Skip to content

Comments

Update dependency karma to v6 [SECURITY]#499

Open
renovate[bot] wants to merge 1 commit intomasterfrom
renovate/npm-karma-vulnerability
Open

Update dependency karma to v6 [SECURITY]#499
renovate[bot] wants to merge 1 commit intomasterfrom
renovate/npm-karma-vulnerability

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Jan 27, 2025

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
karma (source) 1.3.06.3.16 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2022-0437

karma prior to version 6.3.14 contains a cross-site scripting vulnerability.

CVE-2021-23495

Karma before 6.3.16 is vulnerable to Open Redirect due to missing validation of the return_url query parameter.


Release Notes

karma-runner/karma (karma)

v6.3.16

Compare Source

Features
  • support SRI verification of link tags (dc51a2e)
  • support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

6.3.19 (2022-04-19)

Bug Fixes
  • client: error out when opening a new tab fails (099b85e)

6.3.18 (2022-04-13)

Bug Fixes
  • deps: upgrade socket.io to v4.4.1 (52a30bb)

6.3.17 (2022-02-28)

Bug Fixes

6.3.16 (2022-02-10)

Bug Fixes
  • security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

6.3.14 (2022-02-05)

Bug Fixes
  • remove string template from client code (91d5acd)
  • warn when singleRun and autoWatch are false (69cfc76)
  • security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

6.3.12 (2022-01-24)

Bug Fixes
  • remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes
  • deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes
  • logger: create parent folders if they are missing (0d24bd9), closes #​3734

6.3.9 (2021-11-16)

Bug Fixes

6.3.8 (2021-11-07)

Bug Fixes
  • reporter: warning if stack trace contains generated code invocation (4f23b14)

6.3.7 (2021-11-01)

Bug Fixes
  • middleware: replace %X_UA_COMPATIBLE% marker anywhere in the file (f1aeaec), closes #​3711

6.3.6 (2021-10-25)

Bug Fixes

6.3.5 (2021-10-20)

Bug Fixes
  • client: prevent socket.io from hanging due to mocked clocks (#​3695) (105da90)

6.3.4 (2021-06-14)

Bug Fixes

6.3.3 (2021-06-01)

Bug Fixes

6.3.2 (2021-03-29)

Bug Fixes

6.3.1 (2021-03-24)

Bug Fixes

v6.3.15

Compare Source

Features
  • support SRI verification of link tags (dc51a2e)
  • support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

6.3.19 (2022-04-19)

Bug Fixes
  • client: error out when opening a new tab fails (099b85e)

6.3.18 (2022-04-13)

Bug Fixes
  • deps: upgrade socket.io to v4.4.1 (52a30bb)

6.3.17 (2022-02-28)

Bug Fixes

6.3.16 (2022-02-10)

Bug Fixes
  • security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

6.3.14 (2022-02-05)

Bug Fixes
  • remove string template from client code (91d5acd)
  • warn when singleRun and autoWatch are false (69cfc76)
  • security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

6.3.12 (2022-01-24)

Bug Fixes
  • remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes
  • deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes
  • logger: create parent folders if they are missing (0d24bd9), closes #​3734

6.3.9 (2021-11-16)

Bug Fixes

6.3.8 (2021-11-07)

Bug Fixes
  • reporter: warning if stack trace contains generated code invocation (4f23b14)

6.3.7 (2021-11-01)

Bug Fixes
  • middleware: replace %X_UA_COMPATIBLE% marker anywhere in the file (f1aeaec), closes #​3711

6.3.6 (2021-10-25)

Bug Fixes

6.3.5 (2021-10-20)

Bug Fixes
  • client: prevent socket.io from hanging due to mocked clocks (#​3695) (105da90)

6.3.4 (2021-06-14)

Bug Fixes

6.3.3 (2021-06-01)

Bug Fixes

6.3.2 (2021-03-29)

Bug Fixes

6.3.1 (2021-03-24)

Bug Fixes

v6.3.14

Compare Source

Features
  • support SRI verification of link tags (dc51a2e)
  • support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

6.3.19 (2022-04-19)

Bug Fixes
  • client: error out when opening a new tab fails (099b85e)

6.3.18 (2022-04-13)

Bug Fixes
  • deps: upgrade socket.io to v4.4.1 (52a30bb)

6.3.17 (2022-02-28)

Bug Fixes

6.3.16 (2022-02-10)

Bug Fixes
  • security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

6.3.14 (2022-02-05)

Bug Fixes
  • remove string template from client code (91d5acd)
  • warn when singleRun and autoWatch are false (69cfc76)
  • security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

6.3.12 (2022-01-24)

Bug Fixes
  • remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes
  • deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes
  • logger: create parent folders if they are missing (0d24bd9), closes #​3734

6.3.9 (2021-11-16)

Bug Fixes

6.3.8 (2021-11-07)

Bug Fixes
  • reporter: warning if stack trace contains generated code invocation (4f23b14)

6.3.7 (2021-11-01)

Bug Fixes
  • middleware: replace %X_UA_COMPATIBLE% marker anywhere in the file (f1aeaec), closes #​3711

6.3.6 (2021-10-25)

Bug Fixes

6.3.5 (2021-10-20)

Bug Fixes
  • client: prevent socket.io from hanging due to mocked clocks (#​3695) (105da90)

6.3.4 (2021-06-14)

Bug Fixes

6.3.3 (2021-06-01)

Bug Fixes

6.3.2 (2021-03-29)

Bug Fixes

6.3.1 (2021-03-24)

Bug Fixes

v6.3.13

Compare Source

Features
  • support SRI verification of link tags (dc51a2e)
  • support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

6.3.19 (2022-04-19)

Bug Fixes
  • client: error out when opening a new tab fails (099b85e)

6.3.18 (2022-04-13)

Bug Fixes
  • deps: upgrade socket.io to v4.4.1 (52a30bb)

6.3.17 (2022-02-28)

Bug Fixes

6.3.16 (2022-02-10)

Bug Fixes
  • security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

6.3.14 (2022-02-05)

Bug Fixes
  • remove string template from client code (91d5acd)
  • warn when singleRun and autoWatch are false (69cfc76)
  • security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

6.3.12 (2022-01-24)

Bug Fixes
  • remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes
  • deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes
  • logger: create parent folders if they are missing (0d24bd9), closes #​3734

6.3.9 (2021-11-16)

Bug Fixes

6.3.8 (2021-11-07)

Bug Fixes
  • reporter: warning if stack trace contains generated code invocation (4f23b14)

6.3.7 (2021-11-01)

Bug Fixes
  • middleware: replace %X_UA_COMPATIBLE% marker anywhere in the file (f1aeaec), closes #​3711

6.3.6 (2021-10-25)

Bug Fixes

6.3.5 (2021-10-20)

Bug Fixes
  • client: prevent socket.io from hanging due to mocked clocks (#​3695) (105da90)

6.3.4 (2021-06-14)

Bug Fixes

6.3.3 (2021-06-01)

Bug Fixes

6.3.2 (2021-03-29)

Bug Fixes

6.3.1 (2021-03-24)

Bug Fixes

v6.3.12

Compare Source

Features
  • support SRI verification of link tags (dc51a2e)
  • support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

6.3.19 (2022-04-19)

Bug Fixes
  • client: error out when opening a new tab fails (099b85e)

6.3.18 (2022-04-13)

Bug Fixes
  • deps: upgrade socket.io to v4.4.1 (52a30bb)

6.3.17 (2022-02-28)

Bug Fixes

6.3.16 (2022-02-10)

Bug Fixes
  • security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

6.3.14 (2022-02-05)

Bug Fixes
  • remove string template from client code (91d5acd)
  • warn when singleRun and autoWatch are false (69cfc76)
  • security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

6.3.12 (2022-01-24)

Bug Fixes
  • remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes
  • deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes
  • logger: create parent folders if they are missing (0d24bd9), closes #​3734

6.3.9 (2021-11-16)

Bug Fixes

6.3.8 (2021-11-07)

Bug Fixes
  • reporter: warning if stack trace contains generated code invocation (4f23b14)

6.3.7 (2021-11-01)

Bug Fixes
  • middleware: replace %X_UA_COMPATIBLE% marker anywhere in the file (f1aeaec), closes #​3711

6.3.6 (2021-10-25)

Bug Fixes

6.3.5 (2021-10-20)

Bug Fixes
  • client: prevent socket.io from hanging due to mocked clocks (#​3695) (105da90)

6.3.4 (2021-06-14)

Bug Fixes

6.3.3 (2021-06-01)

Bug Fixes

6.3.2 (2021-03-29)

Bug Fixes

6.3.1 (2021-03-24)

Bug Fixes

v6.3.11

Compare Source

Features
  • support SRI verification of link tags (dc51a2e)
  • support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

6.3.19 (2022-04-19)

Bug Fixes
  • client: error out when opening a new tab fails (099b85e)

6.3.18 (2022-04-13)

Bug Fixes
  • deps: upgrade socket.io to v4.4.1 (52a30bb)

6.3.17 (2022-02-28)

Bug Fixes

6.3.16 (2022-02-10)

Bug Fixes
  • security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

6.3.14 (2022-02-05)

Bug Fixes
  • remove string template from client code (91d5acd)
  • warn when singleRun and autoWatch are false (69cfc76)
  • security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

6.3.12 (2022-01-24)

Bug Fixes
  • remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes
  • deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes
  • logger: create parent folders if they are missing (0d24bd9), closes #​3734

6.3.9 (2021-11-16)

Bug Fixes

6.3.8 (2021-11-07)

Bug Fixes
  • reporter: warning if stack trace contains generated code invocation (4f23b14)

6.3.7 (2021-11-01)

Bug Fixes
  • middleware: replace %X_UA_COMPATIBLE% marker anywhere in the file (f1aeaec), closes #​3711

6.3.6 (2021-10-25)

Bug Fixes

6.3.5 (2021-10-20)

Bug Fixes
  • client: prevent socket.io from hanging due to mocked clocks (#​3695) (105da90)

6.3.4 (2021-06-14)

Bug Fixes

6.3.3 (2021-06-01)

Bug Fixes

6.3.2 (2021-03-29)

Bug Fixes

6.3.1 (2021-03-24)

Bug Fixes

v6.3.10

Compare Source

Features
  • support SRI verification of link tags (dc51a2e)
  • support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

6.3.19 (2022-04-19)

Bug Fixes
  • client: error out when opening a new tab fails (099b85e)

6.3.18 (2022-04-13)

Bug Fixes
  • deps: upgrade socket.io to v4.4.1 (52a30bb)

6.3.17 (2022-02-28)

Bug Fixes

6.3.16 (2022-02-10)

Bug Fixes
  • security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

6.3.14 (2022-02-05)

Bug Fixes
  • remove string template from client code (91d5acd)
  • warn when singleRun and autoWatch are false (69cfc76)
  • security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

6.3.12 (2022-01-24)

Bug Fixes
  • remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes
  • deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes
  • logger: create parent folders if they are missing (0d24bd9), closes #​3734

6.3.9 (2021-11-16)

Bug Fixes

6.3.8 (2021-11-07)

Bug Fixes
  • reporter: warning if stack trace contains generated code invocation (4f23b14)

6.3.7 (2021-11-01)

Bug Fixes
  • middleware: replace %X_UA_COMPATIBLE% marker anywhere in the file (f1aeaec), closes #​3711

6.3.6 (2021-10-25)

Bug Fixes

6.3.5 (2021-10-20)

Bug Fixes
  • client: prevent socket.io from hanging due to mocked clocks (#​3695) (105da90)

6.3.4 (2021-06-14)

Bug Fixes

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from c01ad97 to e7e59a4 Compare May 5, 2025 13:33
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from e7e59a4 to bf99b05 Compare June 24, 2025 19:42
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from bf99b05 to 8ed77a7 Compare August 14, 2025 16:08
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from 8ed77a7 to e361159 Compare August 24, 2025 03:32
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from e361159 to e64cae4 Compare September 1, 2025 14:51
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from e64cae4 to 7b6db9f Compare September 26, 2025 07:12
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch 7 times, most recently from 957e9c1 to 54f76a3 Compare November 18, 2025 14:10
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch 2 times, most recently from a51e18e to 541ac5b Compare December 4, 2025 15:36
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from 541ac5b to 7b14326 Compare December 22, 2025 15:30
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from 7b14326 to 4d9edf0 Compare December 31, 2025 18:09
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from 4d9edf0 to e98e184 Compare January 22, 2026 20:28
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from e98e184 to 43bddfd Compare February 2, 2026 16:06
@miq-bot
Copy link
Member

miq-bot commented Feb 2, 2026

Checked commit 43bddfd with ruby 3.3.10, rubocop 1.56.3, haml-lint 0.69.0, and yamllint
0 files checked, 0 offenses detected
Everything looks fine. 🍪

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant