Security vulnerability related to log4js #3751
Labels
Comments
devoto13
added a commit
to devoto13/karma
that referenced
this issue
Jan 24, 2022
|
@devoto13 When will you publish the patch version to the npm registry? |
jginsburgn
pushed a commit
that referenced
this issue
Jan 31, 2022
karmarunnerbot
pushed a commit
that referenced
this issue
Jan 31, 2022
## [6.3.13](v6.3.12...v6.3.13) (2022-01-31) ### Bug Fixes * **deps:** bump log4js to resolve security issue ([5bf2df3](5bf2df3)), closes [#3751](#3751)
|
🎉 This issue has been resolved in version 6.3.13 🎉 The release is available on: Your semantic-release bot 📦🚀 |
This was referenced Mar 1, 2022
crapStone
pushed a commit
to Calciumdibromid/CaBr2
that referenced
this issue
Jun 17, 2022
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [karma](https://karma-runner.github.io/) ([source](https://github.com/karma-runner/karma)) | devDependencies | minor | [`6.3.20` -> `6.4.0`](https://renovatebot.com/diffs/npm/karma/6.3.20/6.4.0) | --- ### Release Notes <details> <summary>karma-runner/karma</summary> ### [`v6.4.0`](https://github.com/karma-runner/karma/blob/HEAD/CHANGELOG.md#​640-httpsgithubcomkarma-runnerkarmacomparev6320v640-2022-06-14) [Compare Source](karma-runner/karma@v6.3.20...v6.4.0) ##### Features - support SRI verification of link tags ([dc51a2e](karma-runner/karma@dc51a2e)) - support SRI verification of script tags ([6a54b1c](karma-runner/karma@6a54b1c)) #### [6.3.20](karma-runner/karma@v6.3.19...v6.3.20) (2022-05-13) ##### Bug Fixes - prefer IPv4 addresses when resolving domains ([e17698f](karma-runner/karma@e17698f)), closes [#​3730](karma-runner/karma#3730) #### [6.3.19](karma-runner/karma@v6.3.18...v6.3.19) (2022-04-19) ##### Bug Fixes - **client:** error out when opening a new tab fails ([099b85e](karma-runner/karma@099b85e)) #### [6.3.18](karma-runner/karma@v6.3.17...v6.3.18) (2022-04-13) ##### Bug Fixes - **deps:** upgrade socket.io to v4.4.1 ([52a30bb](karma-runner/karma@52a30bb)) #### [6.3.17](karma-runner/karma@v6.3.16...v6.3.17) (2022-02-28) ##### Bug Fixes - **deps:** update colors to maintained version ([#​3763](karma-runner/karma#3763)) ([fca1884](karma-runner/karma@fca1884)) #### [6.3.16](karma-runner/karma@v6.3.15...v6.3.16) (2022-02-10) ##### Bug Fixes - **security:** mitigate the "Open Redirect Vulnerability" ([ff7edbb](karma-runner/karma@ff7edbb)) #### [6.3.15](karma-runner/karma@v6.3.14...v6.3.15) (2022-02-05) ##### Bug Fixes - **helper:** make mkdirIfNotExists helper resilient to concurrent calls ([d9dade2](karma-runner/karma@d9dade2)), closes [/github.com/karma-runner/karma-coverage/issues/434#issuecomment-1017939333](https://github.com//github.com/karma-runner/karma-coverage/issues/434/issues/issuecomment-1017939333) #### [6.3.14](karma-runner/karma@v6.3.13...v6.3.14) (2022-02-05) ##### Bug Fixes - remove string template from client code ([91d5acd](karma-runner/karma@91d5acd)) - warn when `singleRun` and `autoWatch` are `false` ([69cfc76](karma-runner/karma@69cfc76)) - **security:** remove XSS vulnerability in `returnUrl` query param ([839578c](karma-runner/karma@839578c)) #### [6.3.13](karma-runner/karma@v6.3.12...v6.3.13) (2022-01-31) ##### Bug Fixes - **deps:** bump log4js to resolve security issue ([5bf2df3](karma-runner/karma@5bf2df3)), closes [#​3751](karma-runner/karma#3751) #### [6.3.12](karma-runner/karma@v6.3.11...v6.3.12) (2022-01-24) ##### Bug Fixes - remove depreciation warning from log4js ([41bed33](karma-runner/karma@41bed33)) #### [6.3.11](karma-runner/karma@v6.3.10...v6.3.11) (2022-01-13) ##### Bug Fixes - **deps:** pin colors package to 1.4.0 due to security vulnerability ([a5219c5](karma-runner/karma@a5219c5)) #### [6.3.10](karma-runner/karma@v6.3.9...v6.3.10) (2022-01-08) ##### Bug Fixes - **logger:** create parent folders if they are missing ([0d24bd9](karma-runner/karma@0d24bd9)), closes [#​3734](karma-runner/karma#3734) #### [6.3.9](karma-runner/karma@v6.3.8...v6.3.9) (2021-11-16) ##### Bug Fixes - restartOnFileChange option not restarting the test run ([92ffe60](karma-runner/karma@92ffe60)), closes [#​27](karma-runner/karma#27) [#​3724](karma-runner/karma#3724) #### [6.3.8](karma-runner/karma@v6.3.7...v6.3.8) (2021-11-07) ##### Bug Fixes - **reporter:** warning if stack trace contains generated code invocation ([4f23b14](karma-runner/karma@4f23b14)) #### [6.3.7](karma-runner/karma@v6.3.6...v6.3.7) (2021-11-01) ##### Bug Fixes - **middleware:** replace %X_UA_COMPATIBLE% marker anywhere in the file ([f1aeaec](karma-runner/karma@f1aeaec)), closes [#​3711](karma-runner/karma#3711) #### [6.3.6](karma-runner/karma@v6.3.5...v6.3.6) (2021-10-25) ##### Bug Fixes - bump vulnerable ua-parser-js version ([6f2b2ec](karma-runner/karma@6f2b2ec)), closes [#​3713](karma-runner/karma#3713) #### [6.3.5](karma-runner/karma@v6.3.4...v6.3.5) (2021-10-20) ##### Bug Fixes - **client:** prevent socket.io from hanging due to mocked clocks ([#​3695](karma-runner/karma#3695)) ([105da90](karma-runner/karma@105da90)) #### [6.3.4](karma-runner/karma@v6.3.3...v6.3.4) (2021-06-14) ##### Bug Fixes - bump production dependencies within SemVer ranges ([#​3682](karma-runner/karma#3682)) ([36467a8](karma-runner/karma@36467a8)), closes [#​3680](karma-runner/karma#3680) #### [6.3.3](karma-runner/karma@v6.3.2...v6.3.3) (2021-06-01) ##### Bug Fixes - **server:** clean up vestigial code from proxy ([#​3640](karma-runner/karma#3640)) ([f4aeac3](karma-runner/karma@f4aeac3)), closes [/tools.ietf.org/html/std66#section-3](https://github.com//tools.ietf.org/html/std66/issues/section-3) #### [6.3.2](karma-runner/karma@v6.3.1...v6.3.2) (2021-03-29) ##### Bug Fixes - fix running tests in IE9 ([#​3668](karma-runner/karma#3668)) ([0055bc5](karma-runner/karma@0055bc5)), closes [/github.com/karma-runner/karma/blob/026fff870913fb6cd2858dd962935dc74c92b725/client/main.js#L14](https://github.com//github.com/karma-runner/karma/blob/026fff870913fb6cd2858dd962935dc74c92b725/client/main.js/issues/L14) [#​3665](karma-runner/karma#3665) #### [6.3.1](karma-runner/karma@v6.3.0...v6.3.1) (2021-03-24) ##### Bug Fixes - **client:** clearContext after complete sent ([#​3657](karma-runner/karma#3657)) ([c0962e3](karma-runner/karma@c0962e3)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, click this checkbox. --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Co-authored-by: cabr2-bot <[email protected]> Reviewed-on: https://codeberg.org/Calciumdibromid/CaBr2/pulls/1412 Reviewed-by: Epsilon_02 <[email protected]> Co-authored-by: Calciumdibromid Bot <[email protected]> Co-committed-by: Calciumdibromid Bot <[email protected]>
anthony-redFox
pushed a commit
to anthony-redFox/karma
that referenced
this issue
May 16, 2023
anthony-redFox
pushed a commit
to anthony-redFox/karma
that referenced
this issue
May 16, 2023
## [6.3.13](karma-runner/karma@v6.3.12...v6.3.13) (2022-01-31) ### Bug Fixes * **deps:** bump log4js to resolve security issue ([5bf2df3](karma-runner@5bf2df3)), closes [karma-runner#3751](karma-runner#3751)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
There's a new security issue related to log4js (GHSA-82v2-mx6x-wq7q) and I was wondering if there were any plans to upgrade the log4js version to address this issue?
The text was updated successfully, but these errors were encountered: