search

FlowCrypt / flowcrypt-ios

FlowCrypt iOS App
https://flowcrypt.com
Other
32 stars 10 forks source link

build(deps): bump ws, @wdio/appium-service, @wdio/cli, @wdio/jasmine-framework, @wdio/local-runner and webdriverio in /appium #2617

Open dependabot[bot] opened 2 weeks ago

dependabot[bot] commented 2 weeks ago

Bumps ws to 8.17.1 and updates ancestor dependencies ws, @wdio/appium-service, @wdio/cli, @wdio/jasmine-framework, @wdio/local-runner and webdriverio. These dependencies need to be updated together.

Updates ws from 8.13.0 to 8.17.1

Release notes

Sourced from ws's releases.

8.17.1

Bug fixes

  • Fixed a DoS vulnerability (#2231).

A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server.

const http = require('http');
const WebSocket = require('ws');

const wss = new WebSocket.Server({ port: 0 }, function () {
const chars = "!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');
const headers = {};
let count = 0;


for (let i = 0; i < chars.length; i++) {
if (count === 2000) break;


for (let j = 0; j &lt; chars.length; j++) {
  const key = chars[i] + chars[j];
  headers[key] = 'x';

  if (++count === 2000) break;
}



}


headers.Connection = 'Upgrade';
headers.Upgrade = 'websocket';
headers['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';
headers['Sec-WebSocket-Version'] = '13';


const request = http.request({
headers: headers,
host: '127.0.0.1',
port: wss.address().port
});


request.end();
});

The vulnerability was reported by Ryan LaPointe in websockets/ws#2230.

In vulnerable versions of ws, the issue can be mitigated in the following ways:

  1. Reduce the maximum allowed length of the request headers using the [--max-http-header-size=size][] and/or the [maxHeaderSize][] options so that no more headers than the server.maxHeadersCount limit can be sent.

... (truncated)

Commits
  • 3c56601 [dist] 8.17.1
  • e55e510 [security] Fix crash when the Upgrade header cannot be read (#2231)
  • 6a00029 [test] Increase code coverage
  • ddfe4a8 [perf] Reduce the amount of crypto.randomFillSync() calls
  • b73b118 [dist] 8.17.0
  • 29694a5 [test] Use the highWaterMark variable
  • 934c9d6 [ci] Test on node 22
  • 1817bac [ci] Do not test on node 21
  • 96c9b3d [major] Flip the default value of allowSynchronousEvents (#2221)
  • e5f32c7 [fix] Emit at most one event per event loop iteration (#2218)
  • Additional commits viewable in compare view


Updates @wdio/appium-service from 8.39.1 to 9.0.7

Release notes

Sourced from @​wdio/appium-service's releases.

v9.0.7 (2024-08-21)

:bug: Bug Fix

Committers: 1

v9.0.6 (2024-08-21)

:bug: Bug Fix

Committers: 2

v9.0.5 (2024-08-20)

:bug: Bug Fix

:nail_care: Polish

:memo: Documentation

Committers: 2

v9.0.4 (2024-08-19)

:bug: Bug Fix

... (truncated)

Changelog

Sourced from @​wdio/appium-service's changelog.

v9.0.7 (2024-08-21)

:bug: Bug Fix

Committers: 1

v9.0.6 (2024-08-21)

:bug: Bug Fix

Committers: 2

v9.0.5 (2024-08-20)

:bug: Bug Fix

:nail_care: Polish

:memo: Documentation

Committers: 2

... (truncated)

Commits


Updates @wdio/cli from 8.39.1 to 9.0.7

Release notes

Sourced from @​wdio/cli's releases.

v9.0.7 (2024-08-21)

:bug: Bug Fix

Committers: 1

v9.0.6 (2024-08-21)

:bug: Bug Fix

Committers: 2

v9.0.5 (2024-08-20)

:bug: Bug Fix

:nail_care: Polish

:memo: Documentation

Committers: 2

v9.0.4 (2024-08-19)

:bug: Bug Fix

... (truncated)

Changelog

Sourced from @​wdio/cli's changelog.

v9.0.7 (2024-08-21)

:bug: Bug Fix

Committers: 1

v9.0.6 (2024-08-21)

:bug: Bug Fix

Committers: 2

v9.0.5 (2024-08-20)

:bug: Bug Fix

:nail_care: Polish

:memo: Documentation

Committers: 2

... (truncated)

Commits


Updates @wdio/jasmine-framework from 8.39.1 to 9.0.7

Release notes

Sourced from @​wdio/jasmine-framework's releases.

v9.0.7 (2024-08-21)

:bug: Bug Fix

Committers: 1

v9.0.6 (2024-08-21)

:bug: Bug Fix

Committers: 2

v9.0.5 (2024-08-20)

:bug: Bug Fix

:nail_care: Polish

:memo: Documentation

Committers: 2

v9.0.4 (2024-08-19)

:bug: Bug Fix

... (truncated)

Changelog

Sourced from @​wdio/jasmine-framework's changelog.

v9.0.7 (2024-08-21)

:bug: Bug Fix

Committers: 1

v9.0.6 (2024-08-21)

:bug: Bug Fix

Committers: 2

v9.0.5 (2024-08-20)

:bug: Bug Fix

:nail_care: Polish

:memo: Documentation

Committers: 2

... (truncated)

Commits


Updates @wdio/local-runner from 8.39.1 to 9.0.7

Release notes

Sourced from @​wdio/local-runner's releases.

v9.0.7 (2024-08-21)

:bug: Bug Fix

Committers: 1

v9.0.6 (2024-08-21)

:bug: Bug Fix

Committers: 2

v9.0.5 (2024-08-20)

:bug: Bug Fix

:nail_care: Polish

:memo: Documentation

Committers: 2

v9.0.4 (2024-08-19)

:bug: Bug Fix

... (truncated)

Changelog

Sourced from @​wdio/local-runner's changelog.

v9.0.7 (2024-08-21)

:bug: Bug Fix

Committers: 1

v9.0.6 (2024-08-21)

:bug: Bug Fix

Committers: 2

v9.0.5 (2024-08-20)

:bug: Bug Fix

:nail_care: Polish

:memo: Documentation

Committers: 2

... (truncated)

Commits


Updates webdriverio from 8.39.1 to 9.0.7

Release notes

Sourced from webdriverio's releases.

v9.0.7 (2024-08-21)

:bug: Bug Fix

Committers: 1

v9.0.6 (2024-08-21)

:bug: Bug Fix

Committers: 2

v9.0.5 (2024-08-20)

:bug: Bug Fix

:nail_care: Polish

:memo: Documentation

Committers: 2

v9.0.4 (2024-08-19)

:bug: Bug Fix

... (truncated)

Changelog

Sourced from webdriverio's changelog.

v9.0.7 (2024-08-21)

:bug: Bug Fix

Committers: 1

v9.0.6 (2024-08-21)

:bug: Bug Fix

Committers: 2

v9.0.5 (2024-08-20)

:bug: Bug Fix

:nail_care: Polish

:memo: Documentation

Committers: 2

... (truncated)

Commits


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot ... _Description has been truncated_