sonarcloud[bot]
commented
1 year ago Kudos, SonarCloud Quality Gate passed! 
0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells
No Coverage information
0.0% Duplication
Open renovate[bot] opened 1 year ago
sonarcloud[bot]
commented
1 year ago Kudos, SonarCloud Quality Gate passed!
0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells
No Coverage information
0.0% Duplication
This PR contains the following updates:
6.3.2->6.3.16GitHub Vulnerability Alerts
CVE-2022-0437
karma prior to version 6.3.14 contains a cross-site scripting vulnerability.
CVE-2021-23495
Karma before 6.3.16 is vulnerable to Open Redirect due to missing validation of the return_url query parameter.
Release Notes
karma-runner/karma (karma)
### [`v6.3.16`](https://redirect.github.com/karma-runner/karma/blob/HEAD/CHANGELOG.md#6316-2022-02-10) [Compare Source](https://redirect.github.com/karma-runner/karma/compare/v6.3.15...v6.3.16) ##### Bug Fixes - **security:** mitigate the "Open Redirect Vulnerability" ([ff7edbb](https://redirect.github.com/karma-runner/karma/commit/ff7edbb2ffbcdd69761bece86b7dc1ef0740508d)) ### [`v6.3.15`](https://redirect.github.com/karma-runner/karma/blob/HEAD/CHANGELOG.md#6315-2022-02-05) [Compare Source](https://redirect.github.com/karma-runner/karma/compare/v6.3.14...v6.3.15) ##### Bug Fixes - **helper:** make mkdirIfNotExists helper resilient to concurrent calls ([d9dade2](https://redirect.github.com/karma-runner/karma/commit/d9dade2f004a340e49c9a633177576200c286404)), closes [/github.com/karma-runner/karma-coverage/issues/434#issuecomment-1017939333](https://redirect.github.com//github.com/karma-runner/karma-coverage/issues/434/issues/issuecomment-1017939333) ### [`v6.3.14`](https://redirect.github.com/karma-runner/karma/blob/HEAD/CHANGELOG.md#6314-2022-02-05) [Compare Source](https://redirect.github.com/karma-runner/karma/compare/v6.3.13...v6.3.14) ##### Bug Fixes - remove string template from client code ([91d5acd](https://redirect.github.com/karma-runner/karma/commit/91d5acda6325caf91685da465d688527bd412b47)) - warn when `singleRun` and `autoWatch` are `false` ([69cfc76](https://redirect.github.com/karma-runner/karma/commit/69cfc763c8f83e8e7e64d34e17829d0d3dcc0449)) - **security:** remove XSS vulnerability in `returnUrl` query param ([839578c](https://redirect.github.com/karma-runner/karma/commit/839578c45a8ac42fbc1d72105f97eab77dd3eb8a)) ### [`v6.3.13`](https://redirect.github.com/karma-runner/karma/blob/HEAD/CHANGELOG.md#6313-2022-01-31) [Compare Source](https://redirect.github.com/karma-runner/karma/compare/v6.3.12...v6.3.13) ##### Bug Fixes - **deps:** bump log4js to resolve security issue ([5bf2df3](https://redirect.github.com/karma-runner/karma/commit/5bf2df304453c8f71ebc725653fd174ddb1dd28b)), closes [#3751](https://redirect.github.com/karma-runner/karma/issues/3751) ### [`v6.3.12`](https://redirect.github.com/karma-runner/karma/blob/HEAD/CHANGELOG.md#6312-2022-01-24) [Compare Source](https://redirect.github.com/karma-runner/karma/compare/v6.3.11...v6.3.12) ##### Bug Fixes - remove depreciation warning from log4js ([41bed33](https://redirect.github.com/karma-runner/karma/commit/41bed33bf4b88c7e0787ca3a5ec15f2913b936fd)) ### [`v6.3.11`](https://redirect.github.com/karma-runner/karma/blob/HEAD/CHANGELOG.md#6311-2022-01-13) [Compare Source](https://redirect.github.com/karma-runner/karma/compare/v6.3.10...v6.3.11) ##### Bug Fixes - **deps:** pin colors package to 1.4.0 due to security vulnerability ([a5219c5](https://redirect.github.com/karma-runner/karma/commit/a5219c52e2515248eefae4fe1863ac8ad3fdd43b)) ### [`v6.3.10`](https://redirect.github.com/karma-runner/karma/blob/HEAD/CHANGELOG.md#6310-2022-01-08) [Compare Source](https://redirect.github.com/karma-runner/karma/compare/v6.3.9...v6.3.10) ##### Bug Fixes - **logger:** create parent folders if they are missing ([0d24bd9](https://redirect.github.com/karma-runner/karma/commit/0d24bd937f7089d1456e2ecf04419d2c268c3144)), closes [#3734](https://redirect.github.com/karma-runner/karma/issues/3734) ### [`v6.3.9`](https://redirect.github.com/karma-runner/karma/blob/HEAD/CHANGELOG.md#639-2021-11-16) [Compare Source](https://redirect.github.com/karma-runner/karma/compare/v6.3.8...v6.3.9) ##### Bug Fixes - restartOnFileChange option not restarting the test run ([92ffe60](https://redirect.github.com/karma-runner/karma/commit/92ffe6018451f6144e8bc7726d304057b5ac9d0a)), closes [#27](https://redirect.github.com/karma-runner/karma/issues/27) [#3724](https://redirect.github.com/karma-runner/karma/issues/3724) ### [`v6.3.8`](https://redirect.github.com/karma-runner/karma/blob/HEAD/CHANGELOG.md#638-2021-11-07) [Compare Source](https://redirect.github.com/karma-runner/karma/compare/v6.3.7...v6.3.8) ##### Bug Fixes - **reporter:** warning if stack trace contains generated code invocation ([4f23b14](https://redirect.github.com/karma-runner/karma/commit/4f23b14d3e774c0401f2c9eecb188b37aed020eb)) ### [`v6.3.7`](https://redirect.github.com/karma-runner/karma/blob/HEAD/CHANGELOG.md#637-2021-11-01) [Compare Source](https://redirect.github.com/karma-runner/karma/compare/v6.3.6...v6.3.7) ##### Bug Fixes - **middleware:** replace %X_UA_COMPATIBLE% marker anywhere in the file ([f1aeaec](https://redirect.github.com/karma-runner/karma/commit/f1aeaec09e49856747b8f650d06b4dcc61eb637e)), closes [#3711](https://redirect.github.com/karma-runner/karma/issues/3711) ### [`v6.3.6`](https://redirect.github.com/karma-runner/karma/blob/HEAD/CHANGELOG.md#636-2021-10-25) [Compare Source](https://redirect.github.com/karma-runner/karma/compare/v6.3.5...v6.3.6) ##### Bug Fixes - bump vulnerable ua-parser-js version ([6f2b2ec](https://redirect.github.com/karma-runner/karma/commit/6f2b2ec6ed0218980eabf2cbf44e0c8f16fee661)), closes [#3713](https://redirect.github.com/karma-runner/karma/issues/3713) ### [`v6.3.5`](https://redirect.github.com/karma-runner/karma/blob/HEAD/CHANGELOG.md#635-2021-10-20) [Compare Source](https://redirect.github.com/karma-runner/karma/compare/v6.3.4...v6.3.5) ##### Bug Fixes - **client:** prevent socket.io from hanging due to mocked clocks ([#3695](https://redirect.github.com/karma-runner/karma/issues/3695)) ([105da90](https://redirect.github.com/karma-runner/karma/commit/105da90a9975c1050f96cda966bd30a3c677494e)) ### [`v6.3.4`](https://redirect.github.com/karma-runner/karma/blob/HEAD/CHANGELOG.md#634-2021-06-14) [Compare Source](https://redirect.github.com/karma-runner/karma/compare/v6.3.3...v6.3.4) ##### Bug Fixes - bump production dependencies within SemVer ranges ([#3682](https://redirect.github.com/karma-runner/karma/issues/3682)) ([36467a8](https://redirect.github.com/karma-runner/karma/commit/36467a8ac357108343dde4131ef34099004711e5)), closes [#3680](https://redirect.github.com/karma-runner/karma/issues/3680) ### [`v6.3.3`](https://redirect.github.com/karma-runner/karma/blob/HEAD/CHANGELOG.md#633-2021-06-01) [Compare Source](https://redirect.github.com/karma-runner/karma/compare/v6.3.2...v6.3.3) ##### Bug Fixes - **server:** clean up vestigial code from proxy ([#3640](https://redirect.github.com/karma-runner/karma/issues/3640)) ([f4aeac3](https://redirect.github.com/karma-runner/karma/commit/f4aeac313ec07d61ce42edc2bd7ae5392a7b3fbc)), closes [/tools.ietf.org/html/std66#section-3](https://redirect.github.com//tools.ietf.org/html/std66/issues/section-3)Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.