You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
npm provides the following after installing nightmare latest , the workaround (since its not actually fixing the underlying problems) was to downgrade to v2.8.1
unfortunately this earlier version does not appear to be functional, running the starting example code provided on the nightmare readme file results in the Electron browser appearing and immediately closing. sigh, guess its back to using webdriver, hope one day this very promising library becomes hardened and stable.
npm audit report
electron <=11.4.12
Severity: high
Sandboxed renderers can obtain thumbnails of arbitrary files through the nativeImage API - GHSA-mpjm-v997-c4h4
IPC messages delivered to the wrong frame in Electron - GHSA-hvf8-h2qh-37m9
Context isolation bypass via leaked cross-context objects in Electron - GHSA-m93v-9qjc-3g79
Context isolation bypass via Promise in Electron - GHSA-6vrv-94jv-crrg
fix available via npm audit fix --force
Will install nightmare@2.8.0, which is a breaking change
node_modules/electron
nightmare >=2.8.1
Depends on vulnerable versions of electron
node_modules/nightmare
2 vulnerabilities (1 moderate, 1 high)
To address all issues (including breaking changes), run:
npm audit fix --force
The text was updated successfully, but these errors were encountered:
npm provides the following after installing nightmare latest , the workaround (since its not actually fixing the underlying problems) was to downgrade to v2.8.1
unfortunately this earlier version does not appear to be functional, running the starting example code provided on the nightmare readme file results in the Electron browser appearing and immediately closing. sigh, guess its back to using webdriver, hope one day this very promising library becomes hardened and stable.
npm audit report
electron <=11.4.12
Severity: high
Sandboxed renderers can obtain thumbnails of arbitrary files through the nativeImage API - GHSA-mpjm-v997-c4h4
IPC messages delivered to the wrong frame in Electron - GHSA-hvf8-h2qh-37m9
Context isolation bypass via leaked cross-context objects in Electron - GHSA-m93v-9qjc-3g79
Context isolation bypass via Promise in Electron - GHSA-6vrv-94jv-crrg
fix available via
npm audit fix --forceWill install nightmare@2.8.0, which is a breaking change
node_modules/electron
nightmare >=2.8.1
Depends on vulnerable versions of electron
node_modules/nightmare
2 vulnerabilities (1 moderate, 1 high)
To address all issues (including breaking changes), run:
npm audit fix --force
The text was updated successfully, but these errors were encountered: