[Snyk] Upgrade karma from 5.1.0 to 5.2.3 #14

snyk-bot · 2021-04-10T21:49:41Z

Snyk has created this PR to upgrade karma from 5.1.0 to 5.2.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 5 versions ahead of your current version.
The recommended version was released 7 months ago, on 2020-09-25.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-610226	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: karma

5.2.3 - 2020-09-25
5.2.3 (2020-09-25)

Bug Fixes
- update us-parser-js dependency (#3564) (500ed25)
5.2.2 - 2020-09-08
5.2.2 (2020-09-08)

Bug Fixes
- revert source-map update (#3559) (d9ba284), closes #3557
5.2.1 - 2020-09-02
5.2.1 (2020-09-02)

Bug Fixes
- remove broken link from docs - 06-angularjs.md (#3555) (da2f307)
- remove unused JSON utilities and flatted dependency (#3550) (beed255)
5.2.0 - 2020-08-31
5.2.0 (2020-08-31)

Bug Fixes
- client: avoid race between execute and clearContext (#3452) (8bc5b46), closes #3424
- client: check in bundled client code into version control (#3524) (6cd5a3b), closes /github.com/karma-runner/karma/commit/f5521df7df5cd1201b5dce28dc4e326b1ffc41fd#commitcomment-38967493
- dependencies: update dependencies (#3543) (5db46b7)
- docs: Update 03-how-it-works.md (#3539) (e7cf7b1)
- server: log error when file loading or preprocessing fails (#3540) (fc2fd61)
Features
- server: allow 'exit' listeners to set exit code (#3541) (7a94d33)
5.1.1 - 2020-07-28
5.1.1 (2020-07-28)

Bug Fixes
- server: echo the hostname rather than listenAddress (#3532) (ebe7ce4)
5.1.0 - 2020-06-11
5.1.0 (2020-06-11)

Features
- proxy: use keepAlive agent (#3527) (b77f94c)

from karma GitHub release notes

Commit messages

Package name: karma

ead31cd chore(release): 5.2.3 [skip ci]
500ed25 fix: update us-parser-js dependency (Uncaught TypeError: elem.getClientRects is not a function using .offset() jquery/jquery#3564)
fffbaee chore(release): 5.2.2 [skip ci]
9ec37a9 docs: mention that `html` include type does not work anymore (Feature request: return state boolean from toggleClass jquery/jquery#3556)
d9ba284 fix: revert source-map update (Effects: stabilize rAF logic & align timeout logic with it jquery/jquery#3559)
4fdef70 chore(release): update contributors when publishing a release (On Method Adds Multiple Instances of Event Handlers jquery/jquery#3552)
ac7b73a refactor: use colors/safe (Problem with scrollTop and css overflow-x hidden when body & html are both set to 100% width and height jquery/jquery#3548)
2741d98 chore(release): 5.2.1 [skip ci]
da2f307 fix: remove broken link from docs - 06-angularjs.md (Golfing 21 bytes jquery/jquery#3555)
4b3a469 chore(release): fix documentation update task (SyntaxError jQuery v3.1.1 "el.querySelectorAll("*,:x");" //line 1361 Edge 14.14393 / Edge 38.14393.0.0 jquery/jquery#3551)
beed255 fix: remove unused JSON utilities and flatted dependency (Hidden input with no "value" attribute in IE11 has value="" created when cloned jquery/jquery#3550)
30ff444 chore(release): 5.2.0 [skip ci]
f34b38f chore(test): fix client tests in older IE versions (toggleClass not working with class "topbar-icon-on" jquery/jquery#3547)
7a94d33 feat(server): allow 'exit' listeners to set exit code (Issue using JQuery 3.1.1 and CSP jquery/jquery#3541)
8bc5b46 fix(client): avoid race between execute and clearContext (The .is() method returns unexpected results. jquery/jquery#3452)
6cd5a3b fix(client): check in bundled client code into version control ($.post() : json result has collapsed white space jquery/jquery#3524)
5db46b7 fix(dependencies): update dependencies (jQuery 3.1.0 bug jquery/jquery#3543)
e7cf7b1 fix(docs): Update 03-how-it-works.md (dropdown selection broken on Firefox after prepending new option jquery/jquery#3539)
fc2fd61 fix(server): log error when file loading or preprocessing fails (سؤي jquery/jquery#3540)
1a118c2 chore: fix appveyor glitch on Node 14 (Catch is a reserved word - IE9 jquery/jquery#3544)
1521f2b chore(release): 5.1.1 [skip ci]
ebe7ce4 fix(server): echo the hostname rather than listenAddress (Pass array of classes to .addClass(), removeClass(), and toggleClass() jquery/jquery#3532)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade karma from 5.1.0 to 5.2.3. See this package in npm: https://www.npmjs.com/package/karma See this project in Snyk: https://app.snyk.io/org/kadirselcuk/project/28ac5072-f66b-4183-bbda-99b4324cbf96?utm_source=github&utm_medium=upgrade-pr

mistaken-pull-closer · 2021-04-10T21:49:46Z

Thanks for your submission.

It appears that you've created a pull request using one of our repository's branches. Since this is
almost always a mistake, we're going to go ahead and close this. If it was intentional, please
let us know what you were intending and we can see about reopening it.

Thanks again!

pull-dog · 2021-04-10T21:49:47Z

*Ruff* 🐶 I wasn't able to find any Docker Compose files in your repository at any of the given paths in the pull-dog.json configuration file, or the default docker-compose.yml file 😩 Make sure the given paths are correct.

Files checked:

docker-compose.yml

What is this?

Pull Dog is a GitHub app that makes test environments for your pull requests using Docker, from a docker-compose.yml file you specify. It takes 19 seconds to set up (we counted!) and there's a free plan available.

Visit our website to learn more.

Commands

@pull-dog up to reprovision or provision the server.
@pull-dog down to delete the provisioned server.

Troubleshooting

Need help? Don't hesitate to file an issue in our repository

Configuration

{
  "isLazy": false,
  "dockerComposeYmlFilePaths": [
    "docker-compose.yml"
  ],
  "expiry": "00:00:00",
  "conversationMode": "singleComment"
}

Trace ID
a7e25bb0-9a46-11eb-854e-a1de1f4fd588

guardrails · 2021-04-10T21:50:26Z

⚠️ We detected 118 security issues in this pull request:
Mode: paranoid | Total findings: 118 | Considered vulnerability: 0

Hard-Coded Secrets (2)

jquery/test/unit/event.js

Line 1182 in e672f2c

$child.trigger( { "type": "foo", "secret": "boo!" } );

jquery/test/unit/selector.js

Line 2115 in e672f2c

assert.equal( jQuery.escapeSelector( "a0123456789b" ), "a0123456789b",

More info on how to fix Hard-Coded Secrets in General.

Insecure File Management (41)

jquery/Gruntfile.js

Line 9 in e672f2c

fs.readFileSync( filepath, { encoding: "utf8" } )

jquery/build/release.js

Line 25 in e672f2c

var contents = fs.readFileSync( filepath, "utf8" );

jquery/build/release.js

Line 27 in e672f2c

fs.writeFileSync( filepath, contents, "utf8" );

jquery/build/release/cdn.js

Line 46 in e672f2c

text = fs.readFileSync( builtFile, "utf8" )

jquery/build/release/cdn.js

Line 51 in e672f2c

fs.writeFileSync( releaseFile, text );

jquery/build/release/cdn.js

Line 74 in e672f2c

output = fs.createWriteStream(

jquery/build/release/cdn.js

Line 93 in e672f2c

fs.writeFileSync( md5file, sum );

jquery/build/release/cdn.js

Line 97 in e672f2c

archiver.append( fs.createReadStream( file ),

jquery/build/release/dist.js

Line 8 in e672f2c

const pkg = require( `${ Release.dir.repo }/package.json` );

jquery/build/release/dist.js

Line 73 in e672f2c

const readme = await fs.readFile(

jquery/build/release/dist.js

Line 106 in e672f2c

await fs.writeFile( `${ Release.dir.dist }/bower.json`, generateBower() );

jquery/build/release/dist.js

Line 108 in e672f2c

await fs.writeFile( `${ Release.dir.dist }/README.md`,

jquery/build/tasks/build.js

Line 102 in e672f2c

fs.readdirSync( `${ srcFolder }/${ prepend }${ module }` ),

jquery/build/tasks/build.js

Line 154 in e672f2c

fs.readdirSync( `${ srcFolder }/${ module }` ),

jquery/build/tasks/dist.js

Line 33 in e672f2c

text = fs.readFileSync( filename, "utf8" );

jquery/build/tasks/node_smoke_tests.js

Line 15 in e672f2c

fs.readdirSync( testsDir )

jquery/build/tasks/node_smoke_tests.js

Line 17 in e672f2c

fs.statSync( testsDir + testFilePath ).isFile() &&

jquery/build/tasks/qunit_fixture.js

Line 8 in e672f2c

fs.writeFileSync(

jquery/build/tasks/sourcemap.js

Line 13 in e672f2c

var text = fs.readFileSync( minLoc, "utf8" )

jquery/build/tasks/sourcemap.js

Line 15 in e672f2c

fs.writeFileSync( minLoc, text );

jquery/src/ajax/xhr.js

Line 24 in e672f2c

xhr.open(

jquery/test/data/jquery-1.9.1.js

Line 8753 in e672f2c

xhr.open( s.type, s.url, s.async, s.username, s.password );

jquery/test/data/jquery-1.9.1.js

Line 8755 in e672f2c

xhr.open( s.type, s.url, s.async );

jquery/test/data/testinit.js

Line 329 in e672f2c

require( [ parentUrl + "test/data/testrunner.js" ], function() {

jquery/test/data/testinit.js

Line 366 in e672f2c

require( [ parentUrl + "test/" + dep ], loadDep );

jquery/test/data/testinit.js

Line 389 in e672f2c

    
           require( [ "http://swarm.jquery.org/js/inject.js?" + ( new Date() ).getTime() ],

jquery/test/jquery.js

Line 89 in e672f2c

require( [ src ], loadTests );

jquery/test/jquery.js

Line 91 in e672f2c

require( [ src ] );

jquery/test/middleware-mockserver.js

Line 134 in e672f2c

var body = fs.readFileSync( __dirname + "/data/with_fries.xml" ).toString();

jquery/test/middleware-mockserver.js

Line 214 in e672f2c

var body = fs.readFileSync( __dirname + "/data/test.include.html" ).toString();

jquery/test/middleware-mockserver.js

Line 223 in e672f2c

var body = fs.readFileSync( __dirname + "/data/csp.include.html" ).toString();

jquery/test/middleware-mockserver.js

Line 232 in e672f2c

var body = fs.readFileSync(

jquery/test/middleware-mockserver.js

Line 241 in e672f2c

var body = fs.readFileSync(

[Snyk] Upgrade karma from 5.1.0 to 5.2.3 #14

Are you sure you want to change the base?

[Snyk] Upgrade karma from 5.1.0 to 5.2.3 #14

Conversation

snyk-bot commented Apr 10, 2021

Snyk has created this PR to upgrade karma from 5.1.0 to 5.2.3.

5.2.3 (2020-09-25)

Bug Fixes

5.2.2 (2020-09-08)

Bug Fixes

5.2.1 (2020-09-02)

Bug Fixes

5.2.0 (2020-08-31)

Bug Fixes

Features

5.1.1 (2020-07-28)

Bug Fixes

5.1.0 (2020-06-11)

Features

mistaken-pull-closer bot commented Apr 10, 2021

pull-dog bot commented Apr 10, 2021

guardrails bot commented Apr 10, 2021