Skip to content

Address vulnerability in protractor and webpack-dev-server #17724

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
May 15, 2020
Merged

Address vulnerability in protractor and webpack-dev-server #17724

merged 3 commits into from
May 15, 2020

Conversation

alan-agius4
Copy link
Collaborator

webpack-dev-server <3.11.0 and protractor <7 contains a low severity vulnerability due to one of its dependencies (yargs-parser)

See: https://npmjs.com/advisories/1500

Fixes #17642

@alan-agius4
fix(@angular-devkit/build-angular): address vulnerability in webpack-…
a7670cf 
…dev-server

webpack-dev-server <3.11.0 and protractor <7 contains a low severity vulnerability due to one of its dependencies (yargs-parser)

See: https://npmjs.com/advisories/1500

Fixes #17642
@alan-agius4
fix(@schematics/angular): address vulnerability in protractor
11e9e94 
webpack-dev-server <3.11.0 and protractor <7 contains a low severity vulnerability due to one of its dependencies (yargs-parser)

See: https://npmjs.com/advisories/1500

Fixes #17642
@alan-agius4 alan-agius4 added the target: rc This PR is targeted for the next release-candidate label May 14, 2020
@alan-agius4
refactor: deprecate protractor elementExplorer
f23dc01 
Protractor `elementExplorer` debugger and element explorer cannot be used for Node.js 8+ since it relied on `_debugger` module.

In protractor version 5, this resulted in the below error:
```
** Angular Live Development Server is listening on localhost:4200, open your browser on http://localhost:4200/ **
: Compiled successfully.
[10:25:35] I/direct - Using ChromeDriver directly...
[10:25:37] I/protractor -
[10:25:37] I/protractor - ------- Element Explorer -------
[10:25:37] I/protractor - Starting WebDriver debugger in a child process. Element Explorer is still beta, please report issues at github.com/angular/protractor
[10:25:37] I/protractor -
[10:25:37] I/protractor - Type <tab> to see a list of locator strategies.
[10:25:37] I/protractor - Use the `list` helper function to find elements by strategy:
[10:25:37] I/protractor -   e.g., list(by.binding('')) gets all bindings.
[10:25:37] I/protractor -
***********************************************************
* WARNING: _debugger module not available on Node.js 8    *
* and higher.                                             *
*                                                         *
* Use 'debugger' keyword instead:                       *
* https://goo.gl/MvWqFh                                   *
***********************************************************
/Users/alanagius/cli-repos/demo-several/node_modules/protractor/built/debugger/debuggerCommons.js:14
  throw e;
  ^

Error: Cannot find module '_debugger'
Require stack:
- /Users/alanagius/cli-repos/demo-several/node_modules/protractor/built/debugger/debuggerCommons.js
- /Users/alanagius/cli-repos/demo-several/node_modules/protractor/built/debugger/clients/explorer.js
    at Function.Module._resolveFilename (internal/modules/cjs/loader.js:980:15)
    at Function.Module._load (internal/modules/cjs/loader.js:862:27)
    at Module.require (internal/modules/cjs/loader.js:1042:19)
    at require (internal/modules/cjs/helpers.js:77:18)
    at Object.<anonymous> (/Users/alanagius/cli-repos/demo-several/node_modules/protractor/built/debugger/debuggerCommons.js:3:18)
    at Module._compile (internal/modules/cjs/loader.js:1156:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1176:10)
    at Module.load (internal/modules/cjs/loader.js:1000:32)
    at Function.Module._load (internal/modules/cjs/loader.js:899:14)
    at Module.require (internal/modules/cjs/loader.js:1042:19) {
  code: 'MODULE_NOT_FOUND',
  requireStack: [
    '/Users/alanagius/cli-repos/demo-several/node_modules/protractor/built/debugger/debuggerCommons.js',
    '/Users/alanagius/cli-repos/demo-several/node_modules/protractor/built/debugger/clients/explorer.js'
  ]
}
```

but in protractor version 7, this logic was removed
@alan-agius4 alan-agius4 requested a review from clydin May 14, 2020 10:47
@alan-agius4 alan-agius4 added the action: merge The PR is ready for merge by the caretaker label May 14, 2020
@filipesilva filipesilva merged commit 595d7c9 into angular:9.1.x May 15, 2020
@alan-agius4 alan-agius4 deleted the security-fix-yargs-parsers branch May 15, 2020 14:01
@angular-automatic-lock-bot
Copy link

This issue has been automatically locked due to inactivity.
Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

This action has been performed automatically by a bot.

@angular-automatic-lock-bot angular-automatic-lock-bot bot locked and limited conversation to collaborators Jun 15, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@clydin clydin clydin approved these changes

Assignees
No one assigned
Labels
action: merge The PR is ready for merge by the caretaker target: rc This PR is targeted for the next release-candidate
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@alan-agius4 @clydin @filipesilva @googlebot