chore: update dependency karma to v6 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
karma (source)	~5.2.0 -> ~6.3.0

GitHub Vulnerability Alerts

CVE-2022-0437

karma prior to version 6.3.14 contains a cross-site scripting vulnerability.

CVE-2021-23495

Karma before 6.3.16 is vulnerable to Open Redirect due to missing validation of the return_url query parameter.

---

Release Notes

karma-runner/karma (karma)

v6.3.16

Compare Source

Bug Fixes

• security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

v6.3.15

Compare Source

Bug Fixes

• helper: make mkdirIfNotExists helper resilient to concurrent calls (d9dade2), closes /github.com/karma-runner/karma-coverage/issues/434#issuecomment-1017939333

v6.3.14

Compare Source

Bug Fixes

• remove string template from client code (91d5acd)
• warn when singleRun and autoWatch are false (69cfc76)
• security: remove XSS vulnerability in returnUrl query param (839578c)

v6.3.13

Compare Source

Bug Fixes

• deps: bump log4js to resolve security issue (5bf2df3), closes #​3751

v6.3.12

Compare Source

Bug Fixes

• remove depreciation warning from log4js (41bed33)

v6.3.11

Compare Source

Bug Fixes

• deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

v6.3.10

Compare Source

Bug Fixes

• logger: create parent folders if they are missing (0d24bd9), closes #​3734

v6.3.9

Compare Source

Bug Fixes

• restartOnFileChange option not restarting the test run (92ffe60), closes #​27 #​3724

v6.3.8

Compare Source

Bug Fixes

• reporter: warning if stack trace contains generated code invocation (4f23b14)

v6.3.7

Compare Source

Bug Fixes

• middleware: replace %X_UA_COMPATIBLE% marker anywhere in the file (f1aeaec), closes #​3711

v6.3.6

Compare Source

Bug Fixes

• bump vulnerable ua-parser-js version (6f2b2ec), closes #​3713

v6.3.5

Compare Source

Bug Fixes

• client: prevent socket.io from hanging due to mocked clocks (#​3695) (105da90)

v6.3.4

Compare Source

Bug Fixes

• bump production dependencies within SemVer ranges (#​3682) (36467a8), closes #​3680

v6.3.3

Compare Source

Bug Fixes

• server: clean up vestigial code from proxy (#​3640) (f4aeac3), closes /tools.ietf.org/html/std66#section-3

v6.3.2

Compare Source

Bug Fixes

• prefer IPv4 addresses when resolving domains (e17698f), closes #​3730

v6.3.1

Compare Source

Bug Fixes

• client: error out when opening a new tab fails (099b85e)

v6.3.0

Compare Source

Features

• support asynchronous config.set() call in karma.conf.js (#​3660) (4c9097a)

v6.2.0

Compare Source

Features

• plugins: add support wildcard config for scoped package plugin (#​3659) (39831b1)

6.1.2 (2021-03-09)

Bug Fixes

• commitlint: skip task on master (#​3650) (3fc6fda)
• patch karma to allow loading virtual packages (#​3663) (5bfcf5f)

6.1.1 (2021-02-12)

Bug Fixes

• config: check extension before ts-node register (#​3651) (474f4e1), closes #​3329
• report launcher process error when exit event is not emitted (#​3647) (7ab86be)

v6.1.2

Compare Source

Bug Fixes

• commitlint: skip task on master (#​3650) (3fc6fda)
• patch karma to allow loading virtual packages (#​3663) (5bfcf5f)

v6.1.1

Compare Source

Bug Fixes

• config: check extension before ts-node register (#​3651) (474f4e1), closes #​3329
• report launcher process error when exit event is not emitted (#​3647) (7ab86be)

v6.1.0

Compare Source

Features

• config: improve karma.config.parseConfig error handling (#​3635) (9dba1e2)

6.0.4 (2021-02-01)

Bug Fixes

• cli: temporarily disable strict parameters validation (#​3641) (9c755e0), closes #​3625
• client: fix a false positive page reload error in Safari (#​3643) (2a57b23)
• ensure that Karma supports running tests on IE 11 (#​3642) (dbd1943)

6.0.3 (2021-01-27)

Bug Fixes

• plugins: refactor instantiatePlugin from preproprocessor (#​3628) (e02858a)

6.0.2 (2021-01-25)

Bug Fixes

• avoid ES6+ syntax in client scripts (#​3629) (6629e96), closes #​3630

6.0.1 (2021-01-20)

Bug Fixes

• server: set maxHttpBufferSize to the socket.io v2 default (#​3626) (69baddc), closes #​3621
• restore customFileHandlers provider (#​3624) (25d9abb)

v6.0.4

Compare Source

Bug Fixes

• cli: temporarily disable strict parameters validation (#​3641) (9c755e0), closes #​3625
• client: fix a false positive page reload error in Safari (#​3643) (2a57b23)
• ensure that Karma supports running tests on IE 11 (#​3642) (dbd1943)

v6.0.3

Compare Source

Bug Fixes

• plugins: refactor instantiatePlugin from preproprocessor (#​3628) (e02858a)

v6.0.2

Compare Source

Bug Fixes

• avoid ES6+ syntax in client scripts (#​3629) (6629e96), closes #​3630

v6.0.1

Compare Source

Bug Fixes

• server: set maxHttpBufferSize to the socket.io v2 default (#​3626) (69baddc), closes #​3621
• restore customFileHandlers provider (#​3624) (25d9abb)

v6.0.0

Compare Source

Bug Fixes

• ci: abandon browserstack tests for Safari and IE (#​3615) (04a811d)
• client: do not reset karmaNavigating in unload handler (#​3591) (4a8178f), closes #​3482
• context: do not error when karma is navigating (#​3565) (05dc288), closes #​3560
• cve: update ua-parser-js to 0.7.23 to fix CVE-2020-7793 (#​3584) (f819fa8)
• cve: update yargs to 16.1.1 to fix cve-2020-7774 in y18n (#​3578) (3fed0bc), closes #​3577
• deps: bump socket-io to v3 (#​3586) (1b9e1de), closes #​3569
• middleware: catch errors when loading a module (#​3605) (fec972f), closes #​3572
• server: clean up close-server logic (#​3607) (3fca456)
• test: clear up clearContext (#​3597) (8997b74)
• test: mark all second connections reconnects (#​3598) (1c9c2de)

Features

• cli: error out on unexpected options or parameters (#​3589) (603bbc0)
• client: update banner with connection, test status, ping times (#​3611) (4bf90f7)
• server: print stack of unhandledrejections (#​3593) (35a5842)
• server: remove deprecated static methods (#​3595) (1a65bf1)
• remove support for running dart code in the browser (#​3592) (7a3bd55)

BREAKING CHANGES

• server: Deprecated require('karma').server.start() and require('karma').Server.start() variants were removed from the public API. Instead use canonical form:

const { Server } = require('karma');
const server = new Server();
server.start();

• cli: Karma is more strict and will error out if unknown option or argument is passed to CLI.
• Using Karma to run Dart code in the browser is no longer supported. Use your favorite Dart-to-JS compiler instead.

dart file type has been removed without a replacement.

customFileHandlers DI token has been removed. Use middleware to achieve similar functionality.

customScriptTypes DI token has been removed. It had no effect, so no replacement is provided.

• deps: Some projects have socket.io tests that are version sensitive.

5.2.3 (2020-09-25)

Bug Fixes

• update us-parser-js dependency (#​3564) (500ed25)

5.2.2 (2020-09-08)

Bug Fixes

• revert source-map update (#​3559) (d9ba284), closes #​3557

5.2.1 (2020-09-02)

Bug Fixes

• remove broken link from docs - 06-angularjs.md (#​3555) (da2f307)
• remove unused JSON utilities and flatted dependency (#​3550) (beed255)

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.