fix(deps): update all dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
dbt-snowflake (changelog)	==1.11.3 → ==1.11.4				patch
docker/login-action	v4.0.0 → v4.1.0			action	minor
sigstore/cosign-installer	v4.1.0 → v4.1.1			action	patch
io.karatelabs:karate-core	1.5.2 → 2.0.2			dependencies	major

---

Release Notes

docker/login-action (docker/login-action)

v4.1.0

Compare Source

• Fix scoped Docker Hub cleanup path when registry is omitted by @​crazy-max in #​945
• Bump @​aws-sdk/client-ecr and @​aws-sdk/client-ecr-public to 3.1020.0 in #​930
• Bump @​docker/actions-toolkit from 0.77.0 to 0.86.0 in #​932 #​936
• Bump brace-expansion from 1.1.12 to 1.1.13 in #​952
• Bump fast-xml-parser from 5.3.4 to 5.3.6 in #​942
• Bump flatted from 3.3.3 to 3.4.2 in #​944
• Bump glob from 10.3.12 to 10.5.0 in #​940
• Bump handlebars from 4.7.8 to 4.7.9 in #​949
• Bump http-proxy-agent and https-proxy-agent to 8.0.0 in #​937
• Bump lodash from 4.17.23 to 4.18.1 in #​958
• Bump minimatch from 3.1.2 to 3.1.5 in #​941
• Bump picomatch from 4.0.3 to 4.0.4 in #​948
• Bump undici from 6.23.0 to 6.24.1 in #​938

Full Changelog: docker/login-action@v4.0.0...v4.1.0

sigstore/cosign-installer (sigstore/cosign-installer)

v4.1.1

Compare Source

What's Changed

• chore: update default cosign-release to v3.0.5 in #​223

Full Changelog: sigstore/cosign-installer@v4.1.0...v4.1.1

karatelabs/karate (io.karatelabs:karate-core)

v2.0.2

Important Fixes

• Cookie values with special characters now correctly quoted per RFC 6265 #​2779
• Embedded expressions (#()) in JSON files now resolved after read() #​2778
• Fixed 0 == null returning true — ES6 compliance for equality and match with parens #​2777
• print, karate.log(), and HTTP logs now appear in console output and in called features in HTML reports #​2776 #​2774
• Docstring with @ sign no longer breaks Scenario Outline parsing #​2775
• Tag filter on Examples blocks no longer skips entire Scenario Outline #​2773
• Fixed flaky browser frame test by handling Page.frameDetached and pruning stale frames

View complete list of all issues fixed in this release.

Full Changelog: karatelabs/karate@v2.0.1...v2.0.2

Important: refer 2.0.0 release notes for those upgrading from 1.X

Artifacts

• Maven artifacts
• Standalone JAR (download below)
• CVE / SBOM report (download below)

v2.0.1

Important: 2.0.2 is available.

Important Fixes

• HTML / JSON reports don't include ANSI codes any more
• UI / driver testing issues and v1 compatibility fixed
• Java interop edge cases / varargs / v1 compatibility
• Dependencies upgraded / CVE resolutions

View complete list of all issues fixed in this release.

Full Changelog: karatelabs/karate@v2.0.0...v2.0.1

Important: refer 2.0.0 release notes for those upgrading from 1.X

Artifacts

• Maven artifacts
• Standalone JAR (download below)
• CVE / SBOM report (download below)

v2.0.0

Karate 2.0.0

Important: 2.0.2 is available.

The first major release of Karate v2 — a ground-up rewrite of the test automation framework, built on Java 21+ virtual threads with a custom JavaScript engine.

Highlights

• Custom JS Engine — embedded JavaScript engine (karate-js) replaces GraalJS. Minimal external dependencies, faster startup, native Java interop
• Virtual Threads — parallel test execution on Java 21+ virtual threads. No thread pool tuning needed
• W3C WebDriver — full cross-browser support for Chrome, Firefox, Safari, and Edge alongside the existing CDP driver
• Browser Pooling — automatic browser instance reuse across parallel scenarios via PooledDriverProvider
• Karate CLI — single binary launcher, no Maven or Gradle required. Install from VS Code with one click:

• Rewritten CDP Driver — auto-wait, Shadow DOM support, smarter element location
• Gatling Integration — Java-only DSL for load testing (karateProtocol(), karateFeature())
• Interactive HTML Reports — Alpine.js dashboard with timeline view, tag filtering, and nested call display
• Declarative Auth — configure auth for Basic, Bearer, and OAuth2 with automatic token refresh
• Soft Assertions — All JSON errors collected instead of first assertion failure. continueOnStepFailure mode for features
• Built-in Utilities — karate.faker.* for test data, karate.expect() for Chai-style assertions

Documentation

• Migration Guide (v1 → v2)
• What's New in v2
• Install & Get Started
• Browser Automation (CDP + WebDriver)
• Design Principles
• VS Code Extension
• IntelliJ Plugin
• Karate CLI / Universal Installer

Breaking Changes

See the Migration Guide for details.

Artifacts Released

• Maven artifacts
• Standalone JAR (download below)
• CVE / SBOM report (download below)

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • Between 12:00 AM and 04:59 AM, Monday through Friday (* 0-4 * * 1-5)
• Automerge
  • Between 06:00 AM and 09:59 AM, Monday through Friday (* 6-9 * * 1-5)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.