klangspektrum2
klangspektrum2 copied to clipboard
Published
20 hours ago •
schwamic
schwamic
fix(deps): update dependency karma to v6 [security]
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| karma (source) | 5.1.0 -> 6.3.16 |
GitHub Vulnerability Alerts
CVE-2022-0437
karma prior to version 6.3.14 contains a cross-site scripting vulnerability.
CVE-2021-23495
Karma before 6.3.16 is vulnerable to Open Redirect due to missing validation of the return_url query parameter.
Release Notes
karma-runner/karma
v6.3.16
Bug Fixes
- security: mitigate the "Open Redirect Vulnerability" (ff7edbb)
v6.3.15
Bug Fixes
- helper: make mkdirIfNotExists helper resilient to concurrent calls (d9dade2), closes /github.com/karma-runner/karma-coverage/issues/434#issuecomment-1017939333
v6.3.14
Bug Fixes
- remove string template from client code (91d5acd)
- warn when
singleRunandautoWatcharefalse(69cfc76) -
security: remove XSS vulnerability in
returnUrlquery param (839578c)
v6.3.13
Bug Fixes
v6.3.12
Bug Fixes
- remove depreciation warning from log4js (41bed33)
v6.3.11
Bug Fixes
- deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)
v6.3.10
Bug Fixes
v6.3.9
Bug Fixes
v6.3.8
Bug Fixes
- reporter: warning if stack trace contains generated code invocation (4f23b14)
v6.3.7
Bug Fixes
v6.3.6
Bug Fixes
v6.3.5
Bug Fixes
v6.3.4
Bug Fixes
v6.3.3
Bug Fixes
- server: clean up vestigial code from proxy (#3640) (f4aeac3), closes /tools.ietf.org/html/std66#section-3
v6.3.2
Bug Fixes
v6.3.1
Bug Fixes
- client: error out when opening a new tab fails (099b85e)
v6.3.0
Features
v6.2.0
Features
6.1.2 (2021-03-09)
Bug Fixes
- commitlint: skip task on master (#3650) (3fc6fda)
- patch karma to allow loading virtual packages (#3663) (5bfcf5f)
6.1.1 (2021-02-12)
Bug Fixes
- config: check extension before ts-node register (#3651) (474f4e1), closes #3329
- report launcher process error when exit event is not emitted (#3647) (7ab86be)
v6.1.2
Bug Fixes
- commitlint: skip task on master (#3650) (3fc6fda)
- patch karma to allow loading virtual packages (#3663) (5bfcf5f)
v6.1.1
Bug Fixes
- config: check extension before ts-node register (#3651) (474f4e1), closes #3329
- report launcher process error when exit event is not emitted (#3647) (7ab86be)
v6.1.0
Features
6.0.4 (2021-02-01)
Bug Fixes
- cli: temporarily disable strict parameters validation (#3641) (9c755e0), closes #3625
- client: fix a false positive page reload error in Safari (#3643) (2a57b23)
- ensure that Karma supports running tests on IE 11 (#3642) (dbd1943)
6.0.3 (2021-01-27)
Bug Fixes
6.0.2 (2021-01-25)
Bug Fixes
6.0.1 (2021-01-20)
Bug Fixes
- server: set maxHttpBufferSize to the socket.io v2 default (#3626) (69baddc), closes #3621
- restore
customFileHandlersprovider (#3624) (25d9abb)
v6.0.4
Bug Fixes
- cli: temporarily disable strict parameters validation (#3641) (9c755e0), closes #3625
- client: fix a false positive page reload error in Safari (#3643) (2a57b23)
- ensure that Karma supports running tests on IE 11 (#3642) (dbd1943)
v6.0.3
Bug Fixes
v6.0.2
Bug Fixes
v6.0.1
Bug Fixes
- server: set maxHttpBufferSize to the socket.io v2 default (#3626) (69baddc), closes #3621
- restore
customFileHandlersprovider (#3624) (25d9abb)
v6.0.0
Bug Fixes
- ci: abandon browserstack tests for Safari and IE (#3615) (04a811d)
- client: do not reset karmaNavigating in unload handler (#3591) (4a8178f), closes #3482
- context: do not error when karma is navigating (#3565) (05dc288), closes #3560
- cve: update ua-parser-js to 0.7.23 to fix CVE-2020-7793 (#3584) (f819fa8)
- cve: update yargs to 16.1.1 to fix cve-2020-7774 in y18n (#3578) (3fed0bc), closes #3577
- deps: bump socket-io to v3 (#3586) (1b9e1de), closes #3569
- middleware: catch errors when loading a module (#3605) (fec972f), closes #3572
- server: clean up close-server logic (#3607) (3fca456)
- test: clear up clearContext (#3597) (8997b74)
- test: mark all second connections reconnects (#3598) (1c9c2de)
Features
- cli: error out on unexpected options or parameters (#3589) (603bbc0)
- client: update banner with connection, test status, ping times (#3611) (4bf90f7)
- server: print stack of unhandledrejections (#3593) (35a5842)
- server: remove deprecated static methods (#3595) (1a65bf1)
- remove support for running dart code in the browser (#3592) (7a3bd55)
BREAKING CHANGES
-
server: Deprecated
require('karma').server.start()andrequire('karma').Server.start()variants were removed from the public API. Instead use canonical form:
const { Server } = require('karma');
const server = new Server();
server.start();
- cli: Karma is more strict and will error out if unknown option or argument is passed to CLI.
- Using Karma to run Dart code in the browser is no longer supported. Use your favorite Dart-to-JS compiler instead.
dart file type has been removed without a replacement.
customFileHandlers DI token has been removed. Use middleware to achieve similar functionality.
customScriptTypes DI token has been removed. It had no effect, so no replacement is provided.
- deps: Some projects have socket.io tests that are version sensitive.
5.2.3 (2020-09-25)
Bug Fixes
5.2.2 (2020-09-08)
Bug Fixes
5.2.1 (2020-09-02)
Bug Fixes
- remove broken link from docs - 06-angularjs.md (#3555) (da2f307)
- remove unused JSON utilities and flatted dependency (#3550) (beed255)
v5.2.3
Bug Fixes
v5.2.2
Bug Fixes
v5.2.1
Bug Fixes
- remove broken link from docs - 06-angularjs.md (#3555) (da2f307)
- remove unused JSON utilities and flatted dependency (#3550) (beed255)
v5.2.0
Bug Fixes
- client: avoid race between execute and clearContext (#3452) (8bc5b46), closes #3424
- client: check in bundled client code into version control (#3524) (6cd5a3b), closes /github.com/karma-runner/karma/commit/f5521df7df5cd1201b5dce28dc4e326b1ffc41fd#commitcomment-38967493
- dependencies: update dependencies (#3543) (5db46b7)
- docs: Update 03-how-it-works.md (#3539) (e7cf7b1)
- server: log error when file loading or preprocessing fails (#3540) (fc2fd61)
Features
5.1.1 (2020-07-28)
Bug Fixes
v5.1.1
Bug Fixes
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
- [ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
![renovate[bot] avatar](https://avatars.githubusercontent.com/in/2740?v=4 "Published by a pub.dev verified publisher"){kind=small}
Edited/Blocked Notification
Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.
You can manually request rebase by checking the rebase/retry box above.
⚠ Warning: custom changes will be lost.