chore(packages): update dependency karma to v6 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
karma (source)	5.0.5 -> 6.3.16

GitHub Vulnerability Alerts

CVE-2022-0437

karma prior to version 6.3.14 contains a cross-site scripting vulnerability.

CVE-2021-23495

Karma before 6.3.16 is vulnerable to Open Redirect due to missing validation of the return_url query parameter.

---

Release Notes

karma-runner/karma

v6.3.16

Compare Source

Bug Fixes

• security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

v6.3.15

Compare Source

Bug Fixes

• helper: make mkdirIfNotExists helper resilient to concurrent calls (d9dade2), closes /github.com/karma-runner/karma-coverage/issues/434#issuecomment-1017939333

v6.3.14

Compare Source

Bug Fixes

• remove string template from client code (91d5acd)
• warn when singleRun and autoWatch are false (69cfc76)
• security: remove XSS vulnerability in returnUrl query param (839578c)

v6.3.13

Compare Source

Bug Fixes

• deps: bump log4js to resolve security issue (5bf2df3), closes #​3751

v6.3.12

Compare Source

Bug Fixes

• remove depreciation warning from log4js (41bed33)

v6.3.11

Compare Source

Bug Fixes

• deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

v6.3.10

Compare Source

Bug Fixes

• logger: create parent folders if they are missing (0d24bd9), closes #​3734

v6.3.9

Compare Source

Bug Fixes

• restartOnFileChange option not restarting the test run (92ffe60), closes #​27 #​3724

v6.3.8

Compare Source

Bug Fixes

• reporter: warning if stack trace contains generated code invocation (4f23b14)

v6.3.7

Compare Source

Bug Fixes

• middleware: replace %X_UA_COMPATIBLE% marker anywhere in the file (f1aeaec), closes #​3711

v6.3.6

Compare Source

Bug Fixes

• bump vulnerable ua-parser-js version (6f2b2ec), closes #​3713

v6.3.5

Compare Source

Bug Fixes

• client: prevent socket.io from hanging due to mocked clocks (#​3695) (105da90)

v6.3.4

Compare Source

Bug Fixes

• bump production dependencies within SemVer ranges (#​3682) (36467a8), closes #​3680

v6.3.3

Compare Source

Bug Fixes

• server: clean up vestigial code from proxy (#​3640) (f4aeac3), closes /tools.ietf.org/html/std66#section-3

v6.3.2

Compare Source

Bug Fixes

• prefer IPv4 addresses when resolving domains (e17698f), closes #​3730

v6.3.1

Compare Source

Bug Fixes

• client: error out when opening a new tab fails (099b85e)

v6.3.0

Compare Source

Features

• support asynchronous config.set() call in karma.conf.js (#​3660) (4c9097a)

v6.2.0

Compare Source

Features

• plugins: add support wildcard config for scoped package plugin (#​3659) (39831b1)

6.1.2 (2021-03-09)

Bug Fixes

• commitlint: skip task on master (#​3650) (3fc6fda)
• patch karma to allow loading virtual packages (#​3663) (5bfcf5f)

6.1.1 (2021-02-12)

Bug Fixes

• config: check extension before ts-node register (#​3651) (474f4e1), closes #​3329
• report launcher process error when exit event is not emitted (#​3647) (7ab86be)

v6.1.2

Compare Source

Bug Fixes

• commitlint: skip task on master (#​3650) (3fc6fda)
• patch karma to allow loading virtual packages (#​3663) (5bfcf5f)

v6.1.1

Compare Source

Bug Fixes

• config: check extension before ts-node register (#​3651) (474f4e1), closes #​3329
• report launcher process error when exit event is not emitted (#​3647) (7ab86be)

v6.1.0

Compare Source

Features

• config: improve karma.config.parseConfig error handling (#​3635) (9dba1e2)

6.0.4 (2021-02-01)

Bug Fixes

• cli: temporarily disable strict parameters validation (#​3641) (9c755e0), closes #​3625
• client: fix a false positive page reload error in Safari (#​3643) (2a57b23)
• ensure that Karma supports running tests on IE 11 (#​3642) (dbd1943)

6.0.3 (2021-01-27)

Bug Fixes

• plugins: refactor instantiatePlugin from preproprocessor (#​3628) (e02858a)

6.0.2 (2021-01-25)

Bug Fixes

• avoid ES6+ syntax in client scripts (#​3629) (6629e96), closes #​3630

6.0.1 (2021-01-20)

Bug Fixes

• server: set maxHttpBufferSize to the socket.io v2 default (#​3626) (69baddc), closes #​3621
• restore customFileHandlers provider (#​3624) (25d9abb)

v6.0.4

Compare Source

Bug Fixes

• cli: temporarily disable strict parameters validation (#​3641) (9c755e0), closes #​3625
• client: fix a false positive page reload error in Safari (#​3643) (2a57b23)
• ensure that Karma supports running tests on IE 11 (#​3642) (dbd1943)

v6.0.3

Compare Source

Bug Fixes

• plugins: refactor instantiatePlugin from preproprocessor (#​3628) (e02858a)

v6.0.2

Compare Source

Bug Fixes

• avoid ES6+ syntax in client scripts (#​3629) (6629e96), closes #​3630

v6.0.1

Compare Source

Bug Fixes

• server: set maxHttpBufferSize to the socket.io v2 default (#​3626) (69baddc), closes #​3621
• restore customFileHandlers provider (#​3624) (25d9abb)

v6.0.0

Compare Source

Bug Fixes

• ci: abandon browserstack tests for Safari and IE (#​3615) (04a811d)
• client: do not reset karmaNavigating in unload handler (#​3591) (4a8178f), closes #​3482
• context: do not error when karma is navigating (#​3565) (05dc288), closes #​3560
• cve: update ua-parser-js to 0.7.23 to fix CVE-2020-7793 (#​3584) (f819fa8)
• cve: update yargs to 16.1.1 to fix cve-2020-7774 in y18n (#​3578) (3fed0bc), closes #​3577
• deps: bump socket-io to v3 (#​3586) (1b9e1de), closes #​3569
• middleware: catch errors when loading a module (#​3605) (fec972f), closes #​3572
• server: clean up close-server logic (#​3607) (3fca456)
• test: clear up clearContext (#​3597) (8997b74)
• test: mark all second connections reconnects (#​3598) (1c9c2de)

Features

• cli: error out on unexpected options or parameters (#​3589) (603bbc0)
• client: update banner with connection, test status, ping times (#​3611) (4bf90f7)
• server: print stack of unhandledrejections (#​3593) (35a5842)
• server: remove deprecated static methods (#​3595) (1a65bf1)
• remove support for running dart code in the browser (#​3592) (7a3bd55)

BREAKING CHANGES

• server: Deprecated require('karma').server.start() and require('karma').Server.start() variants were removed from the public API. Instead use canonical form:

const { Server } = require('karma');
const server = new Server();
server.start();

• cli: Karma is more strict and will error out if unknown option or argument is passed to CLI.
• Using Karma to run Dart code in the browser is no longer supported. Use your favorite Dart-to-JS compiler instead.

dart file type has been removed without a replacement.

customFileHandlers DI token has been removed. Use middleware to achieve similar functionality.

customScriptTypes DI token has been removed. It had no effect, so no replacement is provided.

• deps: Some projects have socket.io tests that are version sensitive.

5.2.3 (2020-09-25)

Bug Fixes

• update us-parser-js dependency (#​3564) (500ed25)

5.2.2 (2020-09-08)

Bug Fixes

• revert source-map update (#​3559) (d9ba284), closes #​3557

5.2.1 (2020-09-02)

Bug Fixes

• remove broken link from docs - 06-angularjs.md (#​3555) (da2f307)
• remove unused JSON utilities and flatted dependency (#​3550) (beed255)

v5.2.3

Compare Source

Bug Fixes

• update us-parser-js dependency (#​3564) (500ed25)

v5.2.2

Compare Source

Bug Fixes

• revert source-map update (#​3559) (d9ba284), closes #​3557

v5.2.1

Compare Source

Bug Fixes

• remove broken link from docs - 06-angularjs.md (#​3555) (da2f307)
• remove unused JSON utilities and flatted dependency (#​3550) (beed255)

v5.2.0

Compare Source

Bug Fixes

• client: avoid race between execute and clearContext (#​3452) (8bc5b46), closes #​3424
• client: check in bundled client code into version control (#​3524) (6cd5a3b), closes /github.com/karma-runner/karma/commit/f5521df7df5cd1201b5dce28dc4e326b1ffc41fd#commitcomment-38967493
• dependencies: update dependencies (#​3543) (5db46b7)
• docs: Update 03-how-it-works.md (#​3539) (e7cf7b1)
• server: log error when file loading or preprocessing fails (#​3540) (fc2fd61)

Features

• server: allow 'exit' listeners to set exit code (#​3541) (7a94d33)

5.1.1 (2020-07-28)

Bug Fixes

• server: echo the hostname rather than listenAddress (#​3532) (ebe7ce4)

v5.1.1

Compare Source

Bug Fixes

• server: echo the hostname rather than listenAddress (#​3532) (ebe7ce4)

v5.1.0

Compare Source

Features

• proxy: use keepAlive agent (#​3527) (b77f94c)

5.0.9 (2020-05-19)

Bug Fixes

• dependencies: update to safe version of http-proxy (#​3519) (00347bb), closes #​3510

5.0.8 (2020-05-18)

Bug Fixes

• dependencies: update and unlock socket.io dependency (#​3513) (b60391f)
• dependencies: update to latest log4js major (#​3514) (47f1cb2)

5.0.7 (2020-05-16)

Bug Fixes

• detect type for URLs with query parameter or fragment identifier (#​3509) (f399063), closes #​3497

5.0.6 (2020-05-16)

Bug Fixes

• dependencies: update production dependencies (#​3512) (0cd696f)

5.0.5 (2020-05-07)

Bug Fixes

• cli: restore command line help contents (#​3502) (e99da31), closes #​3474

5.0.4 (2020-04-30)

Bug Fixes

• browser: make sure that empty results array is still recognized (#​3486) (fa95fa3)

5.0.3 (2020-04-29)

Bug Fixes

• client: flush resultsBuffer on engine upgrade (#​3212) (e44ca94), closes #​3211

5.0.2 (2020-04-16)

Bug Fixes

• ci: stop the proxy before killing the child, handle errors (#​3472) (abe9af6), closes #​3464

5.0.1 (2020-04-10)

Bug Fixes

• file-list: do not define fs.statAsync (#​3467) (55a59e7)

v5.0.9

Compare Source

Bug Fixes

• dependencies: update to safe version of http-proxy (#​3519) (00347bb), closes #​3510

v5.0.8

Compare Source

Bug Fixes

• dependencies: update and unlock socket.io dependency (#​3513) (b60391f)
• dependencies: update to latest log4js major (#​3514) (47f1cb2)

v5.0.7

Compare Source

Bug Fixes

• detect type for URLs with query parameter or fragment identifier (#​3509) (f399063), closes #​3497

v5.0.6

Compare Source

Bug Fixes

• dependencies: update production dependencies (#​3512) (0cd696f)

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Never, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[codecov]

Codecov Report

Patch and project coverage have no change.

Comparison is base (ef9b3c3) 91.13% compared to head (127d6d5) 91.13%.

Additional details and impacted files

@@           Coverage Diff            @@
##           release     #657   +/-   ##
========================================
  Coverage    91.13%   91.13%           
========================================
  Files           39       39           
  Lines          485      485           
  Branches        89       89           
========================================
  Hits           442      442           
  Misses          43       43           

Flag	Coverage Δ
browser	100.00% <ø> (ø)
coercion	∅ <ø> (∅)
jwt	88.16% <ø> (ø)
keycodes	∅ <ø> (∅)
regex	∅ <ø> (∅)
testing	∅ <ø> (∅)
type-guards	98.00% <ø> (ø)
utilities	?

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.