Protractor NES Release Notes
Detailed release notes for Protractor NES (Never‑Ending Support), including security updates, bug fixes, and dependency updates.
Version 7.0.1 (NES)
Major dependency updates to address potential security concerns and ensure continued compatibility. The following dependencies were updated: chalk, glob, yargs, webdriver-manager, mocha, marked, lodash, jshint, and express.
Security Updates
The following CVEs and vulnerabilities were resolved:
| Package | Issue | Description |
|---|---|---|
| adm-zip | Directory Traversal attack | Security fix |
| ajv | GHSA-v88g-cgmw-v5xw | Prototype Pollution |
| body-parser | GHSA-qwcr-r2fm-qrc7 | DoS with url encoding enabled |
| braces | GHSA-grv7-fg5c-xmjg | Uncontrolled resource consumption |
| chalk/ansi-regex | GHSA-93q8-gq69-wqmw | Inefficient Regular Expression Complexity |
| cookie | GHSA-pxg6-pf52-xh8x | Cookie validation fixes |
| copy-props | GHSA-897m-rjf5-jp39 | Prototype Pollution |
| decode-uri-component | GHSA-w573-4hg7-7wgq | Denial of Service |
| express | GHSA-qw6h-vgh9-j6wx | XSS via response.redirect() |
| express | GHSA-rv95-896h-c2vc | Redirect in malformed URLs |
| flat | GHSA-2j2x-2gpw-g8fm | Prototype Pollution |
| glob-parent | GHSA-ww39-953v-wcq6 | Regular Expression DoS |
| hosted-git-info | GHSA-43f8-2h32-f4cj | Regular Expression DoS |
| ini | GHSA-qqgx-2p2h-9c37 | Prototype Pollution |
| json-schema | GHSA-896r-f27r-55mw | Prototype Pollution |
| json-schema | GHSA-36fh-84j7-cv5h | Path Traversal via loadAsync |
| jszip | GHSA-jg8v-48h5-wgxg | Prototype Pollution |
| lodash | GHSA-29mw-wpgm-hmr9 | Regular Expression DoS |
| lodash | GHSA-p6mc-m468-83gw | Prototype Pollution |
| marked | GHSA-rrrm-qjm4-v8hf | Inefficient Regular Expression |
| marked | GHSA-5v2h-r2cx-5xgj | Inefficient Regular Expression |
| micromatch | GHSA-952p-6rrq-rcjv | Regular Expression DoS |
| minimatch | GHSA-f8q6-p94x-37v3 | Regular Expression DoS |
| minimist | GHSA-xvch-5gv4-984h | Prototype Pollution |
| path-parse | GHSA-hj48-42vr-x3v9 | Regular Expression DoS |
| path-to-regexp | GHSA-9wv6-86v2-598j | Backtracking Regular Expressions |
| qs | GHSA-hrpp-h998-j3pp | Prototype Pollution |
| semver | GHSA-c2qf-rxjj-qqgw | Regular Expression DoS |
| send | GHSA-m6fv-jmcg-4jfg | Template Injection |
| serve-static | GHSA-cm22-4g7w-348p | Template Injection |
| shelljs | GHSA-64g7-mvw6-v9qj | Improper Privilege Management |
| shelljs | GHSA-4rq4-32rv-6wp6 | Improper Privilege Management |
| y18n | GHSA-c4w7-xm78-47vh | Prototype Pollution |
| yargs-parser | GHSA-p9pc-299p-vxgp | Prototype Pollution |
Version 7.0.0 (NES)
First release under HeroDevs Never Ending Support (NES).