ngx-filesize Update dependency karma to v6.3.16 [SECURITY] (3.x)

Update dependency karma to v6.3.16 [SECURITY] (3.x)

Open renovate[bot] opened this issue 3 years ago • 0 comments

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
karma (source)	`6.3.2` -> `6.3.16`

GitHub Vulnerability Alerts

CVE-2022-0437

karma prior to version 6.3.14 contains a cross-site scripting vulnerability.

CVE-2021-23495

Karma before 6.3.16 is vulnerable to Open Redirect due to missing validation of the return_url query parameter.

Release Notes

karma-runner/karma

`v6.3.16`

Compare Source

Bug Fixes

security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

`v6.3.15`

Compare Source

Bug Fixes

helper: make mkdirIfNotExists helper resilient to concurrent calls (d9dade2), closes /github.com/karma-runner/karma-coverage/issues/434#issuecomment-1017939333

`v6.3.14`

Compare Source

Bug Fixes

remove string template from client code (91d5acd)
warn when singleRun and autoWatch are false (69cfc76)
security: remove XSS vulnerability in returnUrl query param (839578c)

`v6.3.13`

Compare Source

Bug Fixes

deps: bump log4js to resolve security issue (5bf2df3), closes #3751

`v6.3.12`

Compare Source

Bug Fixes

remove depreciation warning from log4js (41bed33)

`v6.3.11`

Compare Source

Bug Fixes

deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

`v6.3.10`

Compare Source

Bug Fixes

logger: create parent folders if they are missing (0d24bd9), closes #3734

`v6.3.9`

Compare Source

Bug Fixes

restartOnFileChange option not restarting the test run (92ffe60), closes #27 #3724

`v6.3.8`

Compare Source

Bug Fixes

reporter: warning if stack trace contains generated code invocation (4f23b14)

`v6.3.7`

Compare Source

Bug Fixes

middleware: replace %X_UA_COMPATIBLE% marker anywhere in the file (f1aeaec), closes #3711

`v6.3.6`

Compare Source

Bug Fixes

bump vulnerable ua-parser-js version (6f2b2ec), closes #3713

`v6.3.5`

Compare Source

Bug Fixes

client: prevent socket.io from hanging due to mocked clocks (#3695) (105da90)

`v6.3.4`

Compare Source

Bug Fixes

bump production dependencies within SemVer ranges (#3682) (36467a8), closes #3680

`v6.3.3`

Compare Source

Bug Fixes

server: clean up vestigial code from proxy (#3640) (f4aeac3), closes /tools.ietf.org/html/std66#section-3

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

[ ] If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by Mend Renovate. View repository job log here.

Feb 11 '22 08:02 renovate[bot]

ngx-filesize ngx-filesize copied to clipboard

Update dependency karma to v6.3.16 [SECURITY] (3.x)

GitHub Vulnerability Alerts

Release Notes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Configuration

ngx-filesize
ngx-filesize copied to clipboard