[Snyk] Security upgrade karma-webpack from 4.0.0-rc.5 to 4.0.0

[mayurkale22]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/opencensus-web-core/package.json
  • packages/opencensus-web-core/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	753/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: karma-webpack

The new version differs by 10 commits.

• 9138b13 chore(release): 4.0.0
• 74e526f chore(default): update ([Snyk] Security upgrade lerna from 3.13.4 to 4.0.0 #412)
• a2b044d refactor(package): add more keywords for npm ([Snyk] Security upgrade karma-webpack from 4.0.0-rc.5 to 4.0.0 #411)
• ca7c5e2 chore(package): drop node v6 support ([Snyk] Security upgrade karma-webpack from 4.0.0-rc.5 to 4.0.0 #409)
• bef8bb6 refactor(karma-webpack): fix linting error ([Snyk] Security upgrade karma-webpack from 4.0.0-rc.5 to 4.0.0 #410)
• 63cfd78 fix(karma-webpack): Regression in multi-compiler mode (chore(deps): update dependency webpack to v5 #390) ([Snyk] Security upgrade karma from 4.0.1 to 5.0.8 #391)
• 11cb4fb chore(release): 4.0.0-rc.6
• ed66799 chore(package-lock): fix low severity vulnerabilities
• 2f47250 fix(karma-webpack): Override `output.filename` with '[name].js' (Bump ini from 1.3.5 to 1.3.7 in /packages/opencensus-web-initial-load #381)
• e207fe5 chore(release): 4.0.0-rc.5

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

[google-cla]

All (the pull request submitter and all commit authors) CLAs are signed, but one or more commits were authored or co-authored by someone other than the pull request submitter.

We need to confirm that all authors are ok with their commits being contributed to this project. Please have them confirm that by leaving a comment that contains only @googlebot I consent. in this pull request.

Note to project maintainer: There may be cases where the author cannot leave a comment, or the comment is not properly detected as consent. In those cases, you can manually confirm consent of the commit author(s), and set the cla label to yes (if enabled on your project).

ℹ️ Googlers: Go here for more info.