Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency karma to v6.3.16 [SECURITY] #131

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update dependency karma to v6.3.16 [SECURITY] #131

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jan 10, 2024
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
karma (source) 6.3.2 -> 6.3.16 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2022-0437

karma prior to version 6.3.14 contains a cross-site scripting vulnerability.

CVE-2021-23495

Karma before 6.3.16 is vulnerable to Open Redirect due to missing validation of the return_url query parameter.

Cross-site Scripting in karma

CVE-2022-0437 / GHSA-7x7c-qm48-pq9c

More information

Details

karma prior to version 6.3.14 contains a cross-site scripting vulnerability.

Severity

  • CVSS Score: 6.1 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

Open redirect in karma

CVE-2021-23495 / GHSA-rc3x-jf5g-xvc5

More information

Details

Karma before 6.3.16 is vulnerable to Open Redirect due to missing validation of the return_url query parameter.

Severity

  • CVSS Score: 5.4 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

Release Notes

karma-runner/karma (karma)

v6.3.16

Compare Source

Bug Fixes
  • security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

v6.3.15

Compare Source

Bug Fixes

v6.3.14

Compare Source

Bug Fixes
  • remove string template from client code (91d5acd)
  • warn when singleRun and autoWatch are false (69cfc76)
  • security: remove XSS vulnerability in returnUrl query param (839578c)

v6.3.13

Compare Source

Bug Fixes

v6.3.12

Compare Source

Bug Fixes
  • remove depreciation warning from log4js (41bed33)

v6.3.11

Compare Source

Bug Fixes
  • deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

v6.3.10

Compare Source

Bug Fixes
  • logger: create parent folders if they are missing (0d24bd9), closes #​3734

v6.3.9

Compare Source

Bug Fixes

v6.3.8

Compare Source

Bug Fixes
  • reporter: warning if stack trace contains generated code invocation (4f23b14)

v6.3.7

Compare Source

Bug Fixes
  • middleware: replace %X_UA_COMPATIBLE% marker anywhere in the file (f1aeaec), closes #​3711

v6.3.6

Compare Source

Bug Fixes

v6.3.5

Compare Source

Bug Fixes
  • client: prevent socket.io from hanging due to mocked clocks (#​3695) (105da90)

v6.3.4

Compare Source

Bug Fixes

v6.3.3

Compare Source

Bug Fixes

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@socket-security Socket Security
Copy link

socket-security bot commented Jan 10, 2024
edited
Loading

New, updated, and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@colors/[email protected] environment 0 39.5 kB dabh
npm/@socket.io/[email protected] None 0 21.2 kB darrachequesne
npm/[email protected] 🔁 npm/[email protected] None 0 5.03 kB sindresorhus
npm/[email protected] None +1 45.9 kB ljharb
npm/[email protected] Transitive: eval +2 81.3 kB ljharb
npm/[email protected] 🔁 npm/[email protected] None 0 10.5 kB dougwilson
npm/[email protected] 🔁 npm/[email protected], npm/[email protected] None 0 19.7 kB csausdev
npm/[email protected] None 0 13 kB ljharb
npm/[email protected] 🔁 npm/[email protected] None 0 115 kB ljharb, tootallnate
npm/[email protected] None 0 10.2 kB ljharb
npm/[email protected] None 0 12.3 kB ljharb
npm/[email protected] None 0 11.4 kB ljharb
npm/[email protected] 🔁 npm/[email protected] None 0 12.4 kB lukeed
npm/[email protected] 🔁 npm/[email protected] None 0 16.7 kB jonschlinkert
npm/[email protected] 🔁 npm/[email protected] None 0 29.9 kB rubenverborgh
npm/[email protected] None 0 10.8 kB ljharb
npm/[email protected] None 0 9.87 kB ljharb
npm/[email protected] None 0 17.6 kB ljharb
npm/[email protected] None 0 8.77 kB ljharb
npm/[email protected] 🔁 npm/[email protected] None 0 12.5 kB gjtorikian
npm/[email protected] 🔁 npm/[email protected] None +20 3.36 MB karmarunnerbot
npm/[email protected] 🔁 npm/[email protected] network +3 243 kB csausdev
npm/[email protected] None 0 17.3 kB ljharb
npm/[email protected] 🔁 npm/[email protected] None +1 224 kB dougwilson
npm/[email protected] None 0 34.9 kB isaacs
npm/[email protected] 🔁 npm/[email protected] None 0 27.1 kB matteo.collina
npm/[email protected] None +1 47.6 kB ljharb
npm/[email protected] 🔁 npm/[email protected] None +1 177 kB csausdev
npm/[email protected] 🔁 npm/[email protected] None +1 9.19 kB sindresorhus
npm/[email protected] 🔁 npm/[email protected] None 0 119 kB faisalman

View full report↗︎

@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch 2 times, most recently from c3b0539 to 0464d46 Compare February 5, 2024 05:22
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from 0464d46 to 999dc2c Compare February 6, 2024 13:34
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from 999dc2c to 23d649d Compare February 26, 2024 07:44
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from 23d649d to 266e3cc Compare March 13, 2024 02:41
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from 266e3cc to 6d2b914 Compare March 22, 2024 23:47
@lvpeschke lvpeschke requested review from a team and jcortejoso March 25, 2024 15:20
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch 2 times, most recently from 444d50d to 5cdc990 Compare April 14, 2024 23:30
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from 5cdc990 to 100eb8e Compare April 27, 2024 02:49
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from 100eb8e to 4f6d62a Compare June 5, 2024 02:35
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from 4f6d62a to 9d11bd1 Compare July 24, 2024 02:27
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from 9d11bd1 to b56151f Compare August 8, 2024 20:52
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from b56151f to 65c6fee Compare August 29, 2024 05:48
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from 65c6fee to 7b220b4 Compare October 10, 2024 02:50
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from 7b220b4 to b7ee1b4 Compare December 5, 2024 00:01
@renovate
Update dependency karma to v6.3.16 [SECURITY]
fcb8a33 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate renovate bot force-pushed the renovate/npm-karma-vulnerability branch from b7ee1b4 to fcb8a33 Compare January 24, 2025 08:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jcortejoso jcortejoso Awaiting requested review from jcortejoso jcortejoso was automatically assigned from celo-org/devopsre

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
type:security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants