Airtap changed, local tests need something else now.
Output of npm audit in the old code:
$ npm audit
# npm audit report
async 2.0.0 - 2.6.3
Severity: high
Prototype Pollution in async - https://github.com/advisories/GHSA-fwr7-v2mv-hh25
fix available via `npm audit fix --force`
Will install airtap@4.0.4, which is a breaking change
node_modules/async
firefox-profile 0.4.3 - 4.0.0
Depends on vulnerable versions of async
node_modules/firefox-profile
airtap <=4.0.1
Depends on vulnerable versions of express-state
Depends on vulnerable versions of firefox-profile
Depends on vulnerable versions of hbs
Depends on vulnerable versions of highlight.js
Depends on vulnerable versions of sauce-browsers
Depends on vulnerable versions of watchify
node_modules/airtap
glob-parent <5.1.2
Severity: high
glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via `npm audit fix --force`
Will install airtap@4.0.4, which is a breaking change
node_modules/chokidar/node_modules/glob-parent
chokidar 1.0.0-rc1 - 2.1.8
Depends on vulnerable versions of glob-parent
node_modules/chokidar
watchify 3.0.0 - 3.11.1
Depends on vulnerable versions of chokidar
node_modules/watchify
got <=11.8.3
Severity: high
Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97
Depends on vulnerable versions of cacheable-request
fix available via `npm audit fix --force`
Will install airtap@4.0.4, which is a breaking change
node_modules/got
sauce-browsers <=2.0.0
Depends on vulnerable versions of got
node_modules/sauce-browsers
handlebars <=4.7.6
Severity: critical
Arbitrary Code Execution in handlebars - https://github.com/advisories/GHSA-q2c6-c6pm-g3gh
Prototype Pollution in handlebars - https://github.com/advisories/GHSA-g9r4-xpmj-mj65
Arbitrary Code Execution in handlebars - https://github.com/advisories/GHSA-2cf5-4w76-r9qv
Denial of Service in handlebars - https://github.com/advisories/GHSA-f52g-6jhx-586p
Remote code execution in handlebars when compiling templates - https://github.com/advisories/GHSA-f2jv-r9rf-7988
Prototype Pollution in handlebars - https://github.com/advisories/GHSA-765h-qjxv-5f44
Arbitrary Code Execution in Handlebars - https://github.com/advisories/GHSA-3cqr-58rm-57f8
Regular Expression Denial of Service in Handlebars - https://github.com/advisories/GHSA-62gr-4qp9-h98f
Depends on vulnerable versions of optimist
fix available via `npm audit fix --force`
Will install airtap@4.0.4, which is a breaking change
node_modules/handlebars
hbs <=4.1.2
Depends on vulnerable versions of handlebars
node_modules/hbs
highlight.js <=10.4.0
Severity: moderate
ReDOS vulnerabities: multiple grammars - https://github.com/advisories/GHSA-7wwv-vh3v-89cq
Prototype Pollution in highlight.js - https://github.com/advisories/GHSA-vfrc-7r7c-w9mx
fix available via `npm audit fix`
node_modules/highlight.js
http-cache-semantics <4.1.1
Severity: high
http-cache-semantics vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-rc47-6667-2j5j
fix available via `npm audit fix --force`
Will install airtap@4.0.4, which is a breaking change
node_modules/http-cache-semantics
cacheable-request 0.1.0 - 2.1.4
Depends on vulnerable versions of http-cache-semantics
node_modules/cacheable-request
minimist <=0.2.3
Severity: critical
Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
fix available via `npm audit fix --force`
Will install airtap@4.0.4, which is a breaking change
node_modules/optimist/node_modules/minimist
optimist >=0.6.0
Depends on vulnerable versions of minimist
node_modules/optimist
serialize-javascript <=3.0.0
Severity: high
Insecure serialization leading to RCE in serialize-javascript - https://github.com/advisories/GHSA-hxcc-f52p-wc94
Cross-Site Scripting in serialize-javascript - https://github.com/advisories/GHSA-h9rv-jmmf-4pgx
fix available via `npm audit fix`
node_modules/serialize-javascript
express-state 1.3.0 - 1.4.0
Depends on vulnerable versions of serialize-javascript
node_modules/express-state
17 vulnerabilities (2 moderate, 11 high, 4 critical)
As per title.
Airtap changed, local tests need something else now.
Output of
npm auditin the old code: