-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Prototype Pollution vulnerability through outdated yargs package #5431
Labels
Comments
alan-agius4
added a commit
that referenced
this issue
May 7, 2020
BREAKING CHANGE: Node.Js version 6 and 8 are no longer supported. Please update to Node.Js 10+ Closes #5431
alan-agius4
added a commit
to alan-agius4/protractor
that referenced
this issue
May 7, 2020
BREAKING CHANGE: Node.Js version 6 and 8 are no longer supported. Please update to Node.Js 10+ Closes angular#5431
alan-agius4
added a commit
to alan-agius4/protractor
that referenced
this issue
May 7, 2020
BREAKING CHANGE: Node.Js version 6 and 8 are no longer supported. Please update to Node.Js 10+ Closes angular#5431
alan-agius4
added a commit
to alan-agius4/protractor
that referenced
this issue
May 7, 2020
BREAKING CHANGE: Node.Js version 6 and 8 are no longer supported. Please update to Node.Js 10+ Closes angular#5431
kyliau
pushed a commit
that referenced
this issue
May 8, 2020
BREAKING CHANGE: Node.Js version 6 and 8 are no longer supported. Please update to Node.Js 10+ Closes #5431
Closed via #5432 We’ll cut a release next week. |
@alan-agius4 is this going to be released as |
@pittgoose, the fix is available in version 7.0.0. Essentially the differences between v5 and v7 are;
|
@alan-agius4 @kyliau Any plan to release Selenium4 compatible version of Protractor in near future? I saw a comment on #5436 which says |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi there!
Bug report
12.14.1
5.4.4
1.7.9
N/A
macOS 10.15.4
Protractor 5.4.4 has a dependency of "yargs", ^12.0.5.
The newest "yargs" that satisfies this dependency is 12.0.5. (The latest being 15.3.1)
"yargs" in turn has a dependency of "yargs-parser", ^11.1.1.
The newest "yargs-parser" that satisfies this dependency is 11.1.1 (the latest being 18.1.3).
This version of yargs parser has a low severity security issue, "Prototype pollution", referring to https://npmjs.com/advisories/1500 .
The text was updated successfully, but these errors were encountered: