chore(deps): update dependency karma to v6 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
karma (source)	1.7.1 -> 6.3.16

GitHub Vulnerability Alerts

CVE-2022-0437

karma prior to version 6.3.14 contains a cross-site scripting vulnerability.

CVE-2021-23495

Karma before 6.3.16 is vulnerable to Open Redirect due to missing validation of the return_url query parameter.

---

Release Notes

karma-runner/karma (karma)

v6.3.16

Compare Source

Bug Fixes

• security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

v6.3.15

Compare Source

Bug Fixes

• helper: make mkdirIfNotExists helper resilient to concurrent calls (d9dade2), closes /github.com/karma-runner/karma-coverage/issues/434#issuecomment-1017939333

v6.3.14

Compare Source

Bug Fixes

• remove string template from client code (91d5acd)
• warn when singleRun and autoWatch are false (69cfc76)
• security: remove XSS vulnerability in returnUrl query param (839578c)

v6.3.13

Compare Source

Bug Fixes

• deps: bump log4js to resolve security issue (5bf2df3), closes #​3751

v6.3.12

Compare Source

Bug Fixes

• remove depreciation warning from log4js (41bed33)

v6.3.11

Compare Source

Bug Fixes

• deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

v6.3.10

Compare Source

Bug Fixes

• logger: create parent folders if they are missing (0d24bd9), closes #​3734

v6.3.9

Compare Source

Bug Fixes

• restartOnFileChange option not restarting the test run (92ffe60), closes #​27 #​3724

v6.3.8

Compare Source

Bug Fixes

• reporter: warning if stack trace contains generated code invocation (4f23b14)

v6.3.7

Compare Source

Bug Fixes

• middleware: replace %X_UA_COMPATIBLE% marker anywhere in the file (f1aeaec), closes #​3711

v6.3.6

Compare Source

Bug Fixes

• bump vulnerable ua-parser-js version (6f2b2ec), closes #​3713

v6.3.5

Compare Source

Bug Fixes

• client: prevent socket.io from hanging due to mocked clocks (#​3695) (105da90)

v6.3.4

Compare Source

Bug Fixes

• bump production dependencies within SemVer ranges (#​3682) (36467a8), closes #​3680

v6.3.3

Compare Source

Bug Fixes

• server: clean up vestigial code from proxy (#​3640) (f4aeac3), closes /tools.ietf.org/html/std66#section-3

v6.3.2

Compare Source

Bug Fixes

• prefer IPv4 addresses when resolving domains (e17698f), closes #​3730

v6.3.1

Compare Source

Bug Fixes

• client: error out when opening a new tab fails (099b85e)

v6.3.0

Compare Source

Features

• support asynchronous config.set() call in karma.conf.js (#​3660) (4c9097a)

v6.2.0

Compare Source

Features

• plugins: add support wildcard config for scoped package plugin (#​3659) (39831b1)

6.1.2 (2021-03-09)

Bug Fixes

• commitlint: skip task on master (#​3650) (3fc6fda)
• patch karma to allow loading virtual packages (#​3663) (5bfcf5f)

6.1.1 (2021-02-12)

Bug Fixes

• config: check extension before ts-node register (#​3651) (474f4e1), closes #​3329
• report launcher process error when exit event is not emitted (#​3647) (7ab86be)

v6.1.2

Compare Source

Bug Fixes

• commitlint: skip task on master (#​3650) (3fc6fda)
• patch karma to allow loading virtual packages (#​3663) (5bfcf5f)

v6.1.1

Compare Source

Bug Fixes

• config: check extension before ts-node register (#​3651) (474f4e1), closes #​3329
• report launcher process error when exit event is not emitted (#​3647) (7ab86be)

v6.1.0

Compare Source

Features

• config: improve karma.config.parseConfig error handling (#​3635) (9dba1e2)

6.0.4 (2021-02-01)

Bug Fixes

• cli: temporarily disable strict parameters validation (#​3641) (9c755e0), closes #​3625
• client: fix a false positive page reload error in Safari (#​3643) (2a57b23)
• ensure that Karma supports running tests on IE 11 (#​3642) (dbd1943)

6.0.3 (2021-01-27)

Bug Fixes

• plugins: refactor instantiatePlugin from preproprocessor (#​3628) (e02858a)

6.0.2 (2021-01-25)

Bug Fixes

• avoid ES6+ syntax in client scripts (#​3629) (6629e96), closes #​3630

6.0.1 (2021-01-20)

Bug Fixes

• server: set maxHttpBufferSize to the socket.io v2 default (#​3626) (69baddc), closes #​3621
• restore customFileHandlers provider (#​3624) (25d9abb)

v6.0.4

Compare Source

Bug Fixes

• cli: temporarily disable strict parameters validation (#​3641) (9c755e0), closes #​3625
• client: fix a false positive page reload error in Safari (#​3643) (2a57b23)
• ensure that Karma supports running tests on IE 11 (#​3642) (dbd1943)

v6.0.3

Compare Source

Bug Fixes

• plugins: refactor instantiatePlugin from preproprocessor (#​3628) (e02858a)

v6.0.2

Compare Source

Bug Fixes

• avoid ES6+ syntax in client scripts (#​3629) (6629e96), closes #​3630

v6.0.1

Compare Source

Bug Fixes

• server: set maxHttpBufferSize to the socket.io v2 default (#​3626) (69baddc), closes #​3621
• restore customFileHandlers provider (#​3624) (25d9abb)

v6.0.0

Compare Source

Bug Fixes

• ci: abandon browserstack tests for Safari and IE (#​3615) (04a811d)
• client: do not reset karmaNavigating in unload handler (#​3591) (4a8178f), closes #​3482
• context: do not error when karma is navigating (#​3565) (05dc288), closes #​3560
• cve: update ua-parser-js to 0.7.23 to fix CVE-2020-7793 (#​3584) (f819fa8)
• cve: update yargs to 16.1.1 to fix cve-2020-7774 in y18n (#​3578) (3fed0bc), closes #​3577
• deps: bump socket-io to v3 (#​3586) (1b9e1de), closes #​3569
• middleware: catch errors when loading a module (#​3605) (fec972f), closes #​3572
• server: clean up close-server logic (#​3607) (3fca456)
• test: clear up clearContext (#​3597) (8997b74)
• test: mark all second connections reconnects (#​3598) (1c9c2de)

Features

• cli: error out on unexpected options or parameters (#​3589) (603bbc0)
• client: update banner with connection, test status, ping times (#​3611) (4bf90f7)
• server: print stack of unhandledrejections (#​3593) (35a5842)
• server: remove deprecated static methods (#​3595) (1a65bf1)
• remove support for running dart code in the browser (#​3592) (7a3bd55)

BREAKING CHANGES

• server: Deprecated require('karma').server.start() and require('karma').Server.start() variants were removed from the public API. Instead use canonical form:

const { Server } = require('karma');
const server = new Server();
server.start();

• cli: Karma is more strict and will error out if unknown option or argument is passed to CLI.
• Using Karma to run Dart code in the browser is no longer supported. Use your favorite Dart-to-JS compiler instead.

dart file type has been removed without a replacement.

customFileHandlers DI token has been removed. Use middleware to achieve similar functionality.

customScriptTypes DI token has been removed. It had no effect, so no replacement is provided.

• deps: Some projects have socket.io tests that are version sensitive.

5.2.3 (2020-09-25)

Bug Fixes

• update us-parser-js dependency (#​3564) (500ed25)

5.2.2 (2020-09-08)

Bug Fixes

• revert source-map update (#​3559) (d9ba284), closes #​3557

5.2.1 (2020-09-02)

Bug Fixes

• remove broken link from docs - 06-angularjs.md (#​3555) (da2f307)
• remove unused JSON utilities and flatted dependency (#​3550) (beed255)

v5.2.3

Compare Source

Bug Fixes

• update us-parser-js dependency (#​3564) (500ed25)

v5.2.2

Compare Source

Bug Fixes

• revert source-map update (#​3559) (d9ba284), closes #​3557

v5.2.1

Compare Source

Bug Fixes

• remove broken link from docs - 06-angularjs.md (#​3555) (da2f307)
• remove unused JSON utilities and flatted dependency (#​3550) (beed255)

v5.2.0

Compare Source

Bug Fixes

• client: avoid race between execute and clearContext (#​3452) (8bc5b46), closes #​3424
• client: check in bundled client code into version control (#​3524) (6cd5a3b), closes /github.com/karma-runner/karma/commit/f5521df7df5cd1201b5dce28dc4e326b1ffc41fd#commitcomment-38967493
• dependencies: update dependencies (#​3543) (5db46b7)
• docs: Update 03-how-it-works.md (#​3539) (e7cf7b1)
• server: log error when file loading or preprocessing fails (#​3540) (fc2fd61)

Features

• server: allow 'exit' listeners to set exit code (#​3541) (7a94d33)

5.1.1 (2020-07-28)

Bug Fixes

• server: echo the hostname rather than listenAddress (#​3532) (ebe7ce4)

v5.1.1

Compare Source

Bug Fixes

• server: echo the hostname rather than listenAddress (#​3532) (ebe7ce4)

v5.1.0

Compare Source

Features

• proxy: use keepAlive agent (#​3527) (b77f94c)

5.0.9 (2020-05-19)

Bug Fixes

• dependencies: update to safe version of http-proxy (#​3519) (00347bb), closes #​3510

5.0.8 (2020-05-18)

Bug Fixes

• dependencies: update and unlock socket.io dependency (#​3513) (b60391f)
• dependencies: update to latest log4js major (#​3514) (47f1cb2)

5.0.7 (2020-05-16)

Bug Fixes

• detect type for URLs with query parameter or fragment identifier (#​3509) (f399063), closes #​3497

5.0.6 (2020-05-16)

Bug Fixes

• dependencies: update production dependencies (#​3512) (0cd696f)

5.0.5 (2020-05-07)

Bug Fixes

• cli: restore command line help contents (#​3502) (e99da31), closes #​3474

5.0.4 (2020-04-30)

Bug Fixes

• browser: make sure that empty results array is still recognized (#​3486) (fa95fa3)

5.0.3 (2020-04-29)

Bug Fixes

• client: flush resultsBuffer on engine upgrade (#​3212) (e44ca94), closes #​3211

5.0.2 (2020-04-16)

Bug Fixes

• ci: stop the proxy before killing the child, handle errors (#​3472) (abe9af6), closes #​3464

5.0.1 (2020-04-10)

Bug Fixes

• file-list: do not define fs.statAsync (#​3467) (55a59e7)

v5.0.9

Compare Source

Bug Fixes

• dependencies: update to safe version of http-proxy (#​3519) (00347bb), closes #​3510

v5.0.8

Compare Source

Bug Fixes

• dependencies: update and unlock socket.io dependency (#​3513) (b60391f)
• dependencies: update to latest log4js major (#​3514) (47f1cb2)

v5.0.7

Compare Source

Bug Fixes

• detect type for URLs with query parameter or fragment identifier (#​3509) (f399063), closes #​3497

v5.0.6

Compare Source

Bug Fixes

• dependencies: update production dependencies (#​3512) (0cd696f)

v5.0.5

Compare Source

Bug Fixes

• cli: restore command line help contents (#​3502) (e99da31), closes #​3474

v5.0.4

Compare Source

Bug Fixes

• browser: make sure that empty results array is still recognized (#​3486) (fa95fa3)

v5.0.3

Compare Source

Bug Fixes

• client: flush resultsBuffer on engine upgrade (#​3212) (e44ca94), closes #​3211

v5.0.2

Compare Source

Bug Fixes

• ci: stop the proxy before killing the child, handle errors (#​3472) (abe9af6), closes #​3464

v5.0.1

Compare Source

Bug Fixes

• file-list: do not define fs.statAsync (#​3467) (55a59e7)

v5.0.0

Compare Source

Bug Fixes

• install semantic-release as a regular dev dependency (#​3455) (1eaf35e)
• ci: echo travis env that gates release after_success (#​3446) (b8b2ed8)
• ci: poll every 10s to avoid rate limit. (#​3388) (91e7e00)
• middleware/runner: handle file list rejections (#​3400) (80febfb), closes #​3396 #​3396
• server: cleanup import of the removed method (#​3439) (cb1bcbf)
• server: createPreprocessor was removed (#​3435) (5c334f5)
• server: detection new MS Edge Chromium (#​3440) (7166ce2)
• server: replace optimist on yargs lib (#​3451) (ec1e69a), closes #​2473
• server: Report original error message (#​3415) (79ee331), closes #​3414

Code Refactoring

• use native Promise instead of Bluebird (#​3436) (33a069f), closes /github.com/karma-runner/karma/pull/3060#discussion_r284797390

Continuous Integration

• drop node 8, adopt node 12 (#​3430) (a673aa8)

Features

• docs: document DEFAULT_LISTEN_ADDR constant (#​3443) (057d527), closes #​2479
• karma-server: added log to the server.js for uncaught exception (#​3399) (adc6a66)
• preprocessor: obey Pattern.isBinary when set (#​3422) (708ae13), closes #​3405

BREAKING CHANGES

• Karma plugins which rely on the fact that Karma uses Bluebird promises may break as Bluebird-specific API is no longer available on Promises returned by the Karma core
• server: Deprecated createPreprocessor removed, karma-browserify < 7 version doesn't work
• no more testing on node 8.

4.4.1 (2019-10-18)

Bug Fixes

• deps: back to karma-browserstack-launcher 1.4 (#​3361) (1cd87ad)
• server: Add test coverage for config.singleRun true branch. (#​3384) (259be0d)
• if preprocessor is async function and doesn't return a content then await donePromise (#​3387) (f91be24)

v4.4.1

Compare Source

Bug Fixes

• deps: back to karma-browserstack-launcher 1.4 (#​3361) (1cd87ad)
• server: Add test coverage for config.singleRun true branch. (#​3384) (259be0d)
• if preprocessor is async function and doesn't return a content then await donePromise (#​3387) (f91be24)

v4.4.0

Compare Source

Bug Fixes

• runner: remove explicit error on all tests failed (#​3369) (f8005c6), closes #​3367

Features

• client: Add trusted types support (#​3360) (019bfd4)
• Preprocessor can return Promise (#​3376) (3ffcd83)
• config: add failOnSkippedTests option. (#​3374) (4ed3af0)
• config: clientDisplayNone sets client elements display none. (#​3348) (6235e68)
• deps: Remove core-js dependency. (#​3379) (0d70809)

v4.3.0

Compare Source

Bug Fixes

• build: switch from yarn to package-lock.json (#​3351) (6c5add2)
• config: Simpilfy error proceesing. (#​3345) (582a406), closes #​3339
• deps: lodash update. (#​3341) (5614c04)
• server: Simplify 'dom' inclusion. (#​3356) (5f13e11)
• test: test:client silently failing on Travis (#​3343) (1489e9a), closes /travis-ci.org/karma-runner/karma/jobs/537027667#L1046
• travis: Pin to trusty (#​3347) (1c6c690)

Features

• async: frameworks can be loaded asynchronously (#​3297) (177e2ef), closes #​851
• config: socket.io server pingTimeout config option. (#​3355) (817fbbd)
• preprocessor: preprocessor_priority execution order. (#​3303) (c5f3560)
• runner: feat(runner): (62d4c5a), closes #​2121 #​2799 #​2121 #​2799

v4.2.0

Compare Source

Bug Fixes

• logging: Util inspect for logging the config. (#​3332) (70b72a9)
• reporter: format stack with 1-based column (#​3325) (182c04d), closes #​3324
• server: Add error handler for webserver socket. (#​3300) (fe9a1dd)

v4.1.0

Compare Source

Bug Fixes

• client: Enable loading different file types when running in parent mode without iframe (#​3289) (7968db6)
• client: Only create the funky object if message is not a string (#​3298) (ce6825f), closes #​3296
• launcher: Log state transitions in debug (#​3294) (6556ab4), closes #​3290
• middleware: log invalid filetype (#​3292) (7eb48c5), closes #​3291

4.0.1 (2019-02-28)

Bug Fixes

• browser: allow updating total specs count (#​3264) (d5df723)
• remove vulnerable dependency combine-lists (#​3273) (c43f584), closes #​3265
• remove vulnerable dependency expand-braces (#​3270) (4ec4f6f), closes #​3268 #​3269
• filelist: correct logger name. (#​3262) (375bb5e)
• launcher: Debug Child Processes exit signal (#​3259) (c277a6b)

v4.0.1

Compare Source

Bug Fixes

• browser: allow updating total specs count (#​3264) (d5df723)
• remove vulnerable dependency combine-lists (#​3273) (c43f584), closes #​3265
• remove vulnerable dependency expand-braces (#​3270) (4ec4f6f), closes #​3268 #​3269
• filelist: correct logger name. (#​3262) (375bb5e)
• launcher: Debug Child Processes exit signal (#​3259) (c277a6b)

v4.0.0

Compare Source

Bug Fixes

• client: fix issue with loaded on safari 10 (#​3252) (571191c), closes #​3198
• config: add test:unit npm script (#​3242) (02f071d)

Chores

• remove support for node 6 (#​3246) (8a83990), closes #​3151

BREAKING CHANGES

• Drop Support for Node 6, to make it possible to use async/await in karma codebase.

3.1.4 (2018-12-17)

Bug Fixes

• file-list: revert "do not preprocess up-to-date files" (#​3226) (#​3230) (bb022a7)
• improve error msg when bin is a directory (#​3231) (584dddc)
• restarted browsers not running tests (#​3233) (cc2eff2)

3.1.3 (2018-12-01)

Bug Fixes

• add missing dep flatted (#​3223) (655d4d2)

3.1.2 (2018-12-01)

Bug Fixes

• browser: report errors to console during singleRun=false (#​3209) (30ff73b), closes #​3131
• changelog: remove release which does not exist (#​3214) (4e87902)
• dep: Bump useragent to fix HeadlessChrome version (#​3201) (240209f), closes #​2762
• deps: upgrade sinon-chai 2.x -> 3.x (#​3207) (dc5f5de)
• file-list: do not preprocess up-to-date files (#​3196) (5334d1a), closes #​2829
• package: bump lodash version (#​3203) (d38f344), closes #​3177
• server: use flatted for json.stringify (#​3220) (fb05fb1), closes #​3215

Features

• docs: callout the key debug strategies. (#​3219) (2682bff)

3.1.1 (2018-10-23)

Bug Fixes

• config: move puppeteer from dependency to dev-dependency (#​3193) (f0d52ad), closes #​3191

v3.1.4

Compare Source

Bug Fixes

• file-list: revert "do not preprocess up-to-date files" (#​3226) (#​3230) (bb022a7)
• improve error msg when bin is a directory (#​3231) (584dddc)
• r

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json

npm ERR! code ERESOLVE
npm ERR! ERESOLVE could not resolve
npm ERR! 
npm ERR! While resolving: @ngrx/[email protected]
npm ERR! Found: [email protected]
npm ERR! node_modules/rxjs
npm ERR!   rxjs@"6.5.4" from the root project
npm ERR!   rxjs@"6.5.4" from @angular-devkit/[email protected]
npm ERR!   node_modules/@angular-devkit/schematics
npm ERR!     @angular-devkit/schematics@"9.1.7" from @angular/[email protected]
npm ERR!     node_modules/@angular/cli
npm ERR!       dev @angular/cli@"^9.0.4" from the root project
npm ERR!     @angular-devkit/schematics@"9.1.7" from @schematics/[email protected]
npm ERR!     node_modules/@schematics/angular
npm ERR!       @schematics/angular@"9.1.7" from @angular/[email protected]
npm ERR!       node_modules/@angular/cli
npm ERR!         dev @angular/cli@"^9.0.4" from the root project
npm ERR!     1 more (@schematics/update)
npm ERR!   20 more (@angular-devkit/core, @angular-devkit/architect, ...)
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! peer rxjs@"^5.0.0-beta.12" from @ngrx/[email protected]
npm ERR! node_modules/@ngrx/core
npm ERR!   @ngrx/core@"^1.2.0" from the root project
npm ERR! 
npm ERR! Conflicting peer dependency: [email protected]
npm ERR! node_modules/rxjs
npm ERR!   peer rxjs@"^5.0.0-beta.12" from @ngrx/[email protected]
npm ERR!   node_modules/@ngrx/core
npm ERR!     @ngrx/core@"^1.2.0" from the root project
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR! 
npm ERR! See /tmp/renovate-cache/others/npm/eresolve-report.txt for a full report.

npm ERR! A complete log of this run can be found in:
npm ERR!     /tmp/renovate-cache/others/npm/_logs/2023-03-11T09_51_39_926Z-debug-0.log

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json

npm ERR! code ERESOLVE
npm ERR! ERESOLVE could not resolve
npm ERR! 
npm ERR! While resolving: @ngrx/[email protected]
npm ERR! Found: [email protected]
npm ERR! node_modules/rxjs
npm ERR!   rxjs@"6.5.4" from the root project
npm ERR!   rxjs@"6.5.4" from @angular-devkit/[email protected]
npm ERR!   node_modules/@angular-devkit/schematics
npm ERR!     @angular-devkit/schematics@"9.1.7" from @angular/[email protected]
npm ERR!     node_modules/@angular/cli
npm ERR!       dev @angular/cli@"^9.0.4" from the root project
npm ERR!     @angular-devkit/schematics@"9.1.7" from @schematics/[email protected]
npm ERR!     node_modules/@schematics/angular
npm ERR!       @schematics/angular@"9.1.7" from @angular/[email protected]
npm ERR!       node_modules/@angular/cli
npm ERR!         dev @angular/cli@"^9.0.4" from the root project
npm ERR!     1 more (@schematics/update)
npm ERR!   20 more (@angular-devkit/core, @angular-devkit/architect, ...)
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! peer rxjs@"^5.0.0-beta.12" from @ngrx/[email protected]
npm ERR! node_modules/@ngrx/core
npm ERR!   @ngrx/core@"^1.2.0" from the root project
npm ERR! 
npm ERR! Conflicting peer dependency: [email protected]
npm ERR! node_modules/rxjs
npm ERR!   peer rxjs@"^5.0.0-beta.12" from @ngrx/[email protected]
npm ERR!   node_modules/@ngrx/core
npm ERR!     @ngrx/core@"^1.2.0" from the root project
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR! 
npm ERR! See /tmp/renovate/cache/others/npm/eresolve-report.txt for a full report.

npm ERR! A complete log of this run can be found in:
npm ERR!     /tmp/renovate/cache/others/npm/_logs/2024-12-08T23_06_13_741Z-debug-0.log