search

nightwatchjs / nightwatch

Integrated end-to-end testing framework written in Node.js and using W3C Webdriver API. Developed at @browserstack
https://nightwatchjs.org
MIT License
11.79k stars 1.31k forks source link

Need to bump ejs version to 3.1.10 due to vulnerability #4201

Closed 0crypto0 closed 5 months ago

0crypto0 commented 5 months ago

Description of the bug/issue

Dependabot cannot update ejs to a non-vulnerable version The latest possible version that can be installed is 3.1.8 because of the following conflicting dependencies:

nightwatch@3.6.0 requires ejs@3.1.8 No patched version available for ejs The earliest fixed version is 3.1.10.

Steps to reproduce

  1. Go to '...'
  2. Click on '...'
  3. Scroll down to '...'
  4. See error

Sample test

No response

Command to run

No response

Verbose Output

No response

Nightwatch Configuration

No response

Nightwatch.js Version

3.6.1

Node Version

No response

Browser

No response

Operating System

No response

Additional Information

No response

TannerS commented 5 months ago

Same here

garg3133 commented 4 months ago

A new version is published with the fix: 3.6.2.