You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When running npm audit on my project using latest wdio I get some dependency vulnerability
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate │ Prototype pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ hoek │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ wdio │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ wdio > selenium-standalone > request > hawk > sntp > hoek │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/566 │
└───────────────┴──────────────────────────────────────────────────────────────┘
Would be could if selenium-standalone could be updated to a more up to date version as hoek fix has been released already.
Thanks.
The text was updated successfully, but these errors were encountered:
I checked how each dependency in the dependency chain is used. It turned out that hoek package despite being marked as a dependency is not used in our scenario.
The fact stated above means that updating selenium-standalone is not required. Moreover #10 doesn't really allow me to do so until webdriverio/webdriverio#2406 is done.
I encourage you to check how hoek is used in sntp in the installed versions. If you have further doubts please let me know.
Hi,
When running npm audit on my project using latest wdio I get some dependency vulnerability
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate │ Prototype pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ hoek │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ > 4.2.0 < 5.0.0 || >= 5.0.3 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ wdio │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ wdio > selenium-standalone > request > hawk > sntp > hoek │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/566 │
└───────────────┴──────────────────────────────────────────────────────────────┘
Would be could if selenium-standalone could be updated to a more up to date version as hoek fix has been released already.
Thanks.
The text was updated successfully, but these errors were encountered: