[Snyk] Security upgrade protractor from 4.0.11 to 5.1.0

[ekmixon]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • components/automate-workflow-web/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	584/1000 Why? Has a fix available, CVSS 7.4	Directory Traversal SNYK-JS-ADMZIP-1065796	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: protractor

The new version differs by 124 commits.

• 1468c50 chore(release): version bump and update changelog for 5.1 (Status fixes and support for status failed in ingestion chef/automate#4046)
• f9bee84 fix(restart): preserve waitForAngularEnabled on restart and add promise chaining (Service Group Lifecycle Settings doc update chef/automate#4047)
• 5899b67 deps(update): update webdriver-manager to ^12.0.1 (Enable Content with Credentials chef/automate#4042)
• c021595 chore(spec): cast away typescript error message (token details: state toggling after save leads to surprising "all changes saved" message chef/automate#4044)
• ba57db2 chore(doc-gen): fix the doc gen script (Data lifecycle form fields only shows at most 2 digits when values may have 3 or more chef/automate#4040)
• 9a47ff8 docs(developers): add fixes and links to DEVELOPER.md (Send an event to the notifications-service when there are no failed r… chef/automate#4043)
• 0b0c224 fix(plugins): do not force ManagedPromise in plugins.ts (Show IDs on project list and role list pages chef/automate#4036)
• 0cd156d feat(debugging): Add webdriver logging and highlight delay. (Include client run failures without resources in notifications chef/automate#4039)
• 9c2274d fix(restart): preserve properties like `browser.baseUrl` upon restart (Compliance Node Report: add Severity filters to the nodes tab chef/automate#4037)
• bb535d3 chore(types): better types for ProtractorPlugin (Create Token behaviors with limited permissions chef/automate#4034)
• b6207ea docs(website): fix up some old information about AngularJS vs Angular (UI Development Process Doc Update chef/automate#4038)
• cd084a0 deps(jasmine): update jasmine to ^2.5.3 (Make periodic job enabledness reset with the Reset call chef/automate#3960)
• af6afa6 docs(developers): add basic DEVELOPER.md and update README ( Sort out various AUTH0_ env vars and see if we can get to a single .envrc file chef/automate#4026)
• f1971b7 chore(webdriver): remove `element.serialize`, since it is no longer part of webdriver (4MB report size limit for A2-installed Chef Infra Server chef/automate#3966)
• 46a1e0c chore(types): Inherit from webdriver.WebDriver types (Event Feed can be filtered by organization, but organization is not present in the JSON or UI output chef/automate#4016)
• a20c7a7 fix(element chaining): make element chaining work when the control flow is disabled (Event Feed Timescale chef/automate#4029)
• 8d2fc07 chore(browser): deprecate `browser.getLocationAbsUrl()`. (Bump automate-compliance-profiles chef/automate#3969)
• 995b146 chore(build): fix compile errors
• 7481dee fix(cli): Make unknown flag check a warning instead of an error. (Light up typescript check: strictDomLocalRefTypes chef/automate#4028)
• 588901c Update example_spec.js (Jamie/page picker fix chef/automate#4022)
• dbc8d5a chore(types): make ElementArrayFinder more generic (Bump rack from 2.0.8 to 2.2.3 in /components/automate-workflow-ctl chef/automate#3977)
• 40bbeca fix(expectedConditions): Add tests and fix race conditions around visibility (Provide a recovery message on failed attempts to run a restore. chef/automate#4006)
• 3d98a16 feat(config): Support setting `SELENIUM_PROMISE_MANAGER` flag via the config (Report on Erred InSpec Runs chef/automate#4023)
• 4e40fb1 feat(browser): chain promises in `browser.get` (Configurable status codes for data-feed chef/automate#4017)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Directory Traversal

[secure-code-warrior-for-github]

Micro-Learning Topic: Directory traversal (Detected by phrase)

Matched on "Directory Traversal"

What is this? (2min video)

Path traversal vulnerabilities occur when inputs that have not been sufficiently validated or sanitised are used to build directory or file paths. If an attacker can influence the path being accessed by the server, they may be able to gain unauthorised access to files or even execute arbitrary code on the server (when coupled with file upload functionality).

Try a challenge in Secure Code Warrior

Helpful references

• OWASP Input Validation Cheat Sheet - This cheatsheet is focused on providing clear, simple, actionable guidance for preventing injection and input validation flaws in your applications, including defence against path traversal.
• OWASP Path Traversal - OWASP community page with comprehensive information about path traversal, and links to various OWASP resources to help detect or prevent it.

Micro-Learning Topic: Race condition (Detected by phrase)

Matched on "race condition"

What is this? (2min video)

A race condition is a flaw that produces an unexpected result when the timing of actions impact other actions.

Try a challenge in Secure Code Warrior