Update dependency karma to v6 [SECURITY]

[renovate-bot]

This PR contains the following updates:

Package	Change	Age	Confidence
karma (source)	^1.4.1 -> ^6.0.0

GitHub Vulnerability Alerts

CVE-2022-0437

karma prior to version 6.3.14 contains a cross-site scripting vulnerability.

CVE-2021-23495

Karma before 6.3.16 is vulnerable to Open Redirect due to missing validation of the return_url query parameter.

---

Release Notes

karma-runner/karma (karma)

v6.3.16

Compare Source

Features

• support SRI verification of link tags (dc51a2e)
• support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

• prefer IPv4 addresses when resolving domains (e17698f), closes #​3730

6.3.19 (2022-04-19)

Bug Fixes

• client: error out when opening a new tab fails (099b85e)

6.3.18 (2022-04-13)

Bug Fixes

• deps: upgrade socket.io to v4.4.1 (52a30bb)

6.3.17 (2022-02-28)

Bug Fixes

• deps: update colors to maintained version (#​3763) (fca1884)

6.3.16 (2022-02-10)

Bug Fixes

• security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

• helper: make mkdirIfNotExists helper resilient to concurrent calls (d9dade2), closes /github.com/karma-runner/karma-coverage/issues/434#issuecomment-1017939333

6.3.14 (2022-02-05)

Bug Fixes

• remove string template from client code (91d5acd)
• warn when singleRun and autoWatch are false (69cfc76)
• security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

• deps: bump log4js to resolve security issue (5bf2df3), closes #​3751

6.3.12 (2022-01-24)

Bug Fixes

• remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes

• deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes

• logger: create parent folders if they are missing (0d24bd9), closes #​3734

6.3.9 (2021-11-16)

Bug Fixes

• restartOnFileChange option not restarting the test run (92ffe60), closes #​27 #​3724

6.3.8 (2021-11-07)

Bug Fixes

• reporter: warning if stack trace contains generated code invocation (4f23b14)

6.3.7 (2021-11-01)

Bug Fixes

• middleware: replace %X_UA_COMPATIBLE% marker anywhere in the file (f1aeaec), closes #​3711

6.3.6 (2021-10-25)

Bug Fixes

• bump vulnerable ua-parser-js version (6f2b2ec), closes #​3713

6.3.5 (2021-10-20)

Bug Fixes

• client: prevent socket.io from hanging due to mocked clocks (#​3695) (105da90)

6.3.4 (2021-06-14)

Bug Fixes

• bump production dependencies within SemVer ranges (#​3682) (36467a8), closes #​3680

6.3.3 (2021-06-01)

Bug Fixes

• server: clean up vestigial code from proxy (#​3640) (f4aeac3), closes /tools.ietf.org/html/std66#section-3

6.3.2 (2021-03-29)

Bug Fixes

• fix running tests in IE9 (#​3668) (0055bc5), closes /github.com/karma-runner/karma/blob/026fff870913fb6cd2858dd962935dc74c92b725/client/main.js#L14 #​3665

6.3.1 (2021-03-24)

Bug Fixes

• client: clearContext after complete sent (#​3657) (c0962e3)

v6.3.15

Compare Source

Features

• support SRI verification of link tags (dc51a2e)
• support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

• prefer IPv4 addresses when resolving domains (e17698f), closes #​3730

6.3.19 (2022-04-19)

Bug Fixes

• client: error out when opening a new tab fails (099b85e)

6.3.18 (2022-04-13)

Bug Fixes

• deps: upgrade socket.io to v4.4.1 (52a30bb)

6.3.17 (2022-02-28)

Bug Fixes

• deps: update colors to maintained version (#​3763) (fca1884)

6.3.16 (2022-02-10)

Bug Fixes

• security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

• helper: make mkdirIfNotExists helper resilient to concurrent calls (d9dade2), closes /github.com/karma-runner/karma-coverage/issues/434#issuecomment-1017939333

6.3.14 (2022-02-05)

Bug Fixes

• remove string template from client code (91d5acd)
• warn when singleRun and autoWatch are false (69cfc76)
• security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

• deps: bump log4js to resolve security issue (5bf2df3), closes #​3751

6.3.12 (2022-01-24)

Bug Fixes

• remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes

• deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes

• logger: create parent folders if they are missing (0d24bd9), closes #​3734

6.3.9 (2021-11-16)

Bug Fixes

• restartOnFileChange option not restarting the test run (92ffe60), closes #​27 #​3724

6.3.8 (2021-11-07)

Bug Fixes

• reporter: warning if stack trace contains generated code invocation (4f23b14)

6.3.7 (2021-11-01)

Bug Fixes

• middleware: replace %X_UA_COMPATIBLE% marker anywhere in the file (f1aeaec), closes #​3711

6.3.6 (2021-10-25)

Bug Fixes

• bump vulnerable ua-parser-js version (6f2b2ec), closes #​3713

6.3.5 (2021-10-20)

Bug Fixes

• client: prevent socket.io from hanging due to mocked clocks (#​3695) (105da90)

6.3.4 (2021-06-14)

Bug Fixes

• bump production dependencies within SemVer ranges (#​3682) (36467a8), closes #​3680

6.3.3 (2021-06-01)

Bug Fixes

• server: clean up vestigial code from proxy (#​3640) (f4aeac3), closes /tools.ietf.org/html/std66#section-3

6.3.2 (2021-03-29)

Bug Fixes

• fix running tests in IE9 (#​3668) (0055bc5), closes /github.com/karma-runner/karma/blob/026fff870913fb6cd2858dd962935dc74c92b725/client/main.js#L14 #​3665

6.3.1 (2021-03-24)

Bug Fixes

• client: clearContext after complete sent (#​3657) (c0962e3)

v6.3.14

Compare Source

Features

• support SRI verification of link tags (dc51a2e)
• support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

• prefer IPv4 addresses when resolving domains (e17698f), closes #​3730

6.3.19 (2022-04-19)

Bug Fixes

• client: error out when opening a new tab fails (099b85e)

6.3.18 (2022-04-13)

Bug Fixes

• deps: upgrade socket.io to v4.4.1 (52a30bb)

6.3.17 (2022-02-28)

Bug Fixes

• deps: update colors to maintained version (#​3763) (fca1884)

6.3.16 (2022-02-10)

Bug Fixes

• security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

• helper: make mkdirIfNotExists helper resilient to concurrent calls (d9dade2), closes /github.com/karma-runner/karma-coverage/issues/434#issuecomment-1017939333

6.3.14 (2022-02-05)

Bug Fixes

• remove string template from client code (91d5acd)
• warn when singleRun and autoWatch are false (69cfc76)
• security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

• deps: bump log4js to resolve security issue (5bf2df3), closes #​3751

6.3.12 (2022-01-24)

Bug Fixes

• remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes

• deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes

• logger: create parent folders if they are missing (0d24bd9), closes #​3734

6.3.9 (2021-11-16)

Bug Fixes

• restartOnFileChange option not restarting the test run (92ffe60), closes #​27 #​3724

6.3.8 (2021-11-07)

Bug Fixes

• reporter: warning if stack trace contains generated code invocation (4f23b14)

6.3.7 (2021-11-01)

Bug Fixes

• middleware: replace %X_UA_COMPATIBLE% marker anywhere in the file (f1aeaec), closes #​3711

6.3.6 (2021-10-25)

Bug Fixes

• bump vulnerable ua-parser-js version (6f2b2ec), closes #​3713

6.3.5 (2021-10-20)

Bug Fixes

• client: prevent socket.io from hanging due to mocked clocks (#​3695) (105da90)

6.3.4 (2021-06-14)

Bug Fixes

• bump production dependencies within SemVer ranges (#​3682) (36467a8), closes #​3680

6.3.3 (2021-06-01)

Bug Fixes

• server: clean up vestigial code from proxy (#​3640) (f4aeac3), closes /tools.ietf.org/html/std66#section-3

6.3.2 (2021-03-29)

Bug Fixes

• fix running tests in IE9 (#​3668) (0055bc5), closes /github.com/karma-runner/karma/blob/026fff870913fb6cd2858dd962935dc74c92b725/client/main.js#L14 #​3665

6.3.1 (2021-03-24)

Bug Fixes

• client: clearContext after complete sent (#​3657) (c0962e3)

v6.3.13

Compare Source

Features

• support SRI verification of link tags (dc51a2e)
• support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

• prefer IPv4 addresses when resolving domains (e17698f), closes #​3730

6.3.19 (2022-04-19)

Bug Fixes

• client: error out when opening a new tab fails (099b85e)

6.3.18 (2022-04-13)

Bug Fixes

• deps: upgrade socket.io to v4.4.1 (52a30bb)

6.3.17 (2022-02-28)

Bug Fixes

• deps: update colors to maintained version (#​3763) (fca1884)

6.3.16 (2022-02-10)

Bug Fixes

• security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

• helper: make mkdirIfNotExists helper resilient to concurrent calls (d9dade2), closes /github.com/karma-runner/karma-coverage/issues/434#issuecomment-1017939333

6.3.14 (2022-02-05)

Bug Fixes

• remove string template from client code (91d5acd)
• warn when singleRun and autoWatch are false (69cfc76)
• security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

• deps: bump log4js to resolve security issue (5bf2df3), closes #​3751

6.3.12 (2022-01-24)

Bug Fixes

• remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes

• deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes

• logger: create parent folders if they are missing (0d24bd9), closes #​3734

6.3.9 (2021-11-16)

Bug Fixes

• restartOnFileChange option not restarting the test run (92ffe60), closes #​27 #​3724

6.3.8 (2021-11-07)

Bug Fixes

• reporter: warning if stack trace contains generated code invocation (4f23b14)

6.3.7 (2021-11-01)

Bug Fixes

• middleware: replace %X_UA_COMPATIBLE% marker anywhere in the file (f1aeaec), closes #​3711

6.3.6 (2021-10-25)

Bug Fixes

• bump vulnerable ua-parser-js version (6f2b2ec), closes #​3713

6.3.5 (2021-10-20)

Bug Fixes

• client: prevent socket.io from hanging due to mocked clocks (#​3695) (105da90)

6.3.4 (2021-06-14)

Bug Fixes

• bump production dependencies within SemVer ranges (#​3682) (36467a8), closes #​3680

6.3.3 (2021-06-01)

Bug Fixes

• server: clean up vestigial code from proxy (#​3640) (f4aeac3), closes /tools.ietf.org/html/std66#section-3

6.3.2 (2021-03-29)

Bug Fixes

• fix running tests in IE9 (#​3668) (0055bc5), closes /github.com/karma-runner/karma/blob/026fff870913fb6cd2858dd962935dc74c92b725/client/main.js#L14 #​3665

6.3.1 (2021-03-24)

Bug Fixes

• client: clearContext after complete sent (#​3657) (c0962e3)

v6.3.12

Compare Source

Features

• support SRI verification of link tags (dc51a2e)
• support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

• prefer IPv4 addresses when resolving domains (e17698f), closes #​3730

6.3.19 (2022-04-19)

Bug Fixes

• client: error out when opening a new tab fails (099b85e)

6.3.18 (2022-04-13)

Bug Fixes

• deps: upgrade socket.io to v4.4.1 (52a30bb)

6.3.17 (2022-02-28)

Bug Fixes

• deps: update colors to maintained version (#​3763) (fca1884)

6.3.16 (2022-02-10)

Bug Fixes

• security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

• helper: make mkdirIfNotExists helper resilient to concurrent calls (d9dade2), closes /github.com/karma-runner/karma-coverage/issues/434#issuecomment-1017939333

6.3.14 (2022-02-05)

Bug Fixes

• remove string template from client code (91d5acd)
• warn when singleRun and autoWatch are false (69cfc76)
• security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

• deps: bump log4js to resolve security issue (5bf2df3), closes #​3751

6.3.12 (2022-01-24)

Bug Fixes

• remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes

• deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes

• logger: create parent folders if they are missing (0d24bd9), closes #​3734

6.3.9 (2021-11-16)

Bug Fixes

• restartOnFileChange option not restarting the test run (92ffe60), closes #​27 #​3724

6.3.8 (2021-11-07)

Bug Fixes

• reporter: warning if stack trace contains generated code invocation (4f23b14)

6.3.7 (2021-11-01)

Bug Fixes

• middleware: replace %X_UA_COMPATIBLE% marker anywhere in the file (f1aeaec), closes #​3711

6.3.6 (2021-10-25)

Bug Fixes

• bump vulnerable ua-parser-js version (6f2b2ec), closes #​3713

6.3.5 (2021-10-20)

Bug Fixes

• client: prevent socket.io from hanging due to mocked clocks (#​3695) (105da90)

6.3.4 (2021-06-14)

Bug Fixes

• bump production dependencies within SemVer ranges (#​3682) (36467a8), closes #​3680

6.3.3 (2021-06-01)

Bug Fixes

• server: clean up vestigial code from proxy (#​3640) (f4aeac3), closes /tools.ietf.org/html/std66#section-3

6.3.2 (2021-03-29)

Bug Fixes

• fix running tests in IE9 (#​3668) (0055bc5), closes /github.com/karma-runner/karma/blob/026fff870913fb6cd2858dd962935dc74c92b725/client/main.js#L14 #​3665

6.3.1 (2021-03-24)

Bug Fixes

• client: clearContext after complete sent (#​3657) (c0962e3)

v6.3.11

Compare Source

Features

• support SRI verification of link tags (dc51a2e)
• support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

• prefer IPv4 addresses when resolving domains (e17698f), closes #​3730

6.3.19 (2022-04-19)

Bug Fixes

• client: error out when opening a new tab fails (099b85e)

6.3.18 (2022-04-13)

Bug Fixes

• deps: upgrade socket.io to v4.4.1 (52a30bb)

6.3.17 (2022-02-28)

Bug Fixes

• deps: update colors to maintained version (#​3763) (fca1884)

6.3.16 (2022-02-10)

Bug Fixes

• security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

• helper: make mkdirIfNotExists helper resilient to concurrent calls (d9dade2), closes /github.com/karma-runner/karma-coverage/issues/434#issuecomment-1017939333

6.3.14 (2022-02-05)

Bug Fixes

• remove string template from client code (91d5acd)
• warn when singleRun and autoWatch are false (69cfc76)
• security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

• deps: bump log4js to resolve security issue (5bf2df3), closes #​3751

6.3.12 (2022-01-24)

Bug Fixes

• remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes

• deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes

• logger: create parent folders if they are missing (0d24bd9), closes #​3734

6.3.9 (2021-11-16)

Bug Fixes

• restartOnFileChange option not restarting the test run (92ffe60), closes #​27 #​3724

6.3.8 (2021-11-07)

Bug Fixes

• reporter: warning if stack trace contains generated code invocation (4f23b14)

6.3.7 (2021-11-01)

Bug Fixes

• middleware: replace %X_UA_COMPATIBLE% marker anywhere in the file (f1aeaec), closes #​3711

6.3.6 (2021-10-25)

Bug Fixes

• bump vulnerable ua-parser-js version (6f2b2ec), closes #​3713

6.3.5 (2021-10-20)

Bug Fixes

• client: prevent socket.io from hanging due to mocked clocks (#​3695) (105da90)

6.3.4 (2021-06-14)

Bug Fixes

• bump production dependencies within SemVer ranges (#​3682) (36467a8), closes #​3680

6.3.3 (2021-06-01)

Bug Fixes

• server: clean up vestigial code from proxy (#​3640) (f4aeac3), closes /tools.ietf.org/html/std66#section-3

6.3.2 (2021-03-29)

Bug Fixes

• fix running tests in IE9 (#​3668) (0055bc5), closes /github.com/karma-runner/karma/blob/026fff870913fb6cd2858dd962935dc74c92b725/client/main.js#L14 #​3665

6.3.1 (2021-03-24)

Bug Fixes

• client: clearContext after complete sent (#​3657) (c0962e3)

v6.3.10

Compare Source

Features

• support SRI verification of link tags (dc51a2e)
• support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

• prefer IPv4 addresses when resolving domains (e17698f), closes #​3730

6.3.19 (2022-04-19)

Bug Fixes

• client: error out when opening a new tab fails (099b85e)

6.3.18 (2022-04-13)

Bug Fixes

• deps: upgrade socket.io to v4.4.1 (52a30bb)

6.3.17 (2022-02-28)

Bug Fixes

• deps: update colors to maintained version (#​3763) (fca1884)

6.3.16 (2022-02-10)

Bug Fixes

• security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

• helper: make mkdirIfNotExists helper resilient to concurrent calls (d9dade2), closes /github.com/karma-runner/karma-coverage/issues/434#issuecomment-1017939333

6.3.14 (2022-02-05)

Bug Fixes

• remove string template from client code (91d5acd)
• warn when singleRun and autoWatch are false (69cfc76)
• security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

• deps: bump log4js to resolve security issue (5bf2df3), closes #​3751

6.3.12 (2022-01-24)

Bug Fixes

• remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes

• deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes

• logger: create parent folders if they are missing (0d24bd9), closes #​3734

6.3.9 (2021-11-16)

Bug Fixes

• restartOnFileChange option not restarting the test run (92ffe60), closes #​27 #​3724

6.3.8 (2021-11-07)

Bug Fixes

• reporter: warning if stack trace contains generated code invocation (4f23b14)

6.3.7 (2021-11-01)

Bug Fixes

• middleware: replace %X_UA_COMPATIBLE% marker anywhere in the file (f1aeaec), closes #​3711

6.3.6 (2021-10-25)

Bug Fixes

• bump vulnerable ua-parser-js version (6f2b2ec), closes #​3713

6.3.5 (2021-10-20)

Bug Fixes

• client: prevent socket.io from hanging due to mocked clocks (#​3695) (105da90)

6.3.4 (2021-06-14)

Bug Fixes

• bump production dependencies within SemVer ranges (#​3682) (36467a8), closes #​3680

6.3.3 (2021-06-01)

Bug Fixes

• server: clean up vestigial code from proxy (#​3640) (f4aeac3), closes /tools.ietf.org/html/std66#section-3

6.3.2 (2021-03-29)

Bug Fixes

• fix running tests in IE9 (#​3668) (0055bc5), closes /github.com/karma-runner/karma/blob/026fff870913fb6cd2858dd962935dc74c92b725/client/main.js#L14 #​3665

6.3.1 (2021-03-24)

Bug Fixes

• client: clearContext after complete sent (#​3657) (c0962e3)

v6.3.9

Compare Source

Features

• support SRI verification of link tags (dc51a2e)
• support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

• prefer IPv4 addresses when resolving domains (e17698f), closes #​3730

[6.3.19](https://redirect.github.com/karma-runner

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[bolt-new-by-stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 8f65483

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR