Protractor NES Release Notes
Detailed release notes for Protractor NES (Never-Ending Support), including security updates, bug fixes, and dependency updates.
Version 7.0.1 (NES)
Major dependency updates to address potential security concerns and ensure continued compatibility. The following dependencies were updated: chalk, glob, yargs, webdriver-manager, mocha, marked, lodash, jshint, and express.
Security Updates
The following CVEs and vulnerabilities were resolved:
| Package | Issue | Description |
|---|---|---|
| adm-zip | Directory Traversal attack | Security fix |
| ajv | GHSA-v88g-cgmw-v5xw | Prototype Pollution |
| body-parser | GHSA-qwcr-r2fm-qrc7 | DoS with url encoding enabled |
| braces | GHSA-grv7-fg5c-xmjg | Uncontrolled resource consumption |
| chalk/ansi-regex | GHSA-93q8-gq69-wqmw | Inefficient Regular Expression Complexity |
| cookie | GHSA-pxg6-pf52-xh8x | Cookie validation fixes |
| copy-props | GHSA-897m-rjf5-jp39 | Prototype Pollution |
| decode-uri-component | GHSA-w573-4hg7-7wgq | Denial of Service |
| express | GHSA-qw6h-vgh9-j6wx | XSS via response.redirect() |
| express | GHSA-rv95-896h-c2vc | Redirect in malformed URLs |
| flat | GHSA-2j2x-2gpw-g8fm | Prototype Pollution |
| glob-parent | GHSA-ww39-953v-wcq6 | Regular Expression DoS |
| hosted-git-info | GHSA-43f8-2h32-f4cj | Regular Expression DoS |
| ini | GHSA-qqgx-2p2h-9c37 | Prototype Pollution |
| json-schema | GHSA-896r-f27r-55mw | Prototype Pollution |
| json-schema | GHSA-36fh-84j7-cv5h | Path Traversal via loadAsync |
| jszip | GHSA-jg8v-48h5-wgxg | Prototype Pollution |
| lodash | GHSA-29mw-wpgm-hmr9 | Regular Expression DoS |
| lodash | GHSA-p6mc-m468-83gw | Prototype Pollution |
| marked | GHSA-rrrm-qjm4-v8hf | Inefficient Regular Expression |
| marked | GHSA-5v2h-r2cx-5xgj | Inefficient Regular Expression |
| micromatch | GHSA-952p-6rrq-rcjv | Regular Expression DoS |
| minimatch | GHSA-f8q6-p94x-37v3 | Regular Expression DoS |
| minimist | GHSA-xvch-5gv4-984h | Prototype Pollution |
| path-parse | GHSA-hj48-42vr-x3v9 | Regular Expression DoS |
| path-to-regexp | GHSA-9wv6-86v2-598j | Backtracking Regular Expressions |
| qs | GHSA-hrpp-h998-j3pp | Prototype Pollution |
| semver | GHSA-c2qf-rxjj-qqgw | Regular Expression DoS |
| send | GHSA-m6fv-jmcg-4jfg | Template Injection |
| serve-static | GHSA-cm22-4g7w-348p | Template Injection |
| shelljs | GHSA-64g7-mvw6-v9qj | Improper Privilege Management |
| shelljs | GHSA-4rq4-32rv-6wp6 | Improper Privilege Management |
| y18n | GHSA-c4w7-xm78-47vh | Prototype Pollution |
| yargs-parser | GHSA-p9pc-299p-vxgp | Prototype Pollution |
Version 7.0.0 (NES)
First release under HeroDevs Never Ending Support (NES).