Comments (4)
Hey there,
Previously, Browserstack attempted to transition from the deprecated request module to an alternative, namely the Axios module. However, they encountered certain difficulties, particularly the HTTP_PROXY was not honored as expected.
As a result, Browserstack decided not to pursue it further.
It's worth noting that the request module had a significant user base with over 17 million weekly downloads, and at that time, it did not present any security concerns. However, making the necessary changes is part of Browserstack's roadmap.
Thanks.
from browserstack-cypress-cli.
For your information, when installing the 'browserstack-cypress-cli' dependency, 8 vulnerabilities are immediately flagged.
This CLI is part of the Browserstack family, and many Browserstack client corporations, including the one I work for, extensively use Browserstack products. Particularly, my company places significant emphasis on keeping our products free from errors and bugs.
While I can override the 'got' and 'tough-cookie' versions with the improved ones, it is not possible for 'request' as the library has been deprecated since 2020.
I believe the team maintaining this CLI should seriously consider keeping it up-to-date and free from potential security issues this library.
It's evident that the tool is open source, and any of us can make a PR with the changes. Then my question is: Are there enough tests to ensure a smooth replacement of 'request' with 'axios' or the native node 'fetch' ? If necessary, my team can commit to using an alpha version with this library change. What do you think?
from browserstack-cypress-cli.
I've noticed that there is a pull request on the way, preparing the change. #596 🙏🏼 🤞🏼
from browserstack-cypress-cli.
Related Issues (20)
- Firefox not running on latest for windows 10 HOT 3
- Cypress no longer supports cypress.json HOT 5
- 1.18.0 contains breaking changes HOT 5
- 1.18.0 version - support for running tagged scenarios supported in Cypress 10
- 1.18.0 - Cypress config file not accepting cypress.config.ts HOT 2
- Cypress 10 config file imports not working HOT 1
- Cannot find module 'cypress', Cypress v10, cypress.config.js HOT 3
- Recursion creating tests.zip when home_directory is defined
- Error and warning when using `init` command HOT 3
- `got` security vulnerability
- Peer dependency missing for mocha reporters but cannot install Mocha
- Dependancy is getting installed as a devDependancy? HOT 4
- add support for Cypress component testing
- Message stating: "Sorry, you have been blocked" on any version after 1.23.1 HOT 1
- When a run is started then all files in the project are removed HOT 4
- Local testing fails when testObservability added to e2e.js
- npm ERR! 503 on browserstack side HOT 4
- geoLocation feature states it doesn't work with browserstack local , when browserstack local is not being used.
- browserstack local is set to null but local testing through BrowserStack is not connected HOT 8
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from browserstack-cypress-cli.