Open Akiharanza opened 4 years ago
garris
commented
4 years ago Both of these are part of a hack that was created to compensate for a puppeteer issue related to capturing full screen in some edge cases. I don't think we ever documented this hack so it is ok to remove if the author doesn't respond.
garris
commented
4 years ago Oh crap, scratch that, I was wrong. It was documented. https://github.com/garris/BackstopJS
It would be better to fix this feature but again -- I am still ok to remove if this is too complex to maintain.
stoyko-stanchev-pfpt
commented
3 years ago Hey @garris - not sure what you meant regarding maintenance. It has been a while and it doesn't seem like the author of merge-img is too active (https://github.com/preco21/merge-img/pull/16).
wiesesascha
commented
3 years ago I would appreciate an update on this issue. Due to customers restrictions we are not allowed to install dependencies with high severity vulnerability and can not use backstopJS so long.. :'(
garris
commented
3 years ago merge-img package was used in a hack to enable capture of very long web pages. I don't think this is required anymore.
If someone would like to remove this package and remove the code path which called this package I would gladly approve that PR.
wiesesascha
commented
3 years ago I‘ll try my best to contribute next week :)
Details of Audit
On 17th August 2020, there was been a security issue that was raised with
url-regex. Details are as follows:Unfortunately, backstopjs is last in the queue for updates as awaiting for the following to be completed:
https://github.com/oliver-moran/jimp/issues/926 https://github.com/preco21/merge-img/issues/15
Replication Steps
Run npm audit Notice the "high" severity vulnerability