chore(deps): update dependency karma to v6 [security] #12

renovate · 2024-04-08T12:51:16Z

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
karma (source)	`~5.0.0` -> `~6.3.0`

GitHub Vulnerability Alerts

CVE-2022-0437

karma prior to version 6.3.14 contains a cross-site scripting vulnerability.

CVE-2021-23495

Karma before 6.3.16 is vulnerable to Open Redirect due to missing validation of the return_url query parameter.

Release Notes

karma-runner/karma (karma)

`v6.3.16`

Compare Source

Features

support SRI verification of link tags (dc51a2e)
support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

prefer IPv4 addresses when resolving domains (e17698f), closes #3730

6.3.19 (2022-04-19)

Bug Fixes

client: error out when opening a new tab fails (099b85e)

6.3.18 (2022-04-13)

Bug Fixes

deps: upgrade socket.io to v4.4.1 (52a30bb)

6.3.17 (2022-02-28)

Bug Fixes

deps: update colors to maintained version (#3763) (fca1884)

6.3.16 (2022-02-10)

Bug Fixes

security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

helper: make mkdirIfNotExists helper resilient to concurrent calls (d9dade2), closes /github.com/karma-runner/karma-coverage/issues/434#issuecomment-1017939333

6.3.14 (2022-02-05)

Bug Fixes

remove string template from client code (91d5acd)
warn when singleRun and autoWatch are false (69cfc76)
security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

deps: bump log4js to resolve security issue (5bf2df3), closes #3751

6.3.12 (2022-01-24)

Bug Fixes

remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes

deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes

logger: create parent folders if they are missing (0d24bd9), closes #3734

6.3.9 (2021-11-16)

Bug Fixes

restartOnFileChange option not restarting the test run (92ffe60), closes #27 #3724

6.3.8 (2021-11-07)

Bug Fixes

reporter: warning if stack trace contains generated code invocation (4f23b14)

6.3.7 (2021-11-01)

Bug Fixes

middleware: replace %X_UA_COMPATIBLE% marker anywhere in the file (f1aeaec), closes #3711

6.3.6 (2021-10-25)

Bug Fixes

bump vulnerable ua-parser-js version (6f2b2ec), closes #3713

6.3.5 (2021-10-20)

Bug Fixes

client: prevent socket.io from hanging due to mocked clocks (#3695) (105da90)

6.3.4 (2021-06-14)

Bug Fixes

bump production dependencies within SemVer ranges (#3682) (36467a8), closes #3680

6.3.3 (2021-06-01)

Bug Fixes

server: clean up vestigial code from proxy (#3640) (f4aeac3), closes /tools.ietf.org/html/std66#section-3

6.3.2 (2021-03-29)

Bug Fixes

fix running tests in IE9 (#3668) (0055bc5), closes /github.com/karma-runner/karma/blob/026fff870913fb6cd2858dd962935dc74c92b725/client/main.js#L14 #3665

6.3.1 (2021-03-24)

Bug Fixes

client: clearContext after complete sent (#3657) (c0962e3)

`v6.3.15`

Compare Source

Features

support SRI verification of link tags (dc51a2e)
support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

prefer IPv4 addresses when resolving domains (e17698f), closes #3730

6.3.19 (2022-04-19)

Bug Fixes

client: error out when opening a new tab fails (099b85e)

6.3.18 (2022-04-13)

Bug Fixes

deps: upgrade socket.io to v4.4.1 (52a30bb)

6.3.17 (2022-02-28)

Bug Fixes

deps: update colors to maintained version (#3763) (fca1884)

6.3.16 (2022-02-10)

Bug Fixes

security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

helper: make mkdirIfNotExists helper resilient to concurrent calls (d9dade2), closes /github.com/karma-runner/karma-coverage/issues/434#issuecomment-1017939333

6.3.14 (2022-02-05)

Bug Fixes

remove string template from client code (91d5acd)
warn when singleRun and autoWatch are false (69cfc76)
security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

deps: bump log4js to resolve security issue (5bf2df3), closes #3751

6.3.12 (2022-01-24)

Bug Fixes

remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes

deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes

logger: create parent folders if they are missing (0d24bd9), closes #3734

6.3.9 (2021-11-16)

Bug Fixes

restartOnFileChange option not restarting the test run (92ffe60), closes #27 #3724

6.3.8 (2021-11-07)

Bug Fixes

reporter: warning if stack trace contains generated code invocation (4f23b14)

6.3.7 (2021-11-01)

Bug Fixes

middleware: replace %X_UA_COMPATIBLE% marker anywhere in the file (f1aeaec), closes #3711

6.3.6 (2021-10-25)

Bug Fixes

bump vulnerable ua-parser-js version (6f2b2ec), closes #3713

6.3.5 (2021-10-20)

Bug Fixes

client: prevent socket.io from hanging due to mocked clocks (#3695) (105da90)

6.3.4 (2021-06-14)

Bug Fixes

bump production dependencies within SemVer ranges (#3682) (36467a8), closes #3680

6.3.3 (2021-06-01)

Bug Fixes

server: clean up vestigial code from proxy (#3640) (f4aeac3), closes /tools.ietf.org/html/std66#section-3

6.3.2 (2021-03-29)

Bug Fixes

fix running tests in IE9 (#3668) (0055bc5), closes /github.com/karma-runner/karma/blob/026fff870913fb6cd2858dd962935dc74c92b725/client/main.js#L14 #3665

6.3.1 (2021-03-24)

Bug Fixes

client: clearContext after complete sent (#3657) (c0962e3)

`v6.3.14`

Compare Source

Features

support SRI verification of link tags (dc51a2e)
support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

prefer IPv4 addresses when resolving domains (e17698f), closes #3730

6.3.19 (2022-04-19)

Bug Fixes

client: error out when opening a new tab fails (099b85e)

6.3.18 (2022-04-13)

Bug Fixes

deps: upgrade socket.io to v4.4.1 (52a30bb)

6.3.17 (2022-02-28)

Bug Fixes

deps: update colors to maintained version (#3763) (fca1884)

6.3.16 (2022-02-10)

Bug Fixes

security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

helper: make mkdirIfNotExists helper resilient to concurrent calls (d9dade2), closes /github.com/karma-runner/karma-coverage/issues/434#issuecomment-1017939333

6.3.14 (2022-02-05)

Bug Fixes

remove string template from client code (91d5acd)
warn when singleRun and autoWatch are false (69cfc76)
security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

deps: bump log4js to resolve security issue (5bf2df3), closes #3751

6.3.12 (2022-01-24)

Bug Fixes

remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes

deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes

logger: create parent folders if they are missing (0d24bd9), closes #3734

6.3.9 (2021-11-16)

Bug Fixes

restartOnFileChange option not restarting the test run (92ffe60), closes #27 #3724

6.3.8 (2021-11-07)

Bug Fixes

reporter: warning if stack trace contains generated code invocation (4f23b14)

6.3.7 (2021-11-01)

Bug Fixes

middleware: replace %X_UA_COMPATIBLE% marker anywhere in the file (f1aeaec), closes #3711

6.3.6 (2021-10-25)

Bug Fixes

bump vulnerable ua-parser-js version (6f2b2ec), closes #3713

6.3.5 (2021-10-20)

Bug Fixes

client: prevent socket.io from hanging due to mocked clocks (#3695) (105da90)

6.3.4 (2021-06-14)

Bug Fixes

bump production dependencies within SemVer ranges (#3682) (36467a8), closes #3680

6.3.3 (2021-06-01)

Bug Fixes

server: clean up vestigial code from proxy (#3640) (f4aeac3), closes /tools.ietf.org/html/std66#section-3

6.3.2 (2021-03-29)

Bug Fixes

fix running tests in IE9 (#3668) (0055bc5), closes /github.com/karma-runner/karma/blob/026fff870913fb6cd2858dd962935dc74c92b725/client/main.js#L14 #3665

6.3.1 (2021-03-24)

Bug Fixes

client: clearContext after complete sent (#3657) (c0962e3)

`v6.3.13`

Compare Source

Features

support SRI verification of link tags (dc51a2e)
support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

prefer IPv4 addresses when resolving domains (e17698f), closes #3730

6.3.19 (2022-04-19)

Bug Fixes

client: error out when opening a new tab fails (099b85e)

6.3.18 (2022-04-13)

Bug Fixes

deps: upgrade socket.io to v4.4.1 (52a30bb)

6.3.17 (2022-02-28)

Bug Fixes

deps: update colors to maintained version (#3763) (fca1884)

6.3.16 (2022-02-10)

Bug Fixes

security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

helper: make mkdirIfNotExists helper resilient to concurrent calls (d9dade2), closes /github.com/karma-runner/karma-coverage/issues/434#issuecomment-1017939333

6.3.14 (2022-02-05)

Bug Fixes

remove string template from client code (91d5acd)
warn when singleRun and autoWatch are false (69cfc76)
security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

deps: bump log4js to resolve security issue (5bf2df3), closes #3751

6.3.12 (2022-01-24)

Bug Fixes

remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes

deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes

logger: create parent folders if they are missing (0d24bd9), closes #3734

6.3.9 (2021-11-16)

Bug Fixes

restartOnFileChange option not restarting the test run (92ffe60), closes #27 #3724

6.3.8 (2021-11-07)

Bug Fixes

reporter: warning if stack trace contains generated code invocation (4f23b14)

6.3.7 (2021-11-01)

Bug Fixes

middleware: replace %X_UA_COMPATIBLE% marker anywhere in the file (f1aeaec), closes #3711

6.3.6 (2021-10-25)

Bug Fixes

bump vulnerable ua-parser-js version (6f2b2ec), closes #3713

6.3.5 (2021-10-20)

Bug Fixes

client: prevent socket.io from hanging due to mocked clocks (#3695) (105da90)

6.3.4 (2021-06-14)

Bug Fixes

bump production dependencies within SemVer ranges (#3682) (36467a8), closes #3680

6.3.3 (2021-06-01)

Bug Fixes

server: clean up vestigial code from proxy (#3640) (f4aeac3), closes /tools.ietf.org/html/std66#section-3

6.3.2 (2021-03-29)

Bug Fixes

fix running tests in IE9 (#3668) (0055bc5), closes /github.com/karma-runner/karma/blob/026fff870913fb6cd2858dd962935dc74c92b725/client/main.js#L14 #3665

6.3.1 (2021-03-24)

Bug Fixes

client: clearContext after complete sent (#3657) (c0962e3)

`v6.3.12`

Compare Source

Features

support SRI verification of link tags (dc51a2e)
support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

prefer IPv4 addresses when resolving domains (e17698f), closes #3730

6.3.19 (2022-04-19)

Bug Fixes

client: error out when opening a new tab fails (099b85e)

6.3.18 (2022-04-13)

Bug Fixes

deps: upgrade socket.io to v4.4.1 (52a30bb)

6.3.17 (2022-02-28)

Bug Fixes

deps: update colors to maintained version (#3763) (fca1884)

6.3.16 (2022-02-10)

Bug Fixes

security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

helper: make mkdirIfNotExists helper resilient to concurrent calls (d9dade2), closes /github.com/karma-runner/karma-coverage/issues/434#issuecomment-1017939333

6.3.14 (2022-02-05)

Bug Fixes

remove string template from client code (91d5acd)
warn when singleRun and autoWatch are false (69cfc76)
security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

deps: bump log4js to resolve security issue (5bf2df3), closes #3751

6.3.12 (2022-01-24)

Bug Fixes

remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes

deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes

logger: create parent folders if they are missing (0d24bd9), closes #3734

6.3.9 (2021-11-16)

Bug Fixes

restartOnFileChange option not restarting the test run (92ffe60), closes #27 #3724

6.3.8 (2021-11-07)

Bug Fixes

reporter: warning if stack trace contains generated code invocation (4f23b14)

6.3.7 (2021-11-01)

Bug Fixes

middleware: replace %X_UA_COMPATIBLE% marker anywhere in the file (f1aeaec), closes #3711

6.3.6 (2021-10-25)

Bug Fixes

bump vulnerable ua-parser-js version (6f2b2ec), closes #3713

6.3.5 (2021-10-20)

Bug Fixes

client: prevent socket.io from hanging due to mocked clocks (#3695) (105da90)

6.3.4 (2021-06-14)

Bug Fixes

bump production dependencies within SemVer ranges (#3682) (36467a8), closes #3680

6.3.3 (2021-06-01)

Bug Fixes

server: clean up vestigial code from proxy (#3640) (f4aeac3), closes /tools.ietf.org/html/std66#section-3

6.3.2 (2021-03-29)

Bug Fixes

fix running tests in IE9 (#3668) (0055bc5), closes /github.com/karma-runner/karma/blob/026fff870913fb6cd2858dd962935dc74c92b725/client/main.js#L14 #3665

6.3.1 (2021-03-24)

Bug Fixes

client: clearContext after complete sent (#3657) (c0962e3)

`v6.3.11`

Compare Source

Features

support SRI verification of link tags (dc51a2e)
support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

prefer IPv4 addresses when resolving domains (e17698f), closes #3730

6.3.19 (2022-04-19)

Bug Fixes

client: error out when opening a new tab fails (099b85e)

6.3.18 (2022-04-13)

Bug Fixes

deps: upgrade socket.io to v4.4.1 (52a30bb)

6.3.17 (2022-02-28)

Bug Fixes

deps: update colors to maintained version (#3763) (fca1884)

6.3.16 (2022-02-10)

Bug Fixes

security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

helper: make mkdirIfNotExists helper resilient to concurrent calls (d9dade2), closes /github.com/karma-runner/karma-coverage/issues/434#issuecomment-1017939333

6.3.14 (2022-02-05)

Bug Fixes

remove string template from client code (91d5acd)
warn when singleRun and autoWatch are false (69cfc76)
security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

deps: bump log4js to resolve security issue (5bf2df3), closes #3751

6.3.12 (2022-01-24)

Bug Fixes

remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes

deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes

logger: create parent folders if they are missing (0d24bd9), closes #3734

6.3.9 (2021-11-16)

Bug Fixes

restartOnFileChange option not restarting the test run (92ffe60), closes #27 #3724

6.3.8 (2021-11-07)

Bug Fixes

reporter: warning if stack trace contains generated code invocation (4f23b14)

6.3.7 (2021-11-01)

Bug Fixes

middleware: replace %X_UA_COMPATIBLE% marker anywhere in the file (f1aeaec), closes #3711

6.3.6 (2021-10-25)

Bug Fixes

bump vulnerable ua-parser-js version (6f2b2ec), closes #3713

6.3.5 (2021-10-20)

Bug Fixes

client: prevent socket.io from hanging due to mocked clocks (#3695) (105da90)

6.3.4 (2021-06-14)

Bug Fixes

bump production dependencies within SemVer ranges (#3682) (36467a8), closes #3680

6.3.3 (2021-06-01)

Bug Fixes

server: clean up vestigial code from proxy (#3640) (f4aeac3), closes /tools.ietf.org/html/std66#section-3

6.3.2 (2021-03-29)

Bug Fixes

fix running tests in IE9 (#3668) (0055bc5), closes /github.com/karma-runner/karma/blob/026fff870913fb6cd2858dd962935dc74c92b725/client/main.js#L14 #3665

6.3.1 (2021-03-24)

Bug Fixes

client: clearContext after complete sent (#3657) (c0962e3)

`v6.3.10`

Compare Source

Features

support SRI verification of link tags (dc51a2e)
support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

prefer IPv4 addresses when resolving domains (e17698f), closes #3730

6.3.19 (2022-04-19)

Bug Fixes

client: error out when opening a new tab fails (099b85e)

6.3.18 (2022-04-13)

Bug Fixes

deps: upgrade socket.io to v4.4.1 (52a30bb)

6.3.17 (2022-02-28)

Bug Fixes

deps: update colors to maintained version (#3763) (fca1884)

6.3.16 (2022-02-10)

Bug Fixes

security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

helper: make mkdirIfNotExists helper resilient to concurrent calls (d9dade2), closes /github.com/karma-runner/karma-coverage/issues/434#issuecomment-1017939333

6.3.14 (2022-02-05)

Bug Fixes

remove string template from client code (91d5acd)
warn when singleRun and autoWatch are false (69cfc76)
security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

deps: bump log4js to resolve security issue (5bf2df3), closes #3751

6.3.12 (2022-01-24)

Bug Fixes

remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes

deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes

logger: create parent folders if they are missing (0d24bd9), closes #3734

6.3.9 (2021-11-16)

Bug Fixes

restartOnFileChange option not restarting the test run (92ffe60), closes #27 #3724

6.3.8 (2021-11-07)

Bug Fixes

reporter: warning if stack trace contains generated code invocation (4f23b14)

6.3.7 (2021-11-01)

Bug Fixes

middleware: replace %X_UA_COMPATIBLE% marker anywhere in the file (f1aeaec), closes #3711

6.3.6 (2021-10-25)

Bug Fixes

bump vulnerable ua-parser-js version (6f2b2ec), closes #3713

6.3.5 (2021-10-20)

Bug Fixes

client: prevent socket.io from hanging due to mocked clocks (#3695) (105da90)

6.3.4 (2021-06-14)

Bug Fixes

bump production dependencies within SemVer ranges (#3682) (36467a8), closes #3680

[6.3.3](https://red

Configuration

📅 Schedule: Branch creation - "" in timezone Europe/Zurich, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate bot force-pushed the renovate/npm-karma-vulnerability branch from 6577e93 to 75dad47 Compare August 14, 2025 20:05

renovate bot force-pushed the renovate/npm-karma-vulnerability branch from 75dad47 to 045b169 Compare August 24, 2025 03:33

chore(deps): update dependency karma to v6 [security]

a6d14e1

renovate bot force-pushed the renovate/npm-karma-vulnerability branch from 045b169 to a6d14e1 Compare September 26, 2025 07:51

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

chore(deps): update dependency karma to v6 [security] #12

chore(deps): update dependency karma to v6 [security] #12

Uh oh!

renovate bot commented Apr 8, 2024 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

chore(deps): update dependency karma to v6 [security] #12

Are you sure you want to change the base?

chore(deps): update dependency karma to v6 [security] #12

Uh oh!

Conversation

renovate bot commented Apr 8, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

GitHub Vulnerability Alerts

CVE-2022-0437

CVE-2021-23495

Release Notes

v6.3.16

Features

6.3.20 (2022-05-13)

Bug Fixes

6.3.19 (2022-04-19)

Bug Fixes

6.3.18 (2022-04-13)

Bug Fixes

6.3.17 (2022-02-28)

Bug Fixes

6.3.16 (2022-02-10)

Bug Fixes

6.3.15 (2022-02-05)

Bug Fixes

6.3.14 (2022-02-05)

Bug Fixes

6.3.13 (2022-01-31)

Bug Fixes

6.3.12 (2022-01-24)

Bug Fixes

6.3.11 (2022-01-13)

Bug Fixes

6.3.10 (2022-01-08)

Bug Fixes

6.3.9 (2021-11-16)

Bug Fixes

6.3.8 (2021-11-07)

Bug Fixes

6.3.7 (2021-11-01)

Bug Fixes

6.3.6 (2021-10-25)

Bug Fixes

6.3.5 (2021-10-20)

Bug Fixes

6.3.4 (2021-06-14)

Bug Fixes

6.3.3 (2021-06-01)

Bug Fixes

6.3.2 (2021-03-29)

Bug Fixes

6.3.1 (2021-03-24)

Bug Fixes

v6.3.15

Features

6.3.20 (2022-05-13)

Bug Fixes

6.3.19 (2022-04-19)

Bug Fixes

6.3.18 (2022-04-13)

Bug Fixes

6.3.17 (2022-02-28)

Bug Fixes

6.3.16 (2022-02-10)

Bug Fixes

6.3.15 (2022-02-05)

Bug Fixes

6.3.14 (2022-02-05)

Bug Fixes

6.3.13 (2022-01-31)

Bug Fixes

6.3.12 (2022-01-24)

Bug Fixes

6.3.11 (2022-01-13)

Bug Fixes

6.3.10 (2022-01-08)

Bug Fixes

6.3.9 (2021-11-16)

Bug Fixes

renovate bot commented Apr 8, 2024 •

edited

Loading

`v6.3.16`

`v6.3.15`

`v6.3.14`

`v6.3.13`