham/dependabot/npm_and_yarn/mocha-8.1.3 6fb4999
  • Bump mocha from 8.1.2 to 8.1.3 f22cb44
  • Merge pull request #77 from kollavarsham/dependabot/npm_and_yarn/mocha-8.1.2 3d93638
  • Bump mocha from 8.1.1 to 8.1.2 87461b7
  • Merge pull request #76 from kollavarsham/dependabot/npm_and_yarn/sinon-9.0.3 2b59386
  • Bump sinon from 9.0.2 to 9.0.3 347d216
  • Merge pull request #75 from kollavarsham/dependabot/npm_and_yarn/mocha-8.1.1 7f264bf
  • Bump mocha from 8.1.0 to 8.1.1 a9d631d
  • Bump jshint from 2.11.2 to 2.12.0 (#74) 475f490
  • Bump mocha from 8.0.1 to 8.1.0 (#73) 911a4f9
  • Merge pull request #72 from kollavarsham/dependabot/npm_and_yarn/jshint-2.11.2 17347a0
  • Bump jshint from 2.11.1 to 2.11.2 2ecb009
  • Merge pull request #71 from kollavarsham/dependabot/npm_and_yarn/lodash-4.17.19 594e70f
  • [Security] Bump lodash from 4.17.15 to 4.17.19 39ff1cd

  v0.3.1...v0.3.2

• 0.3.1 - 2020-07-09
  
  • upgrade dependencies; update node.js versions on travis b7d8cf3
  • Bump through2 from 3.0.2 to 4.0.2 (#70) 062b359
  • Merge pull request #68 from kollavarsham/dependabot/npm_and_yarn/through2-3.0.2 7de65aa
  • Bump through2 from 3.0.1 to 3.0.2 4d70d47
  • Bump nyc from 15.0.1 to 15.1.0 (#66) aa1ff69

  v0.3.0...v0.3.1

• 0.3.0 - 2020-05-24
  
  • replace istanbul with nyc 9092038
  • Merge pull request #65 from kollavarsham/dependabot/npm_and_yarn/jshint-2.11.1 66e104b
  • Bump jshint from 2.11.0 to 2.11.1 8073056
  • Merge pull request #63 from kollavarsham/dependabot/npm_and_yarn/mocha-7.1.2 aa90276
  • Bump mocha from 7.1.1 to 7.1.2 026a391
  • Bump coveralls from 3.0.13 to 3.0.14 (#62) 121dacb

  v0.2.13...v0.3.0

• 0.2.13 - 2020-04-22
  
  • upgrade dependencies a33907d
  • Bump sinon from 9.0.1 to 9.0.2 (#61) 1ac9e2f
  • Bump coveralls from 3.0.9 to 3.0.11 (#60) 17a58b3
  • Bump mocha from 7.1.0 to 7.1.1 (#59)