Visit AngularJS NES Home Page
Protractor Release Notes
Comprehensive release notes and changelog for Protractor, including security patches, bug fixes, and feature updates across all supported versions.
34 Patched Vulnerabilities
VEX Statements
7.0.1 (NES)
Dependency updates to address potential security concerns and continued compatibility. Some of the dependencies that were updated are: chalk, glob, yargs, webdriver-manager, mocha, marked, lodash, jshint, and express.
Bug Fixes
- adm-zip - Directory Traversal attack
- ajv - Prototype Pollution
- body-parser - Denial of service when url encoding is enabled
- braces - Uncontrolled resource consumption
- chalk/ansi-regex - Inefficient Regular Expression Complexity
- cookie - Accepts cookie name, path, and domain with out of bounds characters
- copy-props - Prototype Pollution
- decode-uri-component - Denial of Service
- express - XSS via response.redirect()
- express - Redirect in malformed URLs
- flat - Prototype Pollution
- glob-parent - Regular Expression Denial of Service
- hosted-git-info - Regular Expression Denial of Service
- ini - Prototype Pollution
- json-schema - Prototype Pollution
- json-schema - Path Traversal via loadAsync
- jszip - Prototype Pollution
- lodash - Regular Expression Denial of Service
- lodash - Prototype Pollution
- marked - Inefficient Regular Expression Complexity
- marked - Inefficient Regular Expression Complexity
- micromatch - Regular Expression Denial of Service
- minimatch - Regular Expression Denial of Service
- minimist - Prototype Pollution
- path-parse - Regular Expression Denial of Service
- path-to-regexp - Backtracking regular expressions
- qs - Prototype Pollution
- semver - Regular Expression Denial of Service
- send - Template injection
- serve-static - Template injection
- shelljs - Improper Privilege Management
- shelljs - Improper Privilege Management
- y18n - Prototype Pollution
- yargs-parser - Prototype Pollution
7.0.0 (NES)
First release under HeroDevs Never-Ending Support (NES)