Closed carl-tanner closed 5 years ago
@carl-tanner This is a breaking change and can't be merged without a bunch more work. The newer versions of JSDOM have a brand new api which is a large change.
chutzpah.console.exe /engine JsDom /path Samples\Basic\Jasmine\chutzpah.json
fails with this change.
I tried a more minimal change that just updates the lodash dependency to one without the vulnerability. Unit tests passed but I'm not sure how to fully test the change.
Looks good to me
Version of jsdom depends transitively on lodash 4.17.11 which has security vulnerabilities. The latest version of jsdom no longer has this problem.