Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

a high severity vulnerability introduced in selenium-cucumber-js #112

Open
ayaka-kms opened this issue Aug 24, 2021 · 2 comments
Open

a high severity vulnerability introduced in selenium-cucumber-js #112

ayaka-kms opened this issue Aug 24, 2021 · 2 comments

Comments

@ayaka-kms
Copy link

ayaka-kms commented Aug 24, 2021
edited
Loading

Hi, a vulnerability https://www.npmjs.com/advisories/1464 is introduced in selenium-cucumber-js via:
[email protected][email protected][email protected][email protected][email protected]

phantomjs-prebuilt is a legacy package. It has not been maintained for about 3 years, and is not likely to be updated.
Is it possible to migrate phantomjs-prebuilt to other package to remediate this vulnerability?

I noticed several migration records for phantomjs-prebuilt in other js repos, such as

  1. in backstopjs, version 3.8.9 ➔ 3.9.0, remove phantomjs-prebuilt via commit
  2. in aegir, version 8.1.2 ➔ 9.0.0, remove phantomjs-prebuilt via commit

Are there any efforts planned that would remediate this vulnerability or migrate phantomjs-prebuilt?

Thanks
; )
@john-doherty
Copy link
Owner

Nothing planned, but happy to accept a PR :)

@Potherca
Copy link

I think that PR is #108 ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Potherca @john-doherty @ayaka-kms