lydiapuric
commented
5 years ago Risk got marked as tolerable as this is used only in tests and there is no newer version of karma-webdriver-launcher.
Closed lydiapuric closed 5 years ago
lydiapuric
commented
5 years ago Risk got marked as tolerable as this is used only in tests and there is no newer version of karma-webdriver-launcher.
lydiapuric
commented
5 years ago npm ll cryptiles angular-app@1.1.0 │ /Users/puric/Downloads/myspa/angular-app │ Example project from an angular.io guide. │ └─┬ karma-webdriver-launcher@1.0.5 │ A Karma plugin. Launcher for Remote WebDriver instances. │ git://github.com/karma-runner/karma-webdriver-launcher.git │ https://github.com/karma-runner/karma-webdriver-launcher#readme └─┬ wd@1.10.3 │ WebDriver/Selenium 2 node.js client │ git+https://github.com/admc/wd.git │ https://github.com/admc/wd#readme └─┬ request@2.85.0 │ Simplified HTTP request client. │ git+https://github.com/request/request.git │ https://github.com/request/request#readme └─┬ hawk@6.0.2 │ HTTP Hawk Authentication Scheme │ git://github.com/hueniverse/hawk.git │ https://github.com/hueniverse/hawk#readme └── cryptiles@3.1.2 General purpose crypto utilities git://github.com/hapijs/cryptiles.git https://github.com/hapijs/cryptiles#readme
karma-webdriver-launcher uses cryptiles 3.1.2. Upgrade to cryptiles to version 4.1.2 or later is recommended to get rid of this security vulnerability.