Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(cve): update yargs to 16.1.1 to fix cve-2020-7774 in y18n #3578

Merged
merged 2 commits into from
Dec 14, 2020

Conversation

SymbioticKilla
Copy link
Contributor

Fixes: #3577

@google-cla
Copy link

google-cla bot commented Nov 26, 2020

Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please visit https://cla.developers.google.com/ to sign.

Once you've signed (or fixed any issues), please reply here with @googlebot I signed it! and we'll verify it.


What to do if you already signed the CLA

Individual signers
Corporate signers

ℹ️ Googlers: Go here for more info.

@AppVeyorBot
Copy link

Build karma 2784 completed (commit ac7b83ae50 by @)

@karmarunnerbot
Copy link
Member

Build karma 387 completed (commit ac7b83ae50 by @)

@karmarunnerbot
Copy link
Member

Build karma 386 completed (commit ac7b83ae50 by @)

@SymbioticKilla
Copy link
Contributor Author

@googlebot I signed it!

@google-cla
Copy link

google-cla bot commented Nov 26, 2020

We found a Contributor License Agreement for you (the sender of this pull request), but were unable to find agreements for all the commit author(s) or Co-authors. If you authored these, maybe you used a different email address in the git commits than was used to sign the CLA (login here to double check)? If these were authored by someone else, then they will need to sign a CLA as well, and confirm that they're okay with these being contributed to Google.
In order to pass this check, please resolve this problem and then comment @googlebot I fixed it.. If the bot doesn't comment, it means it doesn't think anything has changed.

ℹ️ Googlers: Go here for more info.

@SymbioticKilla
Copy link
Contributor Author

@googlebot I signed it!

@google-cla
Copy link

google-cla bot commented Nov 26, 2020

We found a Contributor License Agreement for you (the sender of this pull request), but were unable to find agreements for all the commit author(s) or Co-authors. If you authored these, maybe you used a different email address in the git commits than was used to sign the CLA (login here to double check)? If these were authored by someone else, then they will need to sign a CLA as well, and confirm that they're okay with these being contributed to Google.
In order to pass this check, please resolve this problem and then comment @googlebot I fixed it.. If the bot doesn't comment, it means it doesn't think anything has changed.

ℹ️ Googlers: Go here for more info.

@SymbioticKilla
Copy link
Contributor Author

@googlebot I signed it!

Copy link
Collaborator

@devoto13 devoto13 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All looks good 👍
Thank you for the contribution!

@jpavlic
Copy link

jpavlic commented Nov 30, 2020

Any chance this can be merged?

@SymbioticKilla
Copy link
Contributor Author

Merge conflicts fixed

@AppVeyorBot
Copy link

Build karma 2787 completed (commit 948f121df2 by @SymbioticKilla)

@karmarunnerbot
Copy link
Member

Build karma 390 completed (commit 948f121df2 by @SymbioticKilla)

@karmarunnerbot
Copy link
Member

Build karma 389 completed (commit 948f121df2 by @SymbioticKilla)

@johnjbarton johnjbarton merged commit 3fed0bc into karma-runner:master Dec 14, 2020
karmarunnerbot pushed a commit that referenced this pull request Jan 13, 2021
# [6.0.0](v5.2.3...v6.0.0) (2021-01-13)

### Bug Fixes

* **ci:** abandon browserstack tests for Safari and IE ([#3615](#3615)) ([04a811d](04a811d))
* **client:** do not reset karmaNavigating in unload handler ([#3591](#3591)) ([4a8178f](4a8178f)), closes [#3482](#3482)
* **context:** do not error when karma is navigating ([#3565](#3565)) ([05dc288](05dc288)), closes [#3560](#3560)
* **cve:** update ua-parser-js to 0.7.23 to fix CVE-2020-7793 ([#3584](#3584)) ([f819fa8](f819fa8))
* **cve:** update yargs to 16.1.1 to fix cve-2020-7774 in y18n ([#3578](#3578)) ([3fed0bc](3fed0bc)), closes [#3577](#3577)
* **deps:** bump socket-io to v3 ([#3586](#3586)) ([1b9e1de](1b9e1de)), closes [#3569](#3569)
* **middleware:** catch errors when loading a module ([#3605](#3605)) ([fec972f](fec972f)), closes [#3572](#3572)
* **server:** clean up close-server logic ([#3607](#3607)) ([3fca456](3fca456))
* **test:** clear up clearContext ([#3597](#3597)) ([8997b74](8997b74))
* **test:** mark all second connections reconnects ([#3598](#3598)) ([1c9c2de](1c9c2de))

### Features

* **cli:** error out on unexpected options or parameters ([#3589](#3589)) ([603bbc0](603bbc0))
* **client:** update banner with connection, test status, ping times ([#3611](#3611)) ([4bf90f7](4bf90f7))
* **server:** print stack of unhandledrejections ([#3593](#3593)) ([35a5842](35a5842))
* **server:** remove deprecated static methods ([#3595](#3595)) ([1a65bf1](1a65bf1))
* remove support for running dart code in the browser ([#3592](#3592)) ([7a3bd55](7a3bd55))

### BREAKING CHANGES

* **server:** Deprecated `require('karma').server.start()` and `require('karma').Server.start()` variants were removed from the public API. Instead use canonical form:

```
const { Server } = require('karma');
const server = new Server();
server.start();
```
* **cli:** Karma is more strict and will error out if unknown option or argument is passed to CLI.
* Using Karma to run Dart code in the browser is no longer supported. Use your favorite Dart-to-JS compiler instead.

`dart` file type has been removed without a replacement.

`customFileHandlers` DI token has been removed. Use [`middleware`](http://karma-runner.github.io/5.2/config/configuration-file.html#middleware) to achieve similar functionality.

`customScriptTypes` DI token has been removed. It had no effect, so no replacement is provided.
* **deps:** Some projects have socket.io tests that are version sensitive.
@karmarunnerbot
Copy link
Member

🎉 This PR is included in version 6.0.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

anthony-redFox pushed a commit to anthony-redFox/karma that referenced this pull request May 16, 2023
# [6.0.0](karma-runner/karma@v5.2.3...v6.0.0) (2021-01-13)

### Bug Fixes

* **ci:** abandon browserstack tests for Safari and IE ([karma-runner#3615](karma-runner#3615)) ([04a811d](karma-runner@04a811d))
* **client:** do not reset karmaNavigating in unload handler ([karma-runner#3591](karma-runner#3591)) ([4a8178f](karma-runner@4a8178f)), closes [karma-runner#3482](karma-runner#3482)
* **context:** do not error when karma is navigating ([karma-runner#3565](karma-runner#3565)) ([05dc288](karma-runner@05dc288)), closes [karma-runner#3560](karma-runner#3560)
* **cve:** update ua-parser-js to 0.7.23 to fix CVE-2020-7793 ([karma-runner#3584](karma-runner#3584)) ([f819fa8](karma-runner@f819fa8))
* **cve:** update yargs to 16.1.1 to fix cve-2020-7774 in y18n ([karma-runner#3578](karma-runner#3578)) ([3fed0bc](karma-runner@3fed0bc)), closes [karma-runner#3577](karma-runner#3577)
* **deps:** bump socket-io to v3 ([karma-runner#3586](karma-runner#3586)) ([1b9e1de](karma-runner@1b9e1de)), closes [karma-runner#3569](karma-runner#3569)
* **middleware:** catch errors when loading a module ([karma-runner#3605](karma-runner#3605)) ([fec972f](karma-runner@fec972f)), closes [karma-runner#3572](karma-runner#3572)
* **server:** clean up close-server logic ([karma-runner#3607](karma-runner#3607)) ([3fca456](karma-runner@3fca456))
* **test:** clear up clearContext ([karma-runner#3597](karma-runner#3597)) ([8997b74](karma-runner@8997b74))
* **test:** mark all second connections reconnects ([karma-runner#3598](karma-runner#3598)) ([1c9c2de](karma-runner@1c9c2de))

### Features

* **cli:** error out on unexpected options or parameters ([karma-runner#3589](karma-runner#3589)) ([603bbc0](karma-runner@603bbc0))
* **client:** update banner with connection, test status, ping times ([karma-runner#3611](karma-runner#3611)) ([4bf90f7](karma-runner@4bf90f7))
* **server:** print stack of unhandledrejections ([karma-runner#3593](karma-runner#3593)) ([35a5842](karma-runner@35a5842))
* **server:** remove deprecated static methods ([karma-runner#3595](karma-runner#3595)) ([1a65bf1](karma-runner@1a65bf1))
* remove support for running dart code in the browser ([karma-runner#3592](karma-runner#3592)) ([7a3bd55](karma-runner@7a3bd55))

### BREAKING CHANGES

* **server:** Deprecated `require('karma').server.start()` and `require('karma').Server.start()` variants were removed from the public API. Instead use canonical form:

```
const { Server } = require('karma');
const server = new Server();
server.start();
```
* **cli:** Karma is more strict and will error out if unknown option or argument is passed to CLI.
* Using Karma to run Dart code in the browser is no longer supported. Use your favorite Dart-to-JS compiler instead.

`dart` file type has been removed without a replacement.

`customFileHandlers` DI token has been removed. Use [`middleware`](http://karma-runner.github.io/5.2/config/configuration-file.html#middleware) to achieve similar functionality.

`customScriptTypes` DI token has been removed. It had no effect, so no replacement is provided.
* **deps:** Some projects have socket.io tests that are version sensitive.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Security issue: Please update yargs to 16.1.1 to fix CVE in y18n
6 participants