chore(deps): update dependency karma to v6

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
karma (source)	^3.0.0 → ^6.0.0

---

Release Notes

karma-runner/karma (karma)

v6.4.4

Compare Source

v6.4.3

Compare Source

Bug Fixes

• add build commits for patch release (d7f2d69)

v6.4.2

Compare Source

Bug Fixes

• few typos (c6a4271)

v6.4.1

Compare Source

Bug Fixes

• pass integrity value (63d86be)

v6.4.0

Compare Source

Features

• support SRI verification of link tags (dc51a2e)
• support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

• prefer IPv4 addresses when resolving domains (e17698f), closes #​3730

6.3.19 (2022-04-19)

Bug Fixes

• client: error out when opening a new tab fails (099b85e)

6.3.18 (2022-04-13)

Bug Fixes

• deps: upgrade socket.io to v4.4.1 (52a30bb)

6.3.17 (2022-02-28)

Bug Fixes

• deps: update colors to maintained version (#​3763) (fca1884)

6.3.16 (2022-02-10)

Bug Fixes

• security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

• helper: make mkdirIfNotExists helper resilient to concurrent calls (d9dade2), closes /github.com/karma-runner/karma-coverage/issues/434#issuecomment-1017939333

6.3.14 (2022-02-05)

Bug Fixes

• remove string template from client code (91d5acd)
• warn when singleRun and autoWatch are false (69cfc76)
• security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

• deps: bump log4js to resolve security issue (5bf2df3), closes #​3751

6.3.12 (2022-01-24)

Bug Fixes

• remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes

• deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes

• logger: create parent folders if they are missing (0d24bd9), closes #​3734

6.3.9 (2021-11-16)

Bug Fixes

• restartOnFileChange option not restarting the test run (92ffe60), closes #​27 #​3724

6.3.8 (2021-11-07)

Bug Fixes

• reporter: warning if stack trace contains generated code invocation (4f23b14)

6.3.7 (2021-11-01)

Bug Fixes

• middleware: replace %X_UA_COMPATIBLE% marker anywhere in the file (f1aeaec), closes #​3711

6.3.6 (2021-10-25)

Bug Fixes

• bump vulnerable ua-parser-js version (6f2b2ec), closes #​3713

6.3.5 (2021-10-20)

Bug Fixes

• client: prevent socket.io from hanging due to mocked clocks (#​3695) (105da90)

6.3.4 (2021-06-14)

Bug Fixes

• bump production dependencies within SemVer ranges (#​3682) (36467a8), closes #​3680

6.3.3 (2021-06-01)

Bug Fixes

• server: clean up vestigial code from proxy (#​3640) (f4aeac3), closes /tools.ietf.org/html/std66#section-3

6.3.2 (2021-03-29)

Bug Fixes

• fix running tests in IE9 (#​3668) (0055bc5), closes /github.com/karma-runner/karma/blob/026fff870913fb6cd2858dd962935dc74c92b725/client/main.js#L14 #​3665

6.3.1 (2021-03-24)

Bug Fixes

• client: clearContext after complete sent (#​3657) (c0962e3)

v6.3.20

Compare Source

Features

• support SRI verification of link tags (dc51a2e)
• support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

• prefer IPv4 addresses when resolving domains (e17698f), closes #​3730

6.3.19 (2022-04-19)

Bug Fixes

• client: error out when opening a new tab fails (099b85e)

6.3.18 (2022-04-13)

Bug Fixes

• deps: upgrade socket.io to v4.4.1 (52a30bb)

6.3.17 (2022-02-28)

Bug Fixes

• deps: update colors to maintained version (#​3763) (fca1884)

6.3.16 (2022-02-10)

Bug Fixes

• security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

• helper: make mkdirIfNotExists helper resilient to concurrent calls (d9dade2), closes /github.com/karma-runner/karma-coverage/issues/434#issuecomment-1017939333

6.3.14 (2022-02-05)

Bug Fixes

• remove string template from client code (91d5acd)
• warn when singleRun and autoWatch are false (69cfc76)
• security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

• deps: bump log4js to resolve security issue (5bf2df3), closes #​3751

6.3.12 (2022-01-24)

Bug Fixes

• remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes

• deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes

• logger: create parent folders if they are missing (0d24bd9), closes #​3734

6.3.9 (2021-11-16)

Bug Fixes

• restartOnFileChange option not restarting the test run (92ffe60), closes #​27 #​3724

6.3.8 (2021-11-07)

Bug Fixes

• reporter: warning if stack trace contains generated code invocation (4f23b14)

6.3.7 (2021-11-01)

Bug Fixes

• middleware: replace %X_UA_COMPATIBLE% marker anywhere in the file (f1aeaec), closes #​3711

6.3.6 (2021-10-25)

Bug Fixes

• bump vulnerable ua-parser-js version (6f2b2ec), closes #​3713

6.3.5 (2021-10-20)

Bug Fixes

• client: prevent socket.io from hanging due to mocked clocks (#​3695) (105da90)

6.3.4 (2021-06-14)

Bug Fixes

• bump production dependencies within SemVer ranges (#​3682) (36467a8), closes #​3680

6.3.3 (2021-06-01)

Bug Fixes

• server: clean up vestigial code from proxy (#​3640) (f4aeac3), closes /tools.ietf.org/html/std66#section-3

6.3.2 (2021-03-29)

Bug Fixes

• fix running tests in IE9 (#​3668) (0055bc5), closes /github.com/karma-runner/karma/blob/026fff870913fb6cd2858dd962935dc74c92b725/client/main.js#L14 #​3665

6.3.1 (2021-03-24)

Bug Fixes

• client: clearContext after complete sent (#​3657) (c0962e3)

v6.3.19

Compare Source

Features

• support SRI verification of link tags (dc51a2e)
• support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

• prefer IPv4 addresses when resolving domains (e17698f), closes #​3730

6.3.19 (2022-04-19)

Bug Fixes

• client: error out when opening a new tab fails (099b85e)

6.3.18 (2022-04-13)

Bug Fixes

• deps: upgrade socket.io to v4.4.1 (52a30bb)

6.3.17 (2022-02-28)

Bug Fixes

• deps: update colors to maintained version (#​3763) (fca1884)

6.3.16 (2022-02-10)

Bug Fixes

• security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

• helper: make mkdirIfNotExists helper resilient to concurrent calls (d9dade2), closes /github.com/karma-runner/karma-coverage/issues/434#issuecomment-1017939333

6.3.14 (2022-02-05)

Bug Fixes

• remove string template from client code (91d5acd)
• warn when singleRun and autoWatch are false (69cfc76)
• security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

• deps: bump log4js to resolve security issue (5bf2df3), closes #​3751

6.3.12 (2022-01-24)

Bug Fixes

• remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes

• deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes

• logger: create parent folders if they are missing (0d24bd9), closes #​3734

6.3.9 (2021-11-16)

Bug Fixes

• restartOnFileChange option not restarting the test run (92ffe60), closes #​27 #​3724

6.3.8 (2021-11-07)

Bug Fixes

• reporter: warning if stack trace contains generated code invocation (4f23b14)

6.3.7 (2021-11-01)

Bug Fixes

• middleware: replace %X_UA_COMPATIBLE% marker anywhere in the file (f1aeaec), closes #​3711

6.3.6 (2021-10-25)

Bug Fixes

• bump vulnerable ua-parser-js version (6f2b2ec), closes #​3713

6.3.5 (2021-10-20)

Bug Fixes

• client: prevent socket.io from hanging due to mocked clocks (#​3695) (105da90)

6.3.4 (2021-06-14)

Bug Fixes

• bump production dependencies within SemVer ranges (#​3682) (36467a8), closes #​3680

6.3.3 (2021-06-01)

Bug Fixes

• server: clean up vestigial code from proxy (#​3640) (f4aeac3), closes /tools.ietf.org/html/std66#section-3

6.3.2 (2021-03-29)

Bug Fixes

• fix running tests in IE9 (#​3668) (0055bc5), closes /github.com/karma-runner/karma/blob/026fff870913fb6cd2858dd962935dc74c92b725/client/main.js#L14 #​3665

6.3.1 (2021-03-24)

Bug Fixes

• client: clearContext after complete sent (#​3657) (c0962e3)

v6.3.18

Compare Source

Features

• support SRI verification of link tags (dc51a2e)
• support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

• prefer IPv4 addresses when resolving domains (e17698f), closes #​3730

6.3.19 (2022-04-19)

Bug Fixes

• client: error out when opening a new tab fails (099b85e)

6.3.18 (2022-04-13)

Bug Fixes

• deps: upgrade socket.io to v4.4.1 (52a30bb)

6.3.17 (2022-02-28)

Bug Fixes

• deps: update colors to maintained version (#​3763) (fca1884)

6.3.16 (2022-02-10)

Bug Fixes

• security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

• helper: make mkdirIfNotExists helper resilient to concurrent calls (d9dade2), closes /github.com/karma-runner/karma-coverage/issues/434#issuecomment-1017939333

6.3.14 (2022-02-05)

Bug Fixes

• remove string template from client code (91d5acd)
• warn when singleRun and autoWatch are false (69cfc76)
• security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

• deps: bump log4js to resolve security issue (5bf2df3), closes #​3751

6.3.12 (2022-01-24)

Bug Fixes

• remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes

• deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes

• logger: create parent folders if they are missing (0d24bd9), closes #​3734

6.3.9 (2021-11-16)

Bug Fixes

• restartOnFileChange option not restarting the test run (92ffe60), closes #​27 #​3724

6.3.8 (2021-11-07)

Bug Fixes

• reporter: warning if stack trace contains generated code invocation (4f23b14)

6.3.7 (2021-11-01)

Bug Fixes

• middleware: replace %X_UA_COMPATIBLE% marker anywhere in the file (f1aeaec), closes #​3711

6.3.6 (2021-10-25)

Bug Fixes

• bump vulnerable ua-parser-js version (6f2b2ec), closes #​3713

6.3.5 (2021-10-20)

Bug Fixes

• client: prevent socket.io from hanging due to mocked clocks (#​3695) (105da90)

6.3.4 (2021-06-14)

Bug Fixes

• bump production dependencies within SemVer ranges (#​3682) (36467a8), closes #​3680

6.3.3 (2021-06-01)

Bug Fixes

• server: clean up vestigial code from proxy (#​3640) (f4aeac3), closes /tools.ietf.org/html/std66#section-3

6.3.2 (2021-03-29)

Bug Fixes

• fix running tests in IE9 (#​3668) (0055bc5), closes /github.com/karma-runner/karma/blob/026fff870913fb6cd2858dd962935dc74c92b725/client/main.js#L14 #​3665

6.3.1 (2021-03-24)

Bug Fixes

• client: clearContext after complete sent (#​3657) (c0962e3)

v6.3.17

Compare Source

Features

• support SRI verification of link tags (dc51a2e)
• support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

• prefer IPv4 addresses when resolving domains (e17698f), closes #​3730

6.3.19 (2022-04-19)

Bug Fixes

• client: error out when opening a new tab fails (099b85e)

6.3.18 (2022-04-13)

Bug Fixes

• deps: upgrade socket.io to v4.4.1 (52a30bb)

6.3.17 (2022-02-28)

Bug Fixes

• deps: update colors to maintained version (#​3763) (fca1884)

6.3.16 (2022-02-10)

Bug Fixes

• security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

• helper: make mkdirIfNotExists helper resilient to concurrent calls (d9dade2), closes /github.com/karma-runner/karma-coverage/issues/434#issuecomment-1017939333

6.3.14 (2022-02-05)

Bug Fixes

• remove string template from client code (91d5acd)
• warn when singleRun and autoWatch are false (69cfc76)
• security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

• deps: bump log4js to resolve security issue (5bf2df3), closes #​3751

6.3.12 (2022-01-24)

Bug Fixes

• remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes

• deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes

• logger: create parent folders if they are missing (0d24bd9), closes #​3734

6.3.9 (2021-11-16)

Bug Fixes

• restartOnFileChange option not restarting the test run (92ffe60), closes #​27 #​3724

6.3.8 (2021-11-07)

Bug Fixes

• reporter: warning if stack trace contains generated code invocation (4f23b14)

6.3.7 (2021-11-01)

Bug Fixes

• middleware: replace %X_UA_COMPATIBLE% marker anywhere in the file (f1aeaec), closes #​3711

6.3.6 (2021-10-25)

Bug Fixes

• bump vulnerable ua-parser-js version (6f2b2ec), closes #​3713

6.3.5 (2021-10-20)

Bug Fixes

• client: prevent socket.io from hanging due to mocked clocks (#​3695) (105da90)

6.3.4 (2021-06-14)

Bug Fixes

• bump production dependencies within SemVer ranges (#​3682) (36467a8), closes #​3680

6.3.3 (2021-06-01)

Bug Fixes

• server: clean up vestigial code from proxy (#​3640) (f4aeac3), closes /tools.ietf.org/html/std66#section-3

6.3.2 (2021-03-29)

Bug Fixes

• fix running tests in IE9 (#​3668) (0055bc5), closes /github.com/karma-runner/karma/blob/026fff870913fb6cd2858dd962935dc74c92b725/client/main.js#L14 #​3665

6.3.1 (2021-03-24)

Bug Fixes

• client: clearContext after complete sent (#​3657) (c0962e3)

v6.3.16

Compare Source

Features

• support SRI verification of link tags (dc51a2e)
• support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

• prefer IPv4 addresses when resolving domains (e17698f), closes #​3730

6.3.19 (2022-04-19)

Bug Fixes

• client: error out when opening a new tab fails (099b85e)

6.3.18 (2022-04-13)

Bug Fixes

• deps: upgrade socket.io to v4.4.1 (52a30bb)

6.3.17 (2022-02-28)

Bug Fixes

• deps: update colors to maintained version (#​3763) (fca1884)

6.3.16 (2022-02-10)

Bug Fixes

• security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

• helper: make mkdirIfNotExists helper resilient to concurrent calls (d9dade2), closes /github.com/karma-runner/karma-coverage/issues/434#issuecomment-1017939333

6.3.14 (2022-02-05)

Bug Fixes

• remove string template from client code (91d5acd)
• warn when singleRun and autoWatch are false (69cfc76)
• security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

• deps: bump log4js to resolve security issue (5bf2df3), closes #​3751

6.3.12 (2022-01-24)

Bug Fixes

• remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes

• deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes

• logger: create parent folders if they are missing (0d24bd9), closes #​3734

6.3.9 (2021-11-16)

Bug Fixes

• restartOnFileChange option not restarting the test run (92ffe60), closes #​27 #​3724

6.3.8 (2021-11-07)

Bug Fixes

• reporter: warning if stack trace contains generated code invocation (4f23b14)

6.3.7 (2021-11-01)

Bug Fixes

• middleware: replace %X_UA_COMPATIBLE% marker anywhere in the file (f1aeaec), closes #​3711

6.3.6 (2021-10-25)

Bug Fixes

• bump vulnerable ua-parser-js version (6f2b2ec), closes #​3713

6.3.5 (2021-10-20)

Bug Fixes

• client: prevent socket.io from hanging due to mocked clocks (#​3695) (105da90)

6.3.4 (2021-06-14)

Bug Fixes

• bump production dependencies within SemVer ranges (#​3682) (36467a8), closes #​3680

6.3.3 (2021-06-01)

Bug Fixes

• server: clean up vestigial code from proxy (#​3640) (f4aeac3), closes /tools.ietf.org/html/std66#section-3

6.3.2 (2021-03-29)

Bug Fixes

• fix running tests in IE9 (#​3668) (0055bc5), closes /github.com/karma-runner/karma/blob/026fff870913fb6cd2858dd962935dc74c92b725/client/main.js#L14 #​3665

6.3.1 (2021-03-24)

Bug Fixes

• client: clearContext after complete sent (#​3657) (c0962e3)

v6.3.15

Compare Source

Features

• support SRI verification of link tags (dc51a2e)
• support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

• prefer IPv4 addresses when resolving domains (e17698f), closes #​3730

6.3.19 (2022-04-19)

Bug Fixes

• client: error out when opening a new tab fails (099b85e)

6.3.18 (2022-04-13)

Bug Fixes

• deps: upgrade socket.io to v4.4.1 (52a30bb)

6.3.17 (2022-02-28)

Bug Fixes

• deps: update colors to maintained version (#​3763) (fca1884)

6.3.16 (2022-02-10)

Bug Fixes

• security: mitigate the "Open Redirect Vulnerability" (ff7edbb)

6.3.15 (2022-02-05)

Bug Fixes

• helper: make mkdirIfNotExists helper resilient to concurrent calls (d9dade2), closes /github.com/karma-runner/karma-coverage/issues/434#issuecomment-1017939333

6.3.14 (2022-02-05)

Bug Fixes

• remove string template from client code (91d5acd)
• warn when singleRun and autoWatch are false (69cfc76)
• security: remove XSS vulnerability in returnUrl query param (839578c)

6.3.13 (2022-01-31)

Bug Fixes

• deps: bump log4js to resolve security issue (5bf2df3), closes #​3751

6.3.12 (2022-01-24)

Bug Fixes

• remove depreciation warning from log4js (41bed33)

6.3.11 (2022-01-13)

Bug Fixes

• deps: pin colors package to 1.4.0 due to security vulnerability (a5219c5)

6.3.10 (2022-01-08)

Bug Fixes

• logger: create parent folders if they are missing (0d24bd9), closes #​3734

6.3.9 (2021-11-16)

Bug Fixes

• restartOnFileChange option not restarting the test run (92ffe60), closes #​27 #​3724

6.3.8 (2021-11-07)

Bug Fixes

• reporter: warning if stack trace contains generated code invocation (4f23b14)

6.3.7 (2021-11-01)

Bug Fixes

• middleware: replace %X_UA_COMPATIBLE% marker anywhere in the file (f1aeaec), closes #​3711

6.3.6 (2021-10-25)

Bug Fixes

• bump vulnerable ua-parser-js version (6f2b2ec), closes #​3713

6.3.5 (2021-10-20)

Bug Fixes

• client: prevent socket.io from hanging due to m

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

---

Note

Medium Risk
Updates the browser test runner stack (karma and its transitive deps like socket.io, engine.io, log4js) which can change test execution behavior and CI reliability, but does not affect runtime production code.

Overview
Upgrades the browser test runner dependency karma from ^3.0.0 to ^6.0.0.

This regenerates yarn.lock, bringing in the karma@6.4.4 dependency tree (notably newer socket.io/engine.io, log4js, chokidar, rimraf, tmp, etc.) and removing legacy transitive packages used by karma@3.

^{Reviewed by Cursor Bugbot for commit d455529. Bugbot is set up for automated code reviews on this repo. Configure here.}

[cypress-app-bot]

See the guidelines for reviewing dependency updates for info on how to review dependency update PRs.

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 8efe987. Configure here.}

[cursor]

Lockfile resolves lodash to unverified version 4.18.1

High Severity

The lockfile introduces a second lodash resolution where lodash@^4.17.21 (from karma v6) resolves to version 4.18.1, while all other lodash specifiers resolve to the well-known 4.17.21. Since 4.17.21 satisfies ^4.17.21, yarn should normally deduplicate to the same version. The existence of lodash@4.18.1 as a separate resolution is unexpected and this version needs verification, as 4.17.21 has long been the latest known v4 release. If this version is illegitimate, it could represent a supply chain risk.

 

^{Reviewed by Cursor Bugbot for commit 8efe987. Configure here.}