Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade testcafe from 1.8.4 to 2.6.1 #71

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade testcafe from 1.8.4 to 2.6.1 #71

wants to merge 1 commit into from

Conversation

amalsgit
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 718/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.5		 Prototype Pollution
SNYK-JS-TOUGHCOOKIE-5672873		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: testcafe The new version differs by 250 commits.
  • 5709f3c release: publish 2.6.1 (#7733)
  • 3c1f510 release: publish 2.6.1-rc.1 (#7728)
  • 394eea4 build: updated testcafe-browser-tools (#7720)
  • 5d7e57b fix: TestCafe Studio recorder stops working after a request hook is added (#7721)
  • 127dfc5 remove hack for the docker server tests (#7722)
  • 503e793 fix 'Error creating multiple test runnres at the same time' close (#7711) (#7717)
  • df43d42 attempt to fix missing requests (#7640) (#7712)
  • cb5c9ca remove dashboard related code (#7708)
  • f60b42a fix 'Incorrect browser alias is displayed while running Edge in headless mode' (close #7647) (#7705)
  • fba2da1 test: added xhr tests (#7702)
  • fb6e9e3 fix: Native automation - Do not generate a char for hotkey combinations (closes #7680) (#7690)
  • 1848dee github-actions: upgraded remote workflows (#7703)
  • 8502c5f fix: Native Automation - Support modifier keys for the hover action (closes #7676) (#7699)
  • 9808995 fix: fixed hanging in NA if url has hash (#7698)
  • 89479a2 build: change timeouts for remote tests (#7701)
  • 759aec5 fix serviceWorker with native automation (closes #7675) (#7689)
  • ddacc1c fix 'Unhandled promise rejection in NativeAutomationRequestHookEventProvider.onResponse' (#7692)
  • 51137f4 fix: removed test-functional-local-debug from workflow
  • e170477 remove dashboard integration wizard and tests for it. (#7682)
  • 8794674 Remove the '--experimental-debug' feature (#7681)
  • 1f9bf7d release: updated changelog (#7693)
  • 99c2228 release: publish 2.6.0 (#7685)
  • 8b4e141 release: publish 2.6.0-rc.1 (#7679)
  • 677874b update minimal and list reporters version (#7673)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@amalsgit @snyk-bot