selenium-cucumber-js icon indicating copy to clipboard operation
selenium-cucumber-js copied to clipboard

Published 20 hours ago verified publisher icon john-doherty

a high severity vulnerability introduced in selenium-cucumber-js

Open ayaka-kms opened this issue 4 years ago • 2 comments
trafficstars

Hi, a vulnerability https://www.npmjs.com/advisories/1464 is introduced in selenium-cucumber-js via: ● [email protected][email protected][email protected][email protected][email protected]

phantomjs-prebuilt is a legacy package. It has not been maintained for about 3 years, and is not likely to be updated. Is it possible to migrate phantomjs-prebuilt to other package to remediate this vulnerability?

I noticed several migration records for phantomjs-prebuilt in other js repos, such as

  1. in backstopjs, version 3.8.9 ➔ 3.9.0, remove phantomjs-prebuilt via commit
  2. in aegir, version 8.1.2 ➔ 9.0.0, remove phantomjs-prebuilt via commit

Are there any efforts planned that would remediate this vulnerability or migrate phantomjs-prebuilt?

Thanks ; )

ayaka-kms avatar Aug 24 '21 14:08 ayaka-kms

Nothing planned, but happy to accept a PR :)

john-doherty avatar Sep 14 '22 19:09 john-doherty