Update request dependency #555
Comments
|
Github has outlined a whole slew of vulnerabilities in outdated package
dependencies. Much of this requires pretty significant changes, which will
take some free weekends!
…On Fri, Sep 14, 2018 at 1:41 PM David Halls ***@***.***> wrote:
github is moaning about a vuln in ***@***.***, brought in via request.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#555>, or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAAUGMNX91TFGk6jqK0rcV-LbeJxW0pBks5ubBRngaJpZM4Wp6x6>
.
|
|
No problem - library is still working great (thanks)! |
|
cryptiles seems required like this way:
If we update |
|
@admc is this something you would accept a PR for? I'm more than happy to have a go |
|
@mattrayner absolutely, I really want to update all this stuff, but I simply can't find the time right now! If you are willing to send some PR's over, I will absolutely review, test and merge. |
|
@admc Amazing, I'll have a go right now! |
mattrayner
added a commit
to mattrayner/wd
that referenced
this issue
Oct 23, 2018
* Fixed hinting issues
|
Thanks for the nice fix! |
|
Working on it. |
|
Thank you so much! |
|
Hi @admc, thanks for looking into this issue I can't see a new version of wd on npm. The latest version of the wd package at the time of this comment is 1.11.1 which was released 2 months ago,
I don't feel that this issue should be closed until a new version (1.11.2) is published to npm. Apologies if I've misunderstood anything. |
|
I think 1.11.1 contains the fix for this problem, and it actually resolved this issue on my environment. |
|
@jonny-improbable can you check it out and let me know if your issue is solved? |
vrunoa
pushed a commit
to vrunoa/wd
that referenced
this issue
Jan 6, 2020
Giving bromann some love. waitFor considers errors whose message includes "timeout" retriable. At a high level, this seems reasonable, assuming that a timeout error might be caused by the fact that the condition we're checking for has not been met yet. Since we're willing to wait for the condition to become true, we should be willing to retry when a timeout happens. Concretely, this patch is motivated by the need to stabilize a flaky test in our suite that fails due to a tough bug in ChromeDriver [1, 2, 3]. The failure mode is transient, so retrying fixes the flakiness. [1] https://bugs.chromium.org/p/chromedriver/issues/detail?id=402 [2] https://bugs.chromium.org/p/chromedriver/issues/detail?id=817 [3] http://stackoverflow.com/questions/34926866/selenium-chromedriver-timed-out-receiving-message-from-renderer-exception Add new android emulators commands (admc#488) * add new android emulators commands * add emulator methods * update release notes * bump version Prompt user more info to debug when error comes from init() (admc#489) * Prompt user more info to debug when error comes from init() * Try to pass travis Add sample for Kobiton cloud service add ios class chain locator strategy 1.5.0 Remove need for install script links pointing to api docs on code.google.com are broken Add rejectUnauthorized to http config opts update package lock 1.6.0 fix: check if jsonData exists on error creation for request admc#520 1.6.1 upgrade request module (fix admc#523) 1.6.2 add driver.get(set)Clipboard isKeyboardShown method 1.7.0 Fix linter errors Fix HTTP tests broken by admc#521 Add a note about chromedriver The latest releases of Chrome will not work with the outdated chromedriver version installed by sv-selenium. Add a note. Upgrade archiver to 2.1.1 Upgrade lodash to 4.17.10 Add basic support for new W3C protocol 1.8.0 fix situation where jsonwireres is itself not defined 1.8.1 longPressKeyCode, getSupportedPerformanceDataTypes & getPerformanceData methods 1.9.0 Fixed wrong description for "/session/:sessionId/log" add elementByImage command 1.10.0 Add getter for TouchAction on ImageElement object 1.10.1 Remove underscore.string mixin make finding by image first class methods because it's now supported on the server fix hidden use of underscore.string in tests (cc @imurchie) 1.10.2 might as well have plural of element(s)ByImageFile 1.10.3 Add W3C Actions API Test hitting of /actions endpoint * Added test that mocks POST actions/ and checks that the client produces the correct result * Also changed ID of mouse to "default mouse" Add W3C release actions find element by ios predicate string Upgrading the Sauce Connect version Supplying lodash to the modules, to see if I can get a test pass Fixing more broken lodash depedencies More missing lodash Adding ANY to acceptable platforms for VISTA More lodash waitForVisible is dead, commenting the test, fixing what appears to be API issues with lodash by removing .value(), not sure why that was necessary but this passes the build and works properly Removing node 5 requirement, and temporarily disable ipad, iphone, android, bump node version to 10 First round of security audit package updates integrating new geckodriver support from PR admc#494 Revert "Remove need for install script" Integrating all changes from PR admc#530 Revert "Integrating all changes from PR admc#530" This reverts commit b0405da. add flags for press keycodes Try removing linux as platform constraint bump sauce connect, remove the linux build platform constraint Executing JS commands doesn't work with new firefox apparently Removing remaining _.value() calls that seem no longer important, fixing the make targets Revert "Removing remaining _.value() calls that seem no longer important, fixing the make targets" This reverts commit 9159ff7. Removing underscore value() just for the api mapping code Looks like map and filter both need _.value(), removing all others Most repos I see aren't pushing the package-lock.json add custom find strategy Revert "Most repos I see aren't pushing the package-lock.json" This reverts commit 3ad3668. 1.11.0 fix a typo on sessionID in webdriver [admc#555] Update request dependency * Fixed hinting issues [WIP] Chrome fixes upgrade the sauce-connect-launcher package to deal with security vulneratibilities in the depedencies Updating the mocha runner, also contains security vulns This bitdeli thing seems to no longer exist Upgrade lodash to pickup fix for prototype pollution vulnerability Vulnerability details: https://hackerone.com/reports/380873 Lodash changelog: https://github.com/lodash/lodash/wiki/Changelog#v41711 1.11.1 Update document options for flick endpoint Try upgrading gulp to 4.0 to unbreak CI Revert "Try upgrading gulp to 4.0 to unbreak CI" This reverts commit 6537ea8. trying to lock the gulp dev dependency to fix this failing CI Removing the secure fields from the travis yaml, trying to use travis environment variables that work for pull requests Provide W3C and MJSONWP caps Make W3C opt-in Fix capability handling Rename for fork Fix prefixing 1.11.2 Revert package changes Fix Fix Fix Fix feat: Android Espresso DataMatcher strategy Remove additional space Fixed 'npm run test' unit tests for Windows platform Fix hardcoded saucelabs domain 1.11.2 Work on Travis build Update deps and work on tests (admc#591) Move to Eslint for linting (admc#592) * Remove jshint * Add eslint machinery * Fix linting * Lint in Travis Move to gulp@4 (admc#593) 1.11.3 Include "gulp-mocha" and "fancy-log" as dev dependencies Bump lodash from 4.17.11 to 4.17.13 Bumps [lodash](https://github.com/lodash/lodash) from 4.17.11 to 4.17.13. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.11...4.17.13) Signed-off-by: dependabot[bot] <support@github.com> fix: naming of tasks in gulp tasks 1.11.4 support W3C get active element command /element/active requires POST method in JWP but W3C WebDriver spec requires GET method. https://www.w3.org/TR/webdriver/#get-active-element This patch checks remote WebDriver server speaks JWP or W3C on creating a session and remember it. Then switch method of /element/active looksing the flag. chore: Sauce Connect 4.5.4 add httpAgent as right now the connection is not kept alive change test script, wasnt working for me using test-unit
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
github is moaning about a vuln in cryptiles@3.12, brought in via request.
The text was updated successfully, but these errors were encountered: