Closed apacha closed 7 months ago
Please read the comment here: https://github.com/quasarframework/quasar-testing/blob/c93cc86cb00194be97485f5b705d26f3b33fbf46/packages/e2e-cypress/package.json#L35
We can't bump that dependency without removing support for past versions of Node Since the vulnerablity isn't critical when using it for locally or CI run tests, we don't plan to bump it until next major version of Cypress AE, which will probably be released when Cypress 14 will be out
@apacha I just published Cypress AE v6 to bump all deps, remove Node 14+16 support and avoid the vulnerability warning
Amazing, thank you very much!
Software version
OS: MacOS Node: 20.10.0 NPM: 10.2.3
What did you get as the error?
When installing
quasar ext add @quasar/testing-e2e-cypress
in a clean, new Quasar project, and then executingnpm audit
the requested libraries seem to be outdated and known vulnerabilities are reported.What were you expecting?
That the latest version of
@quasar/quasar-app-extension-testing-e2e-cypress
has no security vulnerabilities, especially if the dependencies already list axios with a higher version that doesn't have this vulnerability:especially given that start-server-and-test was already updated: https://github.com/bahmutov/start-server-and-test/commit/ad35c2e4128615d7bc6e84d09761ae5d1fbc8da2
What steps did you take, to get the error?
Simply install cypress test harness and then run npm audit.