Bump io.karatelabs:karate-core from 2.0.5 to 2.1.0 in /example-karate

[dependabot]

Bumps io.karatelabs:karate-core from 2.0.5 to 2.1.0.

Release notes

Sourced from io.karatelabs:karate-core's releases.

v2.1.0

⚠️ Breaking Changes

• Mock servers no longer evaluate untrusted request data as code by default. Java interop (Java.type) and embedded-expression evaluation of request-derived data (request, requestHeaders, requestParams) are now off by default for mocks, closing a remote-code-execution risk. A mock that uses Java interop or templates off request content must opt in — add configure javaBridgeEnabled = true and/or configure requestExpressionsEnabled = true to the mock Background (or set .javaBridgeEnabled(true) / .requestExpressionsEnabled(true) on MockServer.Builder). #2927

Important Fixes

• match through a null/undefined/absent intermediate path degrades to #notpresent and never resolves a same-named variable in scope (e.g. a Scenario-Outline Examples column) #2926 #2906
• #notpresent works across multiple Examples columns on absent paths #2924
• Gatling simulations auto-read -Dkarate.env / KARATE_ENV again #2925
• <column> expansion of an object column in a dynamic Scenario Outline #2921
• schema cross-references resolve when loaded via call read() #2919
• configure headers/cookies mutations to the source object are reflected per-request #2918
• get with a JsonPath filter [?(@.field=='value')] no longer returns null #2916
• call read('file.js')(args) immediately-invoked JS parses correctly #2915
• JS-driven feature calls (karate.call) appear in the report and summary #2914
• #(variable) in an Examples table no longer throws ReferenceError when the called feature uses callSingle #2913
• @setup scenario can be called by tag / manually #2908
• HTML report pass% (donut) reconciled with the totals row when scenarios are skipped #2907
• __arg is defined for called scenarios and top-level runFeature(path, arg) #2905
• bytes datatype keyword wired up #2904
• per-Engine isolation of built-in constructors and prototypes #2920
• browser driver: re-arm OOPIF auto-attach across pooled-driver reuse and CDP session switches #2922
• afterScenario hook runs before driver/channel teardown #2923

New Features & Enhancements

• console logging can be fully silenced — new off / none levels #2917
• author-set __id for stable scenario identity, plus karate.scenario.slug
• request.bodyJson convenience accessor
• HTML report KPI summary-card hook; scenarios show effective (inherited) tags
• karate.getConfigDir() exposes the resolved karate-config.js directory
• dry-run reports steps as skipped (not passed)

View the complete list of all issues fixed in this release.

Full Changelog: karatelabs/karate@v2.0.10...v2.1.0

Important: refer 2.0.0 release notes for those upgrading from 1.X

Artifacts

• Maven artifacts
• Standalone JAR (download below)
• CVE / SBOM report (download below)

v2.0.10

Important Fixes

• screenshotOnFailure: true works again; added onStepFailure hook + ErrorRunEvent #2845
• configure headers no longer leaks Background-set headers across requests #2846
• Type-hint ! with an angle-bracket type in a doc-string no longer throws an NPE #2847
• call read('f.feature') { key: #(var) } no longer throws ReferenceError: # is not defined #2849
• startTime / endTime in the report JSON are correct again #2850
• Java.type() resolves classes on the JUnit Platform classpath (--cp) again #2855

... (truncated)

Commits

• 6e059fb release 2.1.0 [no ci]
• cf08d78 docs(release): add Breaking Changes section to the release-notes template [no...
• dc68780 fix(gatling): auto-apply -Dkarate.env (and KARATE_ENV) in the single-feature ...
• 0ce5d70 fix(js): property access on null/undefined must not fall back to a scope vari...
• 7a5c7e1 test(mock): use karate.uuid() in multi-account mock so it needs no Java bridge
• 8234d51 fix(mock): treat request data as untrusted — disable Java interop and request...
• dff6820 feat(js): surface uncaught throw from a host JavaCallable.call as EngineExcep...
• ca6c9ad fix(driver): event-driven main-frame context readiness (replace polling duct ...
• 95e50a8 fix(core): splice dynamic outline object columns as JSON, not Map.toString()
• 1289eb3 test(core): guard cross-referenced schemas loaded via call read; DRY config m...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.