[Snyk] Security upgrade protractor from 5.4.2 to 6.0.0 #427

tjenkinson · 2022-10-05T19:12:45Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- types/protractor-browser-logs/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:jasmine-core:20180216	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: protractor

The new version differs by 63 commits.

5d8da04 chore(release): version bump to 6.0.0 and update the changelog
d777738 chore(tests): circleci - chrome 69 requires chromdriver to 2.44 (definitions for moment-range DefinitelyTyped/DefinitelyTyped#5182)
3d50b68 chore(deps): update based on npm audit
e478ba8 chore(release): bump version to 6.0.1-beta
7054827 chore(types): fix types to use not @ types/selenium-webdriver (Fix definition of google.maps.GeocoderRequest() DefinitelyTyped/DefinitelyTyped#5127)
2e5c2e6 chore(jasmine): prevent random execution order in jasmine 3 (Adds terminal colors DefinitelyTyped/DefinitelyTyped#5126)
8afc4e2 chore(release): release 6.0.0-beta and update the changelog
5fd711c chore(webdriver-manager): use webdriver-manager@13.0.0-beta
96ae17c deps(jasmine): upgrade jasmine 3.3 (lodash: added _.method() method DefinitelyTyped/DefinitelyTyped#5102)
68491dd chore(expectedConditions): update generic Function typings (angularjs/angular.d.ts - Type safety for $watch and $watchCollection DefinitelyTyped/DefinitelyTyped#5101)
cf43651 chore(debugprint): convert debugprint to TypeScript (TypeScriptCompile on Visual Studio 2015 DefinitelyTyped/DefinitelyTyped#5074)
d213aa9 deps(selenium): upgrade to selenium 4 ([d3] Correct interpolate() signature DefinitelyTyped/DefinitelyTyped#5095)
4672265 chore(browser): remove timing issues with restart and fork (Added definitions for ng-command DefinitelyTyped/DefinitelyTyped#5085)
b4dbcc2 chore(elementexplorer): remove explorer bin file (Partial updates for lodash to 3.10.0 DefinitelyTyped/DefinitelyTyped#5094)
7de6d85 docs(api): update examples to use async/await (PR to update chai.d.ts to latest chai (chai@3.2.0) DefinitelyTyped/DefinitelyTyped#5081)
1b2036e typings(selenium): try out new version of typings (Add definition for c3.js DefinitelyTyped/DefinitelyTyped#5084)
befb457 chore(bin): update webdriver-manager require to use the cli (support es6 module syntax import, detect-indent/detect-indent.d.ts DefinitelyTyped/DefinitelyTyped#5093)
509f1b2 deps(latest): upgrade to the gulp and typescript (standard css properties for react.d.ts DefinitelyTyped/DefinitelyTyped#5089)
2def202 deps(webdriver-manager): use replacement (node-getopt was added. DefinitelyTyped/DefinitelyTyped#5088)
9d510db chore(test): remove jasmine addMatcher test (lodash: added _.defaultsDeep() method DefinitelyTyped/DefinitelyTyped#5072)
6522e40 chore(cleanup): clean up imports and wdpromises (lodash: added _.modArgs() method DefinitelyTyped/DefinitelyTyped#5073)
3b8f263 chore(ignoreSynchornization): clean up to use waitForAngularEnabled (lodash: added _.toPlainObject() method DefinitelyTyped/DefinitelyTyped#5071)
ffa3519 chore(debugger): remove debugger and explore methods (Google Drive API v2 DefinitelyTyped/DefinitelyTyped#5070)
0f7a38a chore(test): error tests fixed (Add optional strict DI parameter to angular.injector DefinitelyTyped/DefinitelyTyped#5069)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Regular Expression Denial of Service (ReDoS)

…ties The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908 - https://snyk.io/vuln/npm:jasmine-core:20180216

socket-security · 2022-10-05T19:13:51Z

Socket Security Report

Dependency issues detected. If you merge this pull request, you will not be alerted to the instances of these issues again.

📜 New install scripts detected

A dependency change in this PR is introducing new install scripts to your install step.

Package	Script field	Location
bufferutil@4.0.6 (added)	`binding.gyp`	`types/protractor-browser-logs/package.json` via protractor@6.0.0, selenium-webdriver@4.5.0, ws@8.9.0
utf-8-validate@5.0.9 (added)	`binding.gyp`	`types/protractor-browser-logs/package.json` via protractor@6.0.0, selenium-webdriver@4.5.0, ws@8.9.0
bufferutil@4.0.6 (added)	`install`	`types/protractor-browser-logs/package.json` via protractor@6.0.0, selenium-webdriver@4.5.0, ws@8.9.0
utf-8-validate@5.0.9 (added)	`install`	`types/protractor-browser-logs/package.json` via protractor@6.0.0, selenium-webdriver@4.5.0, ws@8.9.0

🫣 Native code

Contains native code which could be a vector to obscure malicious code, and generally decrease the likelihood of reproducible or reliable installs.

Package	Location
bufferutil@4.0.6 (added)	`types/protractor-browser-logs/package.json` via protractor@6.0.0, selenium-webdriver@4.5.0, ws@8.9.0
utf-8-validate@5.0.9 (added)	`types/protractor-browser-logs/package.json` via protractor@6.0.0, selenium-webdriver@4.5.0, ws@8.9.0

Socket.dev scan summary

Issue	Status
Did you mean?	✅ no new possible package typos
Install scripts	⚠️ 4 new install scripts detected
Telemetry	✅ no new telemetry
Troll package	✅ no new troll packages
Malware	✅ no new malware
Native code	⚠️ 2 new native modules detected

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@2.4.2

@SocketSecurity ignore bufferutil@4.0.6
@SocketSecurity ignore utf-8-validate@5.0.9

Powered by socket.dev

fix: types/protractor-browser-logs/package.json to reduce vulnerabili…

167d1aa

…ties The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908 - https://snyk.io/vuln/npm:jasmine-core:20180216

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Security upgrade protractor from 5.4.2 to 6.0.0 #427

[Snyk] Security upgrade protractor from 5.4.2 to 6.0.0 #427

tjenkinson commented Oct 5, 2022

socket-security bot commented Oct 5, 2022

[Snyk] Security upgrade protractor from 5.4.2 to 6.0.0 #427

Are you sure you want to change the base?

[Snyk] Security upgrade protractor from 5.4.2 to 6.0.0 #427

Conversation

tjenkinson commented Oct 5, 2022

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:

socket-security bot commented Oct 5, 2022

Socket Security Report