Skip to content

Update dependency karma to v6 [SECURITY] #169

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update dependency karma to v6 [SECURITY] #169

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Nov 20, 2023
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
karma (source) ^0.13.0 -> ^6.3.16 age confidence

GitHub Vulnerability Alerts

CVE-2022-0437

karma prior to version 6.3.14 contains a cross-site scripting vulnerability.

CVE-2021-23495

Karma before 6.3.16 is vulnerable to Open Redirect due to missing validation of the return_url query parameter.

Release Notes

karma-runner/karma (karma)

v6.3.16

Compare Source

Features
  • support SRI verification of link tags (dc51a2e)
  • support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

6.3.19 (2022-04-19)

Bug Fixes
  • client: error out when opening a new tab fails (099b85e)

6.3.18 (2022-04-13)

Bug Fixes
  • deps: upgrade socket.io to v4.4.1 (52a30bb)

6.3.17 (2022-02-28)

Bug Fixes

6.3.16 (2022-02-10)

Bug Fixes
  • security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

6.3.14 (2022-02-05)

Bug Fixes
  • remove string template from client code (91d5acd)
  • warn when singleRun and autoWatch are false (69cfc76)
  • security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

6.3.12 (2022-01-24)

Bug Fixes
  • remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes
  • deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes
  • logger: create parent folders if they are missing (0d24bd9), closes #​3734

6.3.9 (2021-11-16)

Bug Fixes

6.3.8 (2021-11-07)

Bug Fixes
  • reporter: warning if stack trace contains generated code invocation (4f23b14)

6.3.7 (2021-11-01)

Bug Fixes
  • middleware: replace %X_UA_COMPATIBLE% marker anywhere in the file (f1aeaec), closes #​3711

6.3.6 (2021-10-25)

Bug Fixes

6.3.5 (2021-10-20)

Bug Fixes
  • client: prevent socket.io from hanging due to mocked clocks (#​3695) (105da90)

6.3.4 (2021-06-14)

Bug Fixes

6.3.3 (2021-06-01)

Bug Fixes

6.3.2 (2021-03-29)

Bug Fixes

6.3.1 (2021-03-24)

Bug Fixes

v6.3.15

Compare Source

Features
  • support SRI verification of link tags (dc51a2e)
  • support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

6.3.19 (2022-04-19)

Bug Fixes
  • client: error out when opening a new tab fails (099b85e)

6.3.18 (2022-04-13)

Bug Fixes
  • deps: upgrade socket.io to v4.4.1 (52a30bb)

6.3.17 (2022-02-28)

Bug Fixes

6.3.16 (2022-02-10)

Bug Fixes
  • security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

6.3.14 (2022-02-05)

Bug Fixes
  • remove string template from client code (91d5acd)
  • warn when singleRun and autoWatch are false (69cfc76)
  • security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

6.3.12 (2022-01-24)

Bug Fixes
  • remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes
  • deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes
  • logger: create parent folders if they are missing (0d24bd9), closes #​3734

6.3.9 (2021-11-16)

Bug Fixes

6.3.8 (2021-11-07)

Bug Fixes
  • reporter: warning if stack trace contains generated code invocation (4f23b14)

6.3.7 (2021-11-01)

Bug Fixes
  • middleware: replace %X_UA_COMPATIBLE% marker anywhere in the file (f1aeaec), closes #​3711

6.3.6 (2021-10-25)

Bug Fixes

6.3.5 (2021-10-20)

Bug Fixes
  • client: prevent socket.io from hanging due to mocked clocks (#​3695) (105da90)

6.3.4 (2021-06-14)

Bug Fixes

6.3.3 (2021-06-01)

Bug Fixes

6.3.2 (2021-03-29)

Bug Fixes

6.3.1 (2021-03-24)

Bug Fixes

v6.3.14

Compare Source

Features
  • support SRI verification of link tags (dc51a2e)
  • support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

6.3.19 (2022-04-19)

Bug Fixes
  • client: error out when opening a new tab fails (099b85e)

6.3.18 (2022-04-13)

Bug Fixes
  • deps: upgrade socket.io to v4.4.1 (52a30bb)

6.3.17 (2022-02-28)

Bug Fixes

6.3.16 (2022-02-10)

Bug Fixes
  • security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

6.3.14 (2022-02-05)

Bug Fixes
  • remove string template from client code (91d5acd)
  • warn when singleRun and autoWatch are false (69cfc76)
  • security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

6.3.12 (2022-01-24)

Bug Fixes
  • remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes
  • deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes
  • logger: create parent folders if they are missing (0d24bd9), closes #​3734

6.3.9 (2021-11-16)

Bug Fixes

6.3.8 (2021-11-07)

Bug Fixes
  • reporter: warning if stack trace contains generated code invocation (4f23b14)

6.3.7 (2021-11-01)

Bug Fixes
  • middleware: replace %X_UA_COMPATIBLE% marker anywhere in the file (f1aeaec), closes #​3711

6.3.6 (2021-10-25)

Bug Fixes

6.3.5 (2021-10-20)

Bug Fixes
  • client: prevent socket.io from hanging due to mocked clocks (#​3695) (105da90)

6.3.4 (2021-06-14)

Bug Fixes

6.3.3 (2021-06-01)

Bug Fixes

6.3.2 (2021-03-29)

Bug Fixes

6.3.1 (2021-03-24)

Bug Fixes

v6.3.13

Compare Source

Features
  • support SRI verification of link tags (dc51a2e)
  • support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

6.3.19 (2022-04-19)

Bug Fixes
  • client: error out when opening a new tab fails (099b85e)

6.3.18 (2022-04-13)

Bug Fixes
  • deps: upgrade socket.io to v4.4.1 (52a30bb)

6.3.17 (2022-02-28)

Bug Fixes

6.3.16 (2022-02-10)

Bug Fixes
  • security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

6.3.14 (2022-02-05)

Bug Fixes
  • remove string template from client code (91d5acd)
  • warn when singleRun and autoWatch are false (69cfc76)
  • security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

6.3.12 (2022-01-24)

Bug Fixes
  • remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes
  • deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes
  • logger: create parent folders if they are missing (0d24bd9), closes #​3734

6.3.9 (2021-11-16)

Bug Fixes

6.3.8 (2021-11-07)

Bug Fixes
  • reporter: warning if stack trace contains generated code invocation (4f23b14)

6.3.7 (2021-11-01)

Bug Fixes
  • middleware: replace %X_UA_COMPATIBLE% marker anywhere in the file (f1aeaec), closes #​3711

6.3.6 (2021-10-25)

Bug Fixes

6.3.5 (2021-10-20)

Bug Fixes
  • client: prevent socket.io from hanging due to mocked clocks (#​3695) (105da90)

6.3.4 (2021-06-14)

Bug Fixes

6.3.3 (2021-06-01)

Bug Fixes

6.3.2 (2021-03-29)

Bug Fixes

6.3.1 (2021-03-24)

Bug Fixes

v6.3.12

Compare Source

Features
  • support SRI verification of link tags (dc51a2e)
  • support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

6.3.19 (2022-04-19)

Bug Fixes
  • client: error out when opening a new tab fails (099b85e)

6.3.18 (2022-04-13)

Bug Fixes
  • deps: upgrade socket.io to v4.4.1 (52a30bb)

6.3.17 (2022-02-28)

Bug Fixes

6.3.16 (2022-02-10)

Bug Fixes
  • security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

6.3.14 (2022-02-05)

Bug Fixes
  • remove string template from client code (91d5acd)
  • warn when singleRun and autoWatch are false (69cfc76)
  • security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

6.3.12 (2022-01-24)

Bug Fixes
  • remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes
  • deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes
  • logger: create parent folders if they are missing (0d24bd9), closes #​3734

6.3.9 (2021-11-16)

Bug Fixes

6.3.8 (2021-11-07)

Bug Fixes
  • reporter: warning if stack trace contains generated code invocation (4f23b14)

6.3.7 (2021-11-01)

Bug Fixes
  • middleware: replace %X_UA_COMPATIBLE% marker anywhere in the file (f1aeaec), closes #​3711

6.3.6 (2021-10-25)

Bug Fixes

6.3.5 (2021-10-20)

Bug Fixes
  • client: prevent socket.io from hanging due to mocked clocks (#​3695) (105da90)

6.3.4 (2021-06-14)

Bug Fixes

6.3.3 (2021-06-01)

Bug Fixes

6.3.2 (2021-03-29)

Bug Fixes

6.3.1 (2021-03-24)

Bug Fixes

v6.3.11

Compare Source

Features
  • support SRI verification of link tags (dc51a2e)
  • support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

6.3.19 (2022-04-19)

Bug Fixes
  • client: error out when opening a new tab fails (099b85e)

6.3.18 (2022-04-13)

Bug Fixes
  • deps: upgrade socket.io to v4.4.1 (52a30bb)

6.3.17 (2022-02-28)

Bug Fixes

6.3.16 (2022-02-10)

Bug Fixes
  • security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

6.3.14 (2022-02-05)

Bug Fixes
  • remove string template from client code (91d5acd)
  • warn when singleRun and autoWatch are false (69cfc76)
  • security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

6.3.12 (2022-01-24)

Bug Fixes
  • remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes
  • deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes
  • logger: create parent folders if they are missing (0d24bd9), closes #​3734

6.3.9 (2021-11-16)

Bug Fixes

6.3.8 (2021-11-07)

Bug Fixes
  • reporter: warning if stack trace contains generated code invocation (4f23b14)

6.3.7 (2021-11-01)

Bug Fixes
  • middleware: replace %X_UA_COMPATIBLE% marker anywhere in the file (f1aeaec), closes #​3711

6.3.6 (2021-10-25)

Bug Fixes

6.3.5 (2021-10-20)

Bug Fixes
  • client: prevent socket.io from hanging due to mocked clocks (#​3695) (105da90)

6.3.4 (2021-06-14)

Bug Fixes

6.3.3 (2021-06-01)

Bug Fixes

6.3.2 (2021-03-29)

Bug Fixes

6.3.1 (2021-03-24)

Bug Fixes

v6.3.10

Compare Source

Features
  • support SRI verification of link tags (dc51a2e)
  • support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

6.3.19 (2022-04-19)

Bug Fixes
  • client: error out when opening a new tab fails (099b85e)

6.3.18 (2022-04-13)

Bug Fixes
  • deps: upgrade socket.io to v4.4.1 (52a30bb)

6.3.17 (2022-02-28)

Bug Fixes

6.3.16 (2022-02-10)

Bug Fixes
  • security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

6.3.14 (2022-02-05)

Bug Fixes
  • remove string template from client code (91d5acd)
  • warn when singleRun and autoWatch are false (69cfc76)
  • security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

6.3.12 (2022-01-24)

Bug Fixes
  • remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes
  • deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes
  • logger: create parent folders if they are missing (0d24bd9), closes #​3734

6.3.9 (2021-11-16)

Bug Fixes

6.3.8 (2021-11-07)

Bug Fixes
  • reporter: warning if stack trace contains generated code invocation (4f23b14)

6.3.7 (2021-11-01)

Bug Fixes
  • middleware: replace %X_UA_COMPATIBLE% marker anywhere in the file (f1aeaec), closes #​3711

6.3.6 (2021-10-25)

Bug Fixes

6.3.5 (2021-10-20)

Bug Fixes
  • client: prevent socket.io from hanging due to mocked clocks (#​3695) (105da90)

6.3.4 (2021-06-14)

Bug Fixes

6.3.3 (2021-06-01)

Bug Fixes

6.3.2 (2021-03-29)

Bug Fixes

6.3.1 (2021-03-24)

Bug Fixes

v6.3.9

Compare Source

Features
  • support SRI verification of link tags (dc51a2e)
  • support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

[6.3.19](https://redirect.github.com/karma-r

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from bd2bcc6 to f7b294d Compare November 20, 2023 19:44
@renovate renovate bot changed the title Pin dependency karma to 0.13.22 [SECURITY] Update dependency karma to v6 [SECURITY] Nov 20, 2023
@renovate renovate bot changed the title Update dependency karma to v6 [SECURITY] Pin dependency karma to 0.13.22 [SECURITY] Nov 20, 2023
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch 2 times, most recently from 4a8460f to 722764d Compare November 20, 2023 19:57
@renovate renovate bot changed the title Pin dependency karma to 0.13.22 [SECURITY] Update dependency karma to v6 [SECURITY] Nov 20, 2023
@renovate renovate bot changed the title Update dependency karma to v6 [SECURITY] Pin dependency karma to 0.13.22 [SECURITY] Dec 3, 2023
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch 2 times, most recently from ce48942 to 3bf9d94 Compare December 3, 2023 14:43
@renovate renovate bot changed the title Pin dependency karma to 0.13.22 [SECURITY] Update dependency karma to v6 [SECURITY] Dec 3, 2023
@renovate renovate bot changed the title Update dependency karma to v6 [SECURITY] Pin dependency karma to 0.13.22 [SECURITY] Dec 27, 2023
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch 2 times, most recently from e2da1b1 to 5ef771f Compare December 27, 2023 13:03
@renovate renovate bot changed the title Pin dependency karma to 0.13.22 [SECURITY] Update dependency karma to v6 [SECURITY] Dec 27, 2023
@renovate renovate bot changed the title Update dependency karma to v6 [SECURITY] Pin dependency karma to 0.13.22 [SECURITY] Jan 4, 2024
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch 2 times, most recently from 02283e9 to 9a397d3 Compare January 4, 2024 16:13
@renovate renovate bot changed the title Pin dependency karma to 0.13.22 [SECURITY] Update dependency karma to v6 [SECURITY] Jan 4, 2024
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from 9a397d3 to 8f90478 Compare January 9, 2024 12:09
@renovate renovate bot changed the title Update dependency karma to v6 [SECURITY] Pin dependency karma to 0.13.22 [SECURITY] Jan 9, 2024
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from 8f90478 to 14dccd1 Compare January 9, 2024 17:26
@renovate renovate bot changed the title Pin dependency karma to 0.13.22 [SECURITY] Update dependency karma to v6 [SECURITY] Jan 9, 2024
@renovate renovate bot changed the title Update dependency karma to v6 [SECURITY] Pin dependency karma to 0.13.22 [SECURITY] Jan 16, 2024
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch 2 times, most recently from 50f0ea1 to 7889728 Compare January 16, 2024 17:30
@renovate renovate bot changed the title Pin dependency karma to 0.13.22 [SECURITY] Update dependency karma to v6 [SECURITY] Jan 16, 2024
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from 7889728 to 0aecd14 Compare January 30, 2024 23:31
@renovate renovate bot changed the title Update dependency karma to v6 [SECURITY] Pin dependency karma to 0.13.22 [SECURITY] Jan 30, 2024
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from 0aecd14 to 7380f98 Compare January 31, 2024 01:17
@renovate renovate bot changed the title Pin dependency karma to 0.13.22 [SECURITY] Update dependency karma to v6 [SECURITY] Jan 31, 2024
@renovate renovate bot changed the title Pin dependency karma to 0.13.22 [SECURITY] Update dependency karma to v6 [SECURITY] May 13, 2025
@renovate renovate bot changed the title Update dependency karma to v6 [SECURITY] Pin dependency karma to 0.13.22 [SECURITY] May 19, 2025
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch 2 times, most recently from c958edc to b622ca0 Compare May 20, 2025 00:02
@renovate renovate bot changed the title Pin dependency karma to 0.13.22 [SECURITY] Update dependency karma to v6 [SECURITY] May 20, 2025
@renovate renovate bot changed the title Update dependency karma to v6 [SECURITY] Pin dependency karma to 0.13.22 [SECURITY] May 28, 2025
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch 2 times, most recently from b8417ce to 54f5b5d Compare May 28, 2025 16:40
@renovate renovate bot changed the title Pin dependency karma to 0.13.22 [SECURITY] Update dependency karma to v6 [SECURITY] May 28, 2025
@renovate renovate bot changed the title Update dependency karma to v6 [SECURITY] Pin dependency karma to 0.13.22 [SECURITY] Jun 6, 2025
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch 2 times, most recently from 1de3773 to 2261e5f Compare June 6, 2025 23:35
@renovate renovate bot changed the title Pin dependency karma to 0.13.22 [SECURITY] Update dependency karma to v6 [SECURITY] Jun 6, 2025
@renovate renovate bot changed the title Update dependency karma to v6 [SECURITY] Pin dependency karma to 0.13.22 [SECURITY] Jun 18, 2025
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch 2 times, most recently from def173c to 0fa3bd0 Compare June 18, 2025 19:00
@renovate renovate bot changed the title Pin dependency karma to 0.13.22 [SECURITY] Update dependency karma to v6 [SECURITY] Jun 18, 2025
@renovate renovate bot changed the title Update dependency karma to v6 [SECURITY] Pin dependency karma to 0.13.22 [SECURITY] Jun 22, 2025
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch 2 times, most recently from 64e69f9 to 287e021 Compare June 22, 2025 16:50
@renovate renovate bot changed the title Pin dependency karma to 0.13.22 [SECURITY] Update dependency karma to v6 [SECURITY] Jun 22, 2025
@renovate renovate bot changed the title Update dependency karma to v6 [SECURITY] Pin dependency karma to 0.13.22 [SECURITY] Jul 2, 2025
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch 2 times, most recently from 6d72675 to 912f8b0 Compare July 2, 2025 23:11
@renovate renovate bot changed the title Pin dependency karma to 0.13.22 [SECURITY] Update dependency karma to v6 [SECURITY] Jul 2, 2025
@renovate renovate bot changed the title Update dependency karma to v6 [SECURITY] Pin dependency karma to 0.13.22 [SECURITY] Jul 28, 2025
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from 912f8b0 to 3760afc Compare July 28, 2025 14:06
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from 3760afc to 53bf617 Compare July 28, 2025 19:48
@renovate renovate bot changed the title Pin dependency karma to 0.13.22 [SECURITY] Update dependency karma to v6 [SECURITY] Jul 28, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants