DevExpress / testcafe-browser-tools

Browser manipulation utils for TestCafe.
https://testcafe.io
MIT License
30 stars 34 forks source link

Fix CVE-2021-23566 in nanoid before 3.1.31, closes #219 #220

Closed pgorny closed 2 years ago

pgorny commented 2 years ago

Unfortunately, nanoid is affected by CVE-2021-23566, but testcafe-browser-tools pins nanoid@^2.1.3 and due to semver it means it will not update automatically. Main testcafe is also affected and will get a separate PR.

Whilst the issue is small for a testing solution, the issue does bubble up to all consuming projecs, tainiting them.