Skip to content
This repository was archived by the owner on Oct 1, 2025. It is now read-only.

Update dependency karma to v6.3.16 [SECURITY] #251

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update dependency karma to v6.3.16 [SECURITY] #251

wants to merge 1 commit into from

Conversation

@renovate
Copy link

@renovate renovate bot commented Mar 7, 2022
edited
Loading

Note

Mend has cancelled the proposed renaming of the Renovate GitHub app being renamed to mend[bot].

This notice will be removed on 2025-10-07.

This PR contains the following updates:

Package Change Age Confidence
karma (source) 6.1.1 -> 6.3.16 age confidence

GitHub Vulnerability Alerts

CVE-2022-0437

karma prior to version 6.3.14 contains a cross-site scripting vulnerability.

CVE-2021-23495

Karma before 6.3.16 is vulnerable to Open Redirect due to missing validation of the return_url query parameter.

Release Notes

karma-runner/karma (karma)

v6.3.16

Compare Source

Features
  • support SRI verification of link tags (dc51a2e)
  • support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

6.3.19 (2022-04-19)

Bug Fixes
  • client: error out when opening a new tab fails (099b85e)

6.3.18 (2022-04-13)

Bug Fixes
  • deps: upgrade socket.io to v4.4.1 (52a30bb)

6.3.17 (2022-02-28)

Bug Fixes

6.3.16 (2022-02-10)

Bug Fixes
  • security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

6.3.14 (2022-02-05)

Bug Fixes
  • remove string template from client code (91d5acd)
  • warn when singleRun and autoWatch are false (69cfc76)
  • security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

6.3.12 (2022-01-24)

Bug Fixes
  • remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes
  • deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes
  • logger: create parent folders if they are missing (0d24bd9), closes #​3734

6.3.9 (2021-11-16)

Bug Fixes

6.3.8 (2021-11-07)

Bug Fixes
  • reporter: warning if stack trace contains generated code invocation (4f23b14)

6.3.7 (2021-11-01)

Bug Fixes
  • middleware: replace %X_UA_COMPATIBLE% marker anywhere in the file (f1aeaec), closes #​3711

6.3.6 (2021-10-25)

Bug Fixes

6.3.5 (2021-10-20)

Bug Fixes
  • client: prevent socket.io from hanging due to mocked clocks (#​3695) (105da90)

6.3.4 (2021-06-14)

Bug Fixes

6.3.3 (2021-06-01)

Bug Fixes

6.3.2 (2021-03-29)

Bug Fixes

6.3.1 (2021-03-24)

Bug Fixes

v6.3.15

Compare Source

Features
  • support SRI verification of link tags (dc51a2e)
  • support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

6.3.19 (2022-04-19)

Bug Fixes
  • client: error out when opening a new tab fails (099b85e)

6.3.18 (2022-04-13)

Bug Fixes
  • deps: upgrade socket.io to v4.4.1 (52a30bb)

6.3.17 (2022-02-28)

Bug Fixes

6.3.16 (2022-02-10)

Bug Fixes
  • security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

6.3.14 (2022-02-05)

Bug Fixes
  • remove string template from client code (91d5acd)
  • warn when singleRun and autoWatch are false (69cfc76)
  • security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

6.3.12 (2022-01-24)

Bug Fixes
  • remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes
  • deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes
  • logger: create parent folders if they are missing (0d24bd9), closes #​3734

6.3.9 (2021-11-16)

Bug Fixes

6.3.8 (2021-11-07)

Bug Fixes
  • reporter: warning if stack trace contains generated code invocation (4f23b14)

6.3.7 (2021-11-01)

Bug Fixes
  • middleware: replace %X_UA_COMPATIBLE% marker anywhere in the file (f1aeaec), closes #​3711

6.3.6 (2021-10-25)

Bug Fixes

6.3.5 (2021-10-20)

Bug Fixes
  • client: prevent socket.io from hanging due to mocked clocks (#​3695) (105da90)

6.3.4 (2021-06-14)

Bug Fixes

6.3.3 (2021-06-01)

Bug Fixes

6.3.2 (2021-03-29)

Bug Fixes

6.3.1 (2021-03-24)

Bug Fixes

v6.3.14

Compare Source

Features
  • support SRI verification of link tags (dc51a2e)
  • support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

6.3.19 (2022-04-19)

Bug Fixes
  • client: error out when opening a new tab fails (099b85e)

6.3.18 (2022-04-13)

Bug Fixes
  • deps: upgrade socket.io to v4.4.1 (52a30bb)

6.3.17 (2022-02-28)

Bug Fixes

6.3.16 (2022-02-10)

Bug Fixes
  • security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

6.3.14 (2022-02-05)

Bug Fixes
  • remove string template from client code (91d5acd)
  • warn when singleRun and autoWatch are false (69cfc76)
  • security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

6.3.12 (2022-01-24)

Bug Fixes
  • remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes
  • deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes
  • logger: create parent folders if they are missing (0d24bd9), closes #​3734

6.3.9 (2021-11-16)

Bug Fixes

6.3.8 (2021-11-07)

Bug Fixes
  • reporter: warning if stack trace contains generated code invocation (4f23b14)

6.3.7 (2021-11-01)

Bug Fixes
  • middleware: replace %X_UA_COMPATIBLE% marker anywhere in the file (f1aeaec), closes #​3711

6.3.6 (2021-10-25)

Bug Fixes

6.3.5 (2021-10-20)

Bug Fixes
  • client: prevent socket.io from hanging due to mocked clocks (#​3695) (105da90)

6.3.4 (2021-06-14)

Bug Fixes

6.3.3 (2021-06-01)

Bug Fixes

6.3.2 (2021-03-29)

Bug Fixes

6.3.1 (2021-03-24)

Bug Fixes

v6.3.13

Compare Source

Features
  • support SRI verification of link tags (dc51a2e)
  • support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

6.3.19 (2022-04-19)

Bug Fixes
  • client: error out when opening a new tab fails (099b85e)

6.3.18 (2022-04-13)

Bug Fixes
  • deps: upgrade socket.io to v4.4.1 (52a30bb)

6.3.17 (2022-02-28)

Bug Fixes

6.3.16 (2022-02-10)

Bug Fixes
  • security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

6.3.14 (2022-02-05)

Bug Fixes
  • remove string template from client code (91d5acd)
  • warn when singleRun and autoWatch are false (69cfc76)
  • security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

6.3.12 (2022-01-24)

Bug Fixes
  • remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes
  • deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes
  • logger: create parent folders if they are missing (0d24bd9), closes #​3734

6.3.9 (2021-11-16)

Bug Fixes

6.3.8 (2021-11-07)

Bug Fixes
  • reporter: warning if stack trace contains generated code invocation (4f23b14)

6.3.7 (2021-11-01)

Bug Fixes
  • middleware: replace %X_UA_COMPATIBLE% marker anywhere in the file (f1aeaec), closes #​3711

6.3.6 (2021-10-25)

Bug Fixes

6.3.5 (2021-10-20)

Bug Fixes
  • client: prevent socket.io from hanging due to mocked clocks (#​3695) (105da90)

6.3.4 (2021-06-14)

Bug Fixes

6.3.3 (2021-06-01)

Bug Fixes

6.3.2 (2021-03-29)

Bug Fixes

6.3.1 (2021-03-24)

Bug Fixes

v6.3.12

Compare Source

Features
  • support SRI verification of link tags (dc51a2e)
  • support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

6.3.19 (2022-04-19)

Bug Fixes
  • client: error out when opening a new tab fails (099b85e)

6.3.18 (2022-04-13)

Bug Fixes
  • deps: upgrade socket.io to v4.4.1 (52a30bb)

6.3.17 (2022-02-28)

Bug Fixes

6.3.16 (2022-02-10)

Bug Fixes
  • security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

6.3.14 (2022-02-05)

Bug Fixes
  • remove string template from client code (91d5acd)
  • warn when singleRun and autoWatch are false (69cfc76)
  • security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

6.3.12 (2022-01-24)

Bug Fixes
  • remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes
  • deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes
  • logger: create parent folders if they are missing (0d24bd9), closes #​3734

6.3.9 (2021-11-16)

Bug Fixes

6.3.8 (2021-11-07)

Bug Fixes
  • reporter: warning if stack trace contains generated code invocation (4f23b14)

6.3.7 (2021-11-01)

Bug Fixes
  • middleware: replace %X_UA_COMPATIBLE% marker anywhere in the file (f1aeaec), closes #​3711

6.3.6 (2021-10-25)

Bug Fixes

6.3.5 (2021-10-20)

Bug Fixes
  • client: prevent socket.io from hanging due to mocked clocks (#​3695) (105da90)

6.3.4 (2021-06-14)

Bug Fixes

6.3.3 (2021-06-01)

Bug Fixes

6.3.2 (2021-03-29)

Bug Fixes

6.3.1 (2021-03-24)

Bug Fixes

v6.3.11

Compare Source

Features
  • support SRI verification of link tags (dc51a2e)
  • support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

6.3.19 (2022-04-19)

Bug Fixes
  • client: error out when opening a new tab fails (099b85e)

6.3.18 (2022-04-13)

Bug Fixes
  • deps: upgrade socket.io to v4.4.1 (52a30bb)

6.3.17 (2022-02-28)

Bug Fixes

6.3.16 (2022-02-10)

Bug Fixes
  • security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

6.3.14 (2022-02-05)

Bug Fixes
  • remove string template from client code (91d5acd)
  • warn when singleRun and autoWatch are false (69cfc76)
  • security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

6.3.12 (2022-01-24)

Bug Fixes
  • remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes
  • deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes
  • logger: create parent folders if they are missing (0d24bd9), closes #​3734

6.3.9 (2021-11-16)

Bug Fixes

6.3.8 (2021-11-07)

Bug Fixes
  • reporter: warning if stack trace contains generated code invocation (4f23b14)

6.3.7 (2021-11-01)

Bug Fixes
  • middleware: replace %X_UA_COMPATIBLE% marker anywhere in the file (f1aeaec), closes #​3711

6.3.6 (2021-10-25)

Bug Fixes

6.3.5 (2021-10-20)

Bug Fixes
  • client: prevent socket.io from hanging due to mocked clocks (#​3695) (105da90)

6.3.4 (2021-06-14)

Bug Fixes

6.3.3 (2021-06-01)

Bug Fixes

6.3.2 (2021-03-29)

Bug Fixes

6.3.1 (2021-03-24)

Bug Fixes

v6.3.10

Compare Source

Features
  • support SRI verification of link tags (dc51a2e)
  • support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

6.3.19 (2022-04-19)

Bug Fixes
  • client: error out when opening a new tab fails (099b85e)

6.3.18 (2022-04-13)

Bug Fixes
  • deps: upgrade socket.io to v4.4.1 (52a30bb)

6.3.17 (2022-02-28)

Bug Fixes

6.3.16 (2022-02-10)

Bug Fixes
  • security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

6.3.14 (2022-02-05)

Bug Fixes
  • remove string template from client code (91d5acd)
  • warn when singleRun and autoWatch are false (69cfc76)
  • security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

6.3.12 (2022-01-24)

Bug Fixes
  • remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes
  • deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes
  • logger: create parent folders if they are missing (0d24bd9), closes #​3734

6.3.9 (2021-11-16)

Bug Fixes

6.3.8 (2021-11-07)

Bug Fixes
  • reporter: warning if stack trace contains generated code invocation (4f23b14)

6.3.7 (2021-11-01)

Bug Fixes
  • middleware: replace %X_UA_COMPATIBLE% marker anywhere in the file (f1aeaec), closes #​3711

6.3.6 (2021-10-25)

Bug Fixes

6.3.5 (2021-10-20)

Bug Fixes
  • client: prevent socket.io from hanging due to mocked clocks (#​3695) (105da90)

6.3.4 (2021-06-14)

Bug Fixes

6.3.3 (2021-06-01)

Bug Fixes
  • server: clean up vestigial code from proxy ([#​3640](https://redi

Configuration

📅 Schedule: Branch creation - "" in timezone Asia/Tokyo, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the renovate label Mar 7, 2022
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from 8d1ceae to a7827f2 Compare March 26, 2022 12:46
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from a7827f2 to 8bd6499 Compare April 24, 2022 22:31
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from 8bd6499 to d42261f Compare May 15, 2022 21:20
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from d42261f to cf4b551 Compare June 18, 2022 14:35
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from cf4b551 to 687fe2e Compare September 25, 2022 12:54
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from 687fe2e to 4f8d05c Compare November 20, 2022 21:07
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch 2 times, most recently from 2e9f026 to fab2b36 Compare March 24, 2023 22:00
@renovate renovate bot changed the title Update dependency karma to v6.3.16 [SECURITY] Update dependency karma to v6.3.16 [SECURITY] - autoclosed Feb 24, 2024
@renovate renovate bot closed this Feb 24, 2024
@renovate renovate bot deleted the renovate/npm-karma-vulnerability branch February 24, 2024 04:54
@renovate renovate bot changed the title Update dependency karma to v6.3.16 [SECURITY] - autoclosed Update dependency karma to v6.3.16 [SECURITY] Feb 24, 2024
@renovate renovate bot reopened this Feb 24, 2024
@renovate renovate bot restored the renovate/npm-karma-vulnerability branch February 24, 2024 07:25
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch 2 times, most recently from 15e9d46 to 23449bf Compare February 25, 2024 10:27
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from 23449bf to 3dac81b Compare March 12, 2024 11:19
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from 3dac81b to fa2c838 Compare March 20, 2024 13:32
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from fa2c838 to a3e9b50 Compare April 14, 2024 09:10
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from a3e9b50 to f5856a1 Compare April 21, 2024 10:42
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from f5856a1 to 207e902 Compare June 4, 2024 11:02
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from 207e902 to 85d11ca Compare July 21, 2024 15:18
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from 85d11ca to e5d564e Compare August 6, 2024 06:47
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from e5d564e to 103fc38 Compare August 18, 2024 16:13
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from 103fc38 to 1584f47 Compare August 28, 2024 08:30
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from 1584f47 to b761073 Compare October 9, 2024 10:36
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from b761073 to 7fe1289 Compare December 2, 2024 11:09
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from 7fe1289 to 9f7643f Compare January 23, 2025 17:44
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from 9f7643f to 75b6816 Compare January 30, 2025 14:23
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from 75b6816 to dadc592 Compare February 9, 2025 13:49
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from dadc592 to cdd86d1 Compare March 3, 2025 15:50
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from cdd86d1 to c52aba0 Compare March 11, 2025 13:45
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch 2 times, most recently from bc2e402 to 1bed0e4 Compare April 8, 2025 10:46
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from 1bed0e4 to b4e113f Compare April 24, 2025 06:12
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from b4e113f to d526fbe Compare May 19, 2025 17:27
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch 2 times, most recently from 2f74ecc to afb2d22 Compare June 4, 2025 10:50
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from afb2d22 to c79b18c Compare June 22, 2025 14:03
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from c79b18c to f804f9b Compare July 2, 2025 14:29
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from f804f9b to 7a8d22c Compare August 10, 2025 13:08
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from 7a8d22c to 8fa0a40 Compare August 19, 2025 13:56
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from 8fa0a40 to 58521d3 Compare September 25, 2025 19:56
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

@sasaplus1 sasaplus1

Labels

renovate

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sasaplus1