New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
High Advisory On npm audit #1219
Comments
Both of these are part of a hack that was created to compensate for a puppeteer issue related to capturing full screen in some edge cases. I don't think we ever documented this hack so it is ok to remove if the author doesn't respond. |
Oh crap, scratch that, I was wrong. It was documented. https://github.com/garris/BackstopJS It would be better to fix this feature but again -- I am still ok to remove if this is too complex to maintain. |
Hey @garris - not sure what you meant regarding maintenance. It has been a while and it doesn't seem like the author of merge-img is too active (preco21/merge-img#16). |
I would appreciate an update on this issue. |
merge-img package was used in a hack to enable capture of very long web pages. I don't think this is required anymore. If someone would like to remove this package and remove the code path which called this package I would gladly approve that PR. |
I‘ll try my best to contribute next week :) |
Details of Audit
On 17th August 2020, there was been a security issue that was raised with
url-regex
. Details are as follows:Unfortunately, backstopjs is last in the queue for updates as awaiting for the following to be completed:
jimp-dev/jimp#926
preco21/merge-img#15
Replication Steps
Run npm audit
Notice the "high" severity vulnerability
The text was updated successfully, but these errors were encountered: