[Snyk] Upgrade karma from 3.1.4 to 6.4.1 #3

snyk-bot · 2022-10-23T00:11:23Z

Snyk has created this PR to upgrade karma from 3.1.4 to 6.4.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

The recommended version is 55 versions ahead of your current version.
The recommended version was released a month ago, on 2022-09-19.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Access Restriction Bypass SNYK-JS-XMLHTTPREQUESTSSL-1255647	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Proof of Concept
Arbitrary Code Injection SNYK-JS-XMLHTTPREQUESTSSL-1082936	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-USERAGENT-174737	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	No Known Exploit
Denial of Service (DoS) SNYK-JS-SOCKETIOPARSER-1056752	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Proof of Concept
Denial of Service (DoS) SNYK-JS-ENGINEIO-1056749	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Proof of Concept
Insecure Defaults SNYK-JS-SOCKETIO-1024859	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Proof of Concept
Information Exposure SNYK-JS-LOG4JS-2348757	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	No Known Exploit
Open Redirect SNYK-JS-KARMA-2396325	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	No Known Exploit
Cross-site Scripting (XSS) SNYK-JS-KARMA-2395349	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) npm:braces:20180219	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: karma

6.4.1 - 2022-09-19
6.4.1 (2022-09-19)

Bug Fixes
- pass integrity value (63d86be)
6.4.0 - 2022-06-14
6.4.0 (2022-06-14)

Features
- support SRI verification of link tags (dc51a2e)
- support SRI verification of script tags (6a54b1c)
6.3.20 - 2022-05-13
6.3.20 (2022-05-13)

Bug Fixes
- prefer IPv4 addresses when resolving domains (e17698f), closes #3730
6.3.19 - 2022-04-19
6.3.19 (2022-04-19)

Bug Fixes
- client: error out when opening a new tab fails (099b85e)
6.3.18 - 2022-04-13
6.3.18 (2022-04-13)

Bug Fixes
- deps: upgrade socket.io to v4.4.1 (52a30bb)
6.3.17 - 2022-02-28
6.3.17 (2022-02-28)

Bug Fixes
- deps: update colors to maintained version (#3763) (fca1884)
6.3.16 - 2022-02-10
6.3.16 (2022-02-10)

Bug Fixes
- security: mitigate the "Open Redirect Vulnerability" (ff7edbb)
6.3.15 - 2022-02-05
6.3.15 (2022-02-05)

Bug Fixes
- helper: make mkdirIfNotExists helper resilient to concurrent calls (d9dade2), closes /github.com/karma-runner/karma-coverage/issues/434#issuecomment-1017939333
6.3.14 - 2022-02-05
6.3.14 (2022-02-05)

Bug Fixes
- remove string template from client code (91d5acd)
- warn when singleRun and autoWatch are false (69cfc76)
- security: remove XSS vulnerability in returnUrl query param (839578c)
6.3.13 - 2022-01-31
6.3.13 (2022-01-31)

Bug Fixes
- deps: bump log4js to resolve security issue (5bf2df3), closes #3751
6.3.12 - 2022-01-24
6.3.11 - 2022-01-13
6.3.10 - 2022-01-08
6.3.9 - 2021-11-16
6.3.8 - 2021-11-07
6.3.7 - 2021-11-01
6.3.6 - 2021-10-25
6.3.5 - 2021-10-20
6.3.4 - 2021-06-14
6.3.3 - 2021-06-01
6.3.2 - 2021-03-29
6.3.1 - 2021-03-24
6.3.0 - 2021-03-23
6.2.0 - 2021-03-10
6.1.2 - 2021-03-09
6.1.1 - 2021-02-12
6.1.0 - 2021-02-03
6.0.4 - 2021-02-01
6.0.3 - 2021-01-27
6.0.2 - 2021-01-25
6.0.1 - 2021-01-20
6.0.0 - 2021-01-13
5.2.3 - 2020-09-25
5.2.2 - 2020-09-08
5.2.1 - 2020-09-02
5.2.0 - 2020-08-31
5.1.1 - 2020-07-28
5.1.0 - 2020-06-11
5.0.9 - 2020-05-19
5.0.8 - 2020-05-18
5.0.7 - 2020-05-16
5.0.6 - 2020-05-16
5.0.5 - 2020-05-07
5.0.4 - 2020-04-30
5.0.3 - 2020-04-29
5.0.2 - 2020-04-16
5.0.1 - 2020-04-10
5.0.0 - 2020-04-09
4.4.1 - 2019-10-18
4.4.0 - 2019-10-17
4.3.0 - 2019-08-27
4.2.0 - 2019-07-12
4.1.0 - 2019-04-15
4.0.1 - 2019-02-28
4.0.0 - 2019-01-23
3.1.4 - 2018-12-17

from karma GitHub release notes

Commit messages

Package name: karma

0013121 chore(release): 6.4.1 [skip ci]
63d86be fix: pass integrity value
84f7cc3 chore(release): 6.4.0 [skip ci]
f2d0663 docs: add integrity parameter
dc51a2e feat: support SRI verification of link tags
6a54b1c feat: support SRI verification of script tags
5e71cf5 chore(release): 6.3.20 [skip ci]
e17698f fix: prefer IPv4 addresses when resolving domains
60f4f79 build: add Node 16 and 18 to the CI matrix
6ff5aaf chore(release): 6.3.19 [skip ci]
099b85e fix(client): error out when opening a new tab fails
b659015 ci: lint and commitlint in its own workflow
31701a2 chore(release): 6.3.18 [skip ci]
52a30bb fix(deps): upgrade socket.io to v4.4.1
7aeb3f8 docs(configuration-file): document async function
263a870 refactor: replace deprecated String.prototype.substr()
1b6ded5 refactor: replace .substring() with .slice()
d6359a7 refactor: replace deprecated String.prototype.substr()
f068854 chore(release): 6.3.17 [skip ci]
fca1884 fix(deps): update colors to maintained version (#3763)
ab4b328 chore(release): 6.3.16 [skip ci]
ff7edbb fix(security): mitigate the "Open Redirect Vulnerability"
c1befa0 chore(release): 6.3.15 [skip ci]
d9dade2 fix(helper): make mkdirIfNotExists helper resilient to concurrent calls

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade karma from 3.1.4 to 6.4.1. See this package in npm: https://www.npmjs.com/package/karma See this project in Snyk: https://app.snyk.io/org/marcelraschke/project/8a919c91-abdf-4983-871a-c8ed77a11d18?utm_source=github&utm_medium=referral&page=upgrade-pr

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade karma from 3.1.4 to 6.4.1 #3

[Snyk] Upgrade karma from 3.1.4 to 6.4.1 #3

snyk-bot commented Oct 23, 2022

6.4.1 (2022-09-19)

Bug Fixes

6.4.0 (2022-06-14)

Features

6.3.20 (2022-05-13)

Bug Fixes

6.3.19 (2022-04-19)

Bug Fixes

6.3.18 (2022-04-13)

Bug Fixes

6.3.17 (2022-02-28)

Bug Fixes

6.3.16 (2022-02-10)

Bug Fixes

6.3.15 (2022-02-05)

Bug Fixes

6.3.14 (2022-02-05)

Bug Fixes

6.3.13 (2022-01-31)

Bug Fixes

[Snyk] Upgrade karma from 3.1.4 to 6.4.1 #3

Are you sure you want to change the base?

[Snyk] Upgrade karma from 3.1.4 to 6.4.1 #3

Conversation

snyk-bot commented Oct 23, 2022

Snyk has created this PR to upgrade karma from 3.1.4 to 6.4.1.

6.4.1 (2022-09-19)

Bug Fixes

6.4.0 (2022-06-14)

Features

6.3.20 (2022-05-13)

Bug Fixes

6.3.19 (2022-04-19)

Bug Fixes

6.3.18 (2022-04-13)

Bug Fixes

6.3.17 (2022-02-28)

Bug Fixes

6.3.16 (2022-02-10)

Bug Fixes

6.3.15 (2022-02-05)

Bug Fixes

6.3.14 (2022-02-05)

Bug Fixes

6.3.13 (2022-01-31)

Bug Fixes