Karma version 6.3.8 represents a minor update to the popular JavaScript test runner, building upon the foundation laid by version 6.3.7. While both versions share the same core dependencies vital for functionality, such as di, glob, socket.io, and lodash, the key distinction lies in the development dependencies employed for building and maintaining the Karma project itself.
Specifically, version 6.3.8 replaces @commitlint/config-conventional with @commitlint/config-angular. This indicates a shift in the commit message linting strategy, where the project likely migrated from conventional commits to the Angular commit style, possibly to enforce a stricter or more structured commit history. One notable difference is the removal of husky from the devDependencies in version 6.3.8. husky is a tool commonly used to run Git hooks, such as linting or testing before commits. Removing it suggests a potential change in the project's development workflow, possibly opting for alternative methods of enforcing code quality checks.
For developers using Karma, this update primarily affects those contributing to the Karma project itself. End-users employing Karma for testing their JavaScript code are unlikely to experience significant behavioral changes between these two minor versions. The underlying testing functionality and core APIs remain consistent, ensuring a smooth transition for existing Karma users. The change in commit linting strategy is helpful for contributors by standardizing the way commits are structured, it helps in automating tasks like generating changelogs and understanding the project's evolution.
All the vulnerabilities related to the version 6.3.8 of the package
Cross-site Scripting in karma
karma prior to version 6.3.14 contains a cross-site scripting vulnerability.
Open redirect in karma
Karma before 6.3.16 is vulnerable to Open Redirect due to missing validation of the return_url query parameter.
