Bump tmp and karma

[dependabot]

Bumps tmp and karma. These dependencies needed to be updated together.
Updates tmp from 0.0.33 to 0.2.4

Changelog

Sourced from tmp's changelog.

v0.2.2 (2024-02-28)

🐛 Bug Fix

• #278 Closes #268: Revert "fix #246: remove any double quotes or single quotes… (@​mbargiel)

📝 Documentation

• #279 Closes #266: move paragraph on graceful cleanup to the head of the documentation (@​silkentrance)

Committers: 5

• Carsten Klein (@​silkentrance)
• Dave Nicolson (@​dnicolson)
• KARASZI István (@​raszi)
• Maxime Bargiel (@​mbargiel)
• @​robertoaceves

v0.2.1 (2020-04-28)

🚀 Enhancement

• #252 Closes #250: introduce tmpdir option for overriding the system tmp dir (@​silkentrance)

🏠 Internal

• #253 Closes #191: generate changelog from pull requests using lerna-changelog (@​silkentrance)

Committers: 1

• Carsten Klein (@​silkentrance)

v0.2.0 (2020-04-25)

🚀 Enhancement

• #234 feat: stabilize tmp for v0.2.0 release (@​silkentrance)

🐛 Bug Fix

• #231 Closes #230: regression after fix for #197 (@​silkentrance)
• #220 Closes #197: return sync callback when using the sync interface, otherwise return the async callback (@​silkentrance)
• #193 Closes #192: tmp must not exit the process on its own (@​silkentrance)

📝 Documentation

• #221 Gh 206 document name option (@​silkentrance)

🏠 Internal

• #226 Closes #212: enable direct name option test (@​silkentrance)
• #225 Closes #211: existing tests must clean up after themselves (@​silkentrance)
• #224 Closes #217: name tests must use tmpName (@​silkentrance)
• #223 Closes #214: refactor tests and lib (@​silkentrance)
• #198 Update dependencies to latest versions (@​matsev)

... (truncated)

Commits

• 08fa3ab Update version
• 1cf4ec5 Merge commit from fork
• 188b25e Fix GHSA-52f5-9888-hmc6
• 73b9fe4 Add test case for GHSA-52f5-9888-hmc6
• b8e2f29 Remove broken tests
• 2892a02 Remove outdated URL
• f592318 Reformat package.json
• 995ac8c Merge pull request #301 from raszi/dependabot/npm_and_yarn/braces-3.0.3
• caa758d Bump braces from 3.0.2 to 3.0.3
• 5f0b252 Merge pull request #297 from raszi/feat/release-v0.2.3
• Additional commits viewable in compare view

Updates karma from 3.1.4 to 6.4.4

Release notes

Sourced from karma's releases.

v6.4.4

6.4.4 (2024-07-29)

v6.4.3

6.4.3 (2024-02-24)

Bug Fixes

• add build commits for patch release (d7f2d69)

v6.4.2

6.4.2 (2023-04-21)

Bug Fixes

• few typos (c6a4271)

v6.4.1

6.4.1 (2022-09-19)

Bug Fixes

• pass integrity value (63d86be)

v6.4.0

6.4.0 (2022-06-14)

Features

• support SRI verification of link tags (dc51a2e)
• support SRI verification of script tags (6a54b1c)

v6.3.20

6.3.20 (2022-05-13)

Bug Fixes

• prefer IPv4 addresses when resolving domains (e17698f), closes #3730

v6.3.19

6.3.19 (2022-04-19)

Bug Fixes

... (truncated)

Changelog

Sourced from karma's changelog.

6.4.4 (2024-07-29)

6.4.3 (2024-02-24)

Bug Fixes

• add build commits for patch release (d7f2d69)

6.4.2 (2023-04-21)

Bug Fixes

• few typos (c6a4271)

6.4.1 (2022-09-19)

Bug Fixes

• pass integrity value (63d86be)

6.4.0 (2022-06-14)

Features

• support SRI verification of link tags (dc51a2e)
• support SRI verification of script tags (6a54b1c)

6.3.20 (2022-05-13)

Bug Fixes

• prefer IPv4 addresses when resolving domains (e17698f), closes #3730

6.3.19 (2022-04-19)

Bug Fixes

• client: error out when opening a new tab fails (099b85e)

6.3.18 (2022-04-13)

Bug Fixes

... (truncated)

Commits

• 84f85e7 chore(release): 6.4.4 [skip ci]
• a4d1284 build(deps-dev): bump ws from 6.2.1 to 6.2.3
• d8cf806 chore(release): 6.4.3 [skip ci]
• d7f2d69 fix: add build commits for patch release
• 85a2eeb build(deps-dev): bump decode-uri-component from 0.2.0 to 0.2.2
• 0bffce2 build(deps): updated socket.io version to fix security issues with socket.io-...
• 86667ab build(deps): bump follow-redirects from 1.11.0 to 1.15.4
• 450fdfd docs: Add deprecation notice to Karma README
• 9de3c00 chore(release): 6.4.2 [skip ci]
• c6a4271 fix: few typos
• Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
karma	[>= 6.a, < 7]
karma	[> 3.1.4]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	jsonwebtoken@​8.5.1
	karma-sourcemap-loader@​0.3.8
	karma-mocha-reporter@​2.2.5
	karma-chai@​0.1.0
	js-beautify@​1.8.8
	karma-chrome-launcher@​3.1.0
	karma-webpack@​5.0.0
	karma-mocha@​2.0.1
	karma@​6.4.4
	json-loader@​0.5.7

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		[email protected] has a Critical CVE. CVE: GHSA-xvch-5gv4-984h Prototype Pollution in minimist (CRITICAL) Affected versions: >= 1.0.0 < 1.2.6; < 0.2.4 Patched version: 1.2.6 From: package-lock.json → npm/[email protected] → npm/[email protected] ℹ Read more on: This package | This alert | What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.