Closed rearrange closed 1 year ago
@davidjgoss I checked the CHOR and found that code has been merged but the last release still missing this upgrade. See here:
https://github.com/cucumber/cucumber-js/blob/a03329c8eff6abe06185ab8ff8a619810f44dd96/package.json
I have a test automation repository that implements cypress-cucumber-preprocessor which depends on cucumber-js package. The GitHub Dependabot reported that the semver is vulnerable and suggested to upgrade it to semver v7.5.2 or later.
👓 What did you see?
This can be easily reproducible by installing cucumber-js using npm and then run npm audit. Example below:
✅ What did you expect to see?
📦 Which tool/library version are you using?
🔬 How could we reproduce it?
Refer to second screenshot above.
Steps to reproduce the behavior: