chore(deps): update dependency karma to v6 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
karma (source)	1.7.1 -> 6.3.16

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2022-0437

karma prior to version 6.3.14 contains a cross-site scripting vulnerability.

CVE-2021-23495

Karma before 6.3.16 is vulnerable to Open Redirect due to missing validation of the return_url query parameter.

---

Release Notes

karma-runner/karma (karma)

v6.3.16

Compare Source

Bug Fixes

• security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

v6.3.15

Compare Source

Bug Fixes

• helper: make mkdirIfNotExists helper resilient to concurrent calls (d9dade2), closes /github.com/karma-runner/karma-coverage/issues/434#issuecomment-1017939333

v6.3.14

Compare Source

Bug Fixes

• remove string template from client code (91d5acd)
• warn when singleRun and autoWatch are false (69cfc76)
• security: remove XSS vulnerability in returnUrl query param (839578c)

v6.3.13

Compare Source

Bug Fixes

• deps: bump log4js to resolve security issue (5bf2df3), closes #​3751

v6.3.12

Compare Source

Bug Fixes

• remove depreciation warning from log4js (41bed33)

v6.3.11

Compare Source

Bug Fixes

• deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

v6.3.10

Compare Source

Bug Fixes

• logger: create parent folders if they are missing (0d24bd9), closes #​3734

v6.3.9

Compare Source

Bug Fixes

• restartOnFileChange option not restarting the test run (92ffe60), closes #​27 #​3724

v6.3.8

Compare Source

Bug Fixes

• reporter: warning if stack trace contains generated code invocation (4f23b14)

v6.3.7

Compare Source

Bug Fixes

• middleware: replace %X_UA_COMPATIBLE% marker anywhere in the file (f1aeaec), closes #​3711

v6.3.6

Compare Source

Bug Fixes

• bump vulnerable ua-parser-js version (6f2b2ec), closes #​3713

v6.3.5

Compare Source

Bug Fixes

• client: prevent socket.io from hanging due to mocked clocks (#​3695) (105da90)

v6.3.4

Compare Source

Bug Fixes

• bump production dependencies within SemVer ranges (#​3682) (36467a8), closes #​3680

v6.3.3

Compare Source

Bug Fixes

• server: clean up vestigial code from proxy (#​3640) (f4aeac3), closes /tools.ietf.org/html/std66#section-3

v6.3.2

Compare Source

Bug Fixes

• prefer IPv4 addresses when resolving domains (e17698f), closes #​3730

v6.3.1

Compare Source

Bug Fixes

• client: error out when opening a new tab fails (099b85e)

v6.3.0

Compare Source

Features

• support asynchronous config.set() call in karma.conf.js (#​3660) (4c9097a)

v6.2.0

Compare Source

Features

• plugins: add support wildcard config for scoped package plugin (#​3659) (39831b1)

6.1.2 (2021-03-09)

Bug Fixes

• commitlint: skip task on master (#​3650) (3fc6fda)
• patch karma to allow loading virtual packages (#​3663) (5bfcf5f)

6.1.1 (2021-02-12)

Bug Fixes

• config: check extension before ts-node register (#​3651) (474f4e1), closes #​3329
• report launcher process error when exit event is not emitted (#​3647) (7ab86be)

v6.1.2

Compare Source

Bug Fixes

• commitlint: skip task on master (#​3650) (3fc6fda)
• patch karma to allow loading virtual packages (#​3663) (5bfcf5f)

v6.1.1

Compare Source

Bug Fixes

• config: check extension before ts-node register (#​3651) (474f4e1), closes #​3329
• report launcher process error when exit event is not emitted (#​3647) (7ab86be)

v6.1.0

Compare Source

Features

• config: improve karma.config.parseConfig error handling (#​3635) (9dba1e2)

6.0.4 (2021-02-01)

Bug Fixes

• cli: temporarily disable strict parameters validation (#​3641) (9c755e0), closes #​3625
• client: fix a false positive page reload error in Safari (#​3643) (2a57b23)
• ensure that Karma supports running tests on IE 11 (#​3642) (dbd1943)

6.0.3 (2021-01-27)

Bug Fixes

• plugins: refactor instantiatePlugin from preproprocessor (#​3628) (e02858a)

6.0.2 (2021-01-25)

Bug Fixes

• avoid ES6+ syntax in client scripts (#​3629) (6629e96), closes #​3630

6.0.1 (2021-01-20)

Bug Fixes

• server: set maxHttpBufferSize to the socket.io v2 default (#​3626) (69baddc), closes #​3621
• restore customFileHandlers provider (#​3624) (25d9abb)

v6.0.4

Compare Source

Bug Fixes

• cli: temporarily disable strict parameters validation (#​3641) (9c755e0), closes #​3625
• client: fix a false positive page reload error in Safari (#​3643) (2a57b23)
• ensure that Karma supports running tests on IE 11 (#​3642) (dbd1943)

v6.0.3

Compare Source

Bug Fixes

• plugins: refactor instantiatePlugin from preproprocessor (#​3628) (e02858a)

v6.0.2

Compare Source

Bug Fixes

• avoid ES6+ syntax in client scripts (#​3629) (6629e96), closes #​3630

v6.0.1

Compare Source

Bug Fixes

• server: set maxHttpBufferSize to the socket.io v2 default (#​3626) (69baddc), closes #​3621
• restore customFileHandlers provider (#​3624) (25d9abb)

v6.0.0

Compare Source

Bug Fixes

• ci: abandon browserstack tests for Safari and IE (#​3615) (04a811d)
• client: do not reset karmaNavigating in unload handler (#​3591) (4a8178f), closes #​3482
• context: do not error when karma is navigating (#​3565) (05dc288), closes #​3560
• cve: update ua-parser-js to 0.7.23 to fix CVE-2020-7793 (#​3584) (f819fa8)
• cve: update yargs to 16.1.1 to fix cve-2020-7774 in y18n (#​3578) (3fed0bc), closes #​3577
• deps: bump socket-io to v3 (#​3586) (1b9e1de), closes #​3569
• middleware: catch errors when loading a module (#​3605) (fec972f), closes #​3572
• server: clean up close-server logic (#​3607) (3fca456)
• test: clear up clearContext (#​3597) (8997b74)
• test: mark all second connections reconnects (#​3598) (1c9c2de)

Features

• cli: error out on unexpected options or parameters (#​3589) (603bbc0)
• client: update banner with connection, test status, ping times (#​3611) (4bf90f7)
• server: print stack of unhandledrejections (#​3593) (35a5842)
• server: remove deprecated static methods (#​3595) (1a65bf1)
• remove support for running dart code in the browser (#​3592) (7a3bd55)

BREAKING CHANGES

• server: Deprecated require('karma').server.start() and require('karma').Server.start() variants were removed from the public API. Instead use canonical form:

const { Server } = require('karma');
const server = new Server();
server.start();

• cli: Karma is more strict and will error out if unknown option or argument is passed to CLI.
• Using Karma to run Dart code in the browser is no longer supported. Use your favorite Dart-to-JS compiler instead.

dart file type has been removed without a replacement.

customFileHandlers DI token has been removed. Use middleware to achieve similar functionality.

customScriptTypes DI token has been removed. It had no effect, so no replacement is provided.

• deps: Some projects have socket.io tests that are version sensitive.

5.2.3 (2020-09-25)

Bug Fixes

• update us-parser-js dependency (#​3564) (500ed25)

5.2.2 (2020-09-08)

Bug Fixes

• revert source-map update (#​3559) (d9ba284), closes #​3557

5.2.1 (2020-09-02)

Bug Fixes

• remove broken link from docs - 06-angularjs.md (#​3555) (da2f307)
• remove unused JSON utilities and flatted dependency (#​3550) (beed255)

v5.2.3

Compare Source

Bug Fixes

• update us-parser-js dependency (#​3564) (500ed25)

v5.2.2

Compare Source

Bug Fixes

• revert source-map update (#​3559) (d9ba284), closes #​3557

v5.2.1

Compare Source

Bug Fixes

• remove broken link from docs - 06-angularjs.md (#​3555) (da2f307)
• remove unused JSON utilities and flatted dependency (#​3550) (beed255)

v5.2.0

Compare Source

Bug Fixes

• client: avoid race between execute and clearContext (#​3452) (8bc5b46), closes #​3424
• client: check in bundled client code into version control (#​3524) (6cd5a3b), closes /github.com/karma-runner/karma/commit/f5521df7df5cd1201b5dce28dc4e326b1ffc41fd#commitcomment-38967493
• dependencies: update dependencies (#​3543) (5db46b7)
• docs: Update 03-how-it-works.md (#​3539) (e7cf7b1)
• server: log error when file loading or preprocessing fails (#​3540) (fc2fd61)

Features

• server: allow 'exit' listeners to set exit code (#​3541) (7a94d33)

5.1.1 (2020-07-28)

Bug Fixes

• server: echo the hostname rather than listenAddress (#​3532) (ebe7ce4)

v5.1.1

Compare Source

Bug Fixes

• server: echo the hostname rather than listenAddress (#​3532) (ebe7ce4)

v5.1.0

Compare Source

Features

• proxy: use keepAlive agent (#​3527) (b77f94c)

5.0.9 (2020-05-19)

Bug Fixes

• dependencies: update to safe version of http-proxy (#​3519) (00347bb), closes #​3510

5.0.8 (2020-05-18)

Bug Fixes

• dependencies: update and unlock socket.io dependency (#​3513) (b60391f)
• dependencies: update to latest log4js major (#​3514) (47f1cb2)

5.0.7 (2020-05-16)

Bug Fixes

• detect type for URLs with query parameter or fragment identifier (#​3509) (f399063), closes #​3497

5.0.6 (2020-05-16)

Bug Fixes

• dependencies: update production dependencies (#​3512) (0cd696f)

5.0.5 (2020-05-07)

Bug Fixes

• cli: restore command line help contents (#​3502) (e99da31), closes #​3474

5.0.4 (2020-04-30)

Bug Fixes

• browser: make sure that empty results array is still recognized (#​3486) (fa95fa3)

5.0.3 (2020-04-29)

Bug Fixes

• client: flush resultsBuffer on engine upgrade (#​3212) (e44ca94), closes #​3211

5.0.2 (2020-04-16)

Bug Fixes

• ci: stop the proxy before killing the child, handle errors (#​3472) (abe9af6), closes #​3464

5.0.1 (2020-04-10)

Bug Fixes

• file-list: do not define fs.statAsync (#​3467) (55a59e7)

v5.0.9

Compare Source

Bug Fixes

• dependencies: update to safe version of http-proxy (#​3519) (00347bb), closes #​3510

v5.0.8

Compare Source

Bug Fixes

• dependencies: update and unlock socket.io dependency (#​3513) (b60391f)
• dependencies: update to latest log4js major (#​3514) (47f1cb2)

v5.0.7

Compare Source

Bug Fixes

• detect type for URLs with query parameter or fragment identifier (#​3509) (f399063), closes #​3497

v5.0.6

Compare Source

Bug Fixes

• dependencies: update production dependencies (#​3512) (0cd696f)

v5.0.5

Compare Source

Bug Fixes

• cli: restore command line help contents (#​3502) (e99da31), closes #​3474

v5.0.4

Compare Source

Bug Fixes

• browser: make sure that empty results array is still recognized (#​3486) (fa95fa3)

v5.0.3

Compare Source

Bug Fixes

• client: flush resultsBuffer on engine upgrade (#​3212) (e44ca94), closes #​3211

v5.0.2

Compare Source

Bug Fixes

• ci: stop the proxy before killing the child, handle errors (#​3472) (abe9af6), closes #​3464

v5.0.1

Compare Source

Bug Fixes

• file-list: do not define fs.statAsync (#​3467) (55a59e7)

v5.0.0

Compare Source

Bug Fixes

• install semantic-release as a regular dev dependency (#​3455) (1eaf35e)
• ci: echo travis env that gates release after_success (#​3446) (b8b2ed8)
• ci: poll every 10s to avoid rate limit. (#​3388) (91e7e00)
• middleware/runner: handle file list rejections (#​3400) (80febfb), closes #​3396 #​3396
• server: cleanup import of the removed method (#​3439) (cb1bcbf)
• server: createPreprocessor was removed (#​3435) (5c334f5)
• server: detection new MS Edge Chromium (#​3440) (7166ce2)
• server: replace optimist on yargs lib (#​3451) (ec1e69a), closes #​2473
• server: Report original error message (#​3415) (79ee331), closes #​3414

Code Refactoring

• use native Promise instead of Bluebird (#​3436) (33a069f), closes /github.com/karma-runner/karma/pull/3060#discussion_r284797390

Continuous Integration

• drop node 8, adopt node 12 (#​3430) (a673aa8)

Features

• docs: document DEFAULT_LISTEN_ADDR constant (#​3443) (057d527), closes #​2479
• karma-server: added log to the server.js for uncaught exception (#​3399) (adc6a66)
• preprocessor: obey Pattern.isBinary when set (#​3422) (708ae13), closes #​3405

BREAKING CHANGES

• Karma plugins which rely on the fact that Karma uses Bluebird promises may break as Bluebird-specific API is no longer available on Promises returned by the Karma core
• server: Deprecated createPreprocessor removed, karma-browserify < 7 version doesn't work
• no more testing on node 8.

4.4.1 (2019-10-18)

Bug Fixes

• deps: back to karma-browserstack-launcher 1.4 (#​3361) (1cd87ad)
• server: Add test coverage for config.singleRun true branch. (#​3384) (259be0d)
• if preprocessor is async function and doesn't return a content then await donePromise (#​3387) (f91be24)

v4.4.1

Compare Source

Bug Fixes

• deps: back to karma-browserstack-launcher 1.4 (#​3361) (1cd87ad)
• server: Add test coverage for config.singleRun true branch. (#​3384) (259be0d)
• if preprocessor is async function and doesn't return a content then await donePromise (#​3387) (f91be24)

v4.4.0

Compare Source

Bug Fixes

• runner: remove explicit error on all tests failed (#​3369) (f8005c6), closes #​3367

Features

• client: Add trusted types support (#​3360) (019bfd4)
• Preprocessor can return Promise (#​3376) (3ffcd83)
• config: add failOnSkippedTests option. (#​3374) (4ed3af0)
• config: clientDisplayNone sets client elements display none. (#​3348) (6235e68)
• deps: Remove core-js dependency. (#​3379) (0d70809)

v4.3.0

Compare Source

Bug Fixes

• build: switch from yarn to package-lock.json (#​3351) (6c5add2)
• config: Simpilfy error proceesing. (#​3345) (582a406), closes #​3339
• deps: lodash update. (#​3341) (5614c04)
• server: Simplify 'dom' inclusion. (#​3356) (5f13e11)
• test: test:client silently failing on Travis (#​3343) (1489e9a), closes /travis-ci.org/karma-runner/karma/jobs/537027667#L1046
• travis: Pin to trusty (#​3347) (1c6c690)

Features

• async: frameworks can be loaded asynchronously (#​3297) (177e2ef), closes #​851
• config: socket.io server pingTimeout config option. (#​3355) (817fbbd)
• preprocessor: preprocessor_priority execution order. (#​3303) (c5f3560)
• runner: feat(runner): (62d4c5a), closes #​2121 #​2799 #​2121 #​2799

v4.2.0

Compare Source

Bug Fixes

• logging: Util inspect for logging the config. (#​3332) (70b72a9)
• reporter: format stack with 1-based column (#​3325) (182c04d), closes #​3324
• server: Add error handler for webserver socket. (#​3300) (fe9a1dd)

v4.1.0

Compare Source

Bug Fixes

• client: Enable loading different file types when running in parent mode without iframe (#​3289) (7968db6)
• client: Only create the funky object if message is not a string (#​3298) (ce6825f), closes #​3296
• launcher: Log state transitions in debug (#​3294) (6556ab4), closes #​3290
• middleware: log invalid filetype (#​3292) (7eb48c5), closes #​3291

4.0.1 (2019-02-28)

Bug Fixes

• browser: allow updating total specs count (#​3264) (d5df723)
• remove vulnerable dependency combine-lists (#​3273) (c43f584), closes #​3265
• remove vulnerable dependency expand-braces (#​3270) (4ec4f6f), closes #​3268 #​3269
• filelist: correct logger name. (#​3262) (375bb5e)
• launcher: Debug Child Processes exit signal (#​3259) (c277a6b)

v4.0.1

Compare Source

Bug Fixes

• browser: allow updating total specs count (#​3264) (d5df723)
• remove vulnerable dependency combine-lists (#​3273) (c43f584), closes #​3265
• remove vulnerable dependency expand-braces (#​3270) (4ec4f6f), closes #​3268 #​3269
• filelist: correct logger name. (#​3262) (375bb5e)
• launcher: Debug Child Processes exit signal (#​3259) (c277a6b)

v4.0.0

Compare Source

Bug Fixes

• client: fix issue with loaded on safari 10 (#​3252) (571191c), closes #​3198
• config: add test:unit npm script (#​3242) (02f071d)

Chores

• remove support for node 6 (#​3246) (8a83990), closes #​3151

BREAKING CHANGES

• Drop Support for Node 6, to make it possible to use async/await in karma codebase.

3.1.4 (2018-12-17)

Bug Fixes

• file-list: revert "do not preprocess up-to-date files" (#​3226) (#​3230) (bb022a7)
• improve error msg when bin is a directory (#​3231) (584dddc)
• restarted browsers not running tests (#​3233) (cc2eff2)

3.1.3 (2018-12-01)

Bug Fixes

• add missing dep flatted (#​3223) (655d4d2)

3.1.2 (2018-12-01)

Bug Fixes

• browser: report errors to console during singleRun=false (#​3209) (30ff73b), closes #​3131
• changelog: remove release which does not exist (#​3214) (4e87902)
• dep: Bump useragent to fix HeadlessChrome version (#​3201) (240209f), closes #​2762
• deps: upgrade sinon-chai 2.x -> 3.x (#​3207) (dc5f5de)
• file-list: do not preprocess up-to-date files (#​3196) (5334d1a), closes #​2829
• package: bump lodash version (#​3203) (d38f344), closes #​3177
• server: use flatted for json.stringify (#​3220) (fb05fb1), closes #​3215

Features

• docs: callout the key debug strategies. (#​3219) (2682bff)

3.1.1 (2018-10-23)

Bug Fixes

• config: move puppeteer from dependency to dev-dependency (#​3193) (f0d52ad), closes #​3191

v3.1.4

Compare Source

Bug Fixes

• file-list: revert "do not preprocess up-to-date files" (#​3226) (#​3230) (bb022a7)
• improve error msg when bin is a directory (#​3231) (584dddc)
• restarted browsers not running tests (#​3233) (cc2eff2)

v3.1.3

Compare Source

Bug Fixes

• add missing dep flatted (#​3223) (655d4d2)

v3.1.2

Compare Source

Bug Fixes

• browser: report errors to console during singleRun=false (#​3209) (30ff73b), closes #​3131
• changelog: remove release which does not exist (#​3214) (4e87902)
• dep: Bump useragent to fix HeadlessChrome version (#​3201) (240209f), closes #​2762
• deps: upgrade sinon-chai 2.x -> 3.x (#​3207) (dc5f5de)
• file-list: do not preprocess up-to-date files (#​3196) (5334d1a), closes #​2829
• package: bump lodash version (#​3203) (d38f344), closes #​3177
• server: use flatted for json.stringify (#​3220) (fb05fb1), closes #​3215

Features

• docs: callout the key debug strategies. (#​3219) (2682bff)

v3.1.1

Compare Source

Bug Fixes

• config: move puppeteer from dependency to dev-dependency (#​3193) (f0d52ad), closes #​3191

v3.1.0

Compare Source

Bug Fixes

• work around broken console

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[renovate]

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json

npm WARN cli npm v10.2.0 does not support Node.js v16.15.0. This version of npm supports the following node versions: `^18.17.0 || >=20.5.0`. You can find the latest version at https://nodejs.org/.
npm WARN cli npm v10.2.0 does not support Node.js v16.15.0. This version of npm supports the following node versions: `^18.17.0 || >=20.5.0`. You can find the latest version at https://nodejs.org/.
npm ERR! code ERESOLVE
npm ERR! ERESOLVE could not resolve
npm ERR! 
npm ERR! While resolving: @angular/[email protected]
npm ERR! Found: [email protected]
npm ERR! node_modules/zone.js
npm ERR!   zone.js@"0.10.3" from the root project
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! peer zone.js@"^0.7.2" from @angular/[email protected]
npm ERR! node_modules/@angular/core
npm ERR!   @angular/core@"2.4.10" from the root project
npm ERR!   peer @angular/core@"2.4.10" from @angular/[email protected]
npm ERR!   node_modules/@angular/common
npm ERR!     @angular/common@"2.4.10" from the root project
npm ERR!     5 more (@angular/forms, @angular/platform-browser, ...)
npm ERR!   8 more (@angular/compiler, @angular/compiler-cli, ...)
npm ERR! 
npm ERR! Conflicting peer dependency: [email protected]
npm ERR! node_modules/zone.js
npm ERR!   peer zone.js@"^0.7.2" from @angular/[email protected]
npm ERR!   node_modules/@angular/core
npm ERR!     @angular/core@"2.4.10" from the root project
npm ERR!     peer @angular/core@"2.4.10" from @angular/[email protected]
npm ERR!     node_modules/@angular/common
npm ERR!       @angular/common@"2.4.10" from the root project
npm ERR!       5 more (@angular/forms, @angular/platform-browser, ...)
npm ERR!     8 more (@angular/compiler, @angular/compiler-cli, ...)
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR! 
npm ERR! 
npm ERR! For a full report see:
npm ERR! /tmp/worker/600db4/950e06/cache/others/npm/_logs/2023-10-18T11_30_30_534Z-eresolve-report.txt

npm ERR! A complete log of this run can be found in: /tmp/worker/600db4/950e06/cache/others/npm/_logs/2023-10-18T11_30_30_534Z-debug-0.log

[sonarqubecloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
2 Vulnerabilities
0 Security Hotspots
2 Code Smells

0.0% Coverage
0.0% Duplication

[renovate]

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update. You will not get PRs for any future 6.x releases. But if you manually upgrade to 6.x then Renovate will re-enable minor and patch updates automatically.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.