search

axemclion / grunt-saucelabs

Grunt task for running all your browser tests using Sauce Labs
MIT License
182 stars 98 forks source link

update requestretry to 3.1.0 #233

Open mar10 opened 5 years ago

mar10 commented 5 years ago

This updates the dependency of requestretry to v3.1.0, hopefully fixing more security warnings mentioned in #229 and #231.

I did not test this! Please check the changelog before applying: https://github.com/FGRibreau/node-request-retry/blob/master/CHANGELOG.md

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ lodash                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=4.17.5                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ grunt-saucelabs [dev]                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ grunt-saucelabs > requestretry > fg-lodash > lodash          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/577                       │
└───────────────┴──────────────────────────────────────────────────────────────┘

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Regular Expression Denial of Service                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ underscore.string                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=3.3.5                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ grunt-saucelabs [dev]                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ grunt-saucelabs > requestretry > fg-lodash >                 │
│               │ underscore.string                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/745                       │
└───────────────┴──────────────────────────────────────────────────────────────┘
Jonahss commented 5 years ago

I'm going to modify the travis CI builds, and then those tests will show us that this update doesn't cause issues.

Jonahss commented 5 years ago

Ive updated the Node versions travis tests on. Looks like we're getting a test failure. I saw that somehow one of your builds succeeded but I haven't been able to replicate that, even after including your changes in my branch: https://github.com/axemclion/grunt-saucelabs/pull/234 I can keep digging, but will take longer.

mar10 commented 5 years ago

Seems to be a bug in requestretry, I opened an issue there