@wdio/image-comparison-core 1.2.1 → 1.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +21 -0
- package/package.json +4 -4
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,26 @@
|
|
|
1
1
|
# @wdio/image-comparison-core
|
|
2
2
|
|
|
3
|
+
## 1.2.2
|
|
4
|
+
|
|
5
|
+
### Patch Changes
|
|
6
|
+
|
|
7
|
+
- db33fa7: #### `@wdio/image-comparison-core` and `@wdio/ocr-service` Security: update jimp (CVE in `file-type` transitive dep)
|
|
8
|
+
|
|
9
|
+
Bumped `jimp` to the latest version to resolve a reported vulnerability in its `file-type` transitive dependency (see [#1130](https://github.com/webdriverio/visual-testing/issues/1130), raised by [@denis-sokolov](https://github.com/denis-sokolov), thank you!).
|
|
10
|
+
|
|
11
|
+
**Actual impact on these packages**
|
|
12
|
+
`file-type` is used by `@jimp/core` solely to detect image MIME types when reading a buffer. In both `@wdio/image-comparison-core` and `@wdio/ocr-service`, every image passed to jimp originates from either WebDriver screenshots (browser-controlled base64 data) or local files written by the framework itself. There is no code path where untrusted external input is fed directly into jimp, which removes the exploitability that the CVE describes.
|
|
13
|
+
|
|
14
|
+
That said, the reputational and compliance risk was real, security scanners flag the package as vulnerable, enterprise users hit audit failures, and some organisations block installation of packages with known CVEs. The update addresses all of that.
|
|
15
|
+
|
|
16
|
+
#### `@wdio/visual-reporter` and `@wdio/visual-service`
|
|
17
|
+
|
|
18
|
+
Updated internal dependencies to pick up the jimp bump in `@wdio/image-comparison-core`.
|
|
19
|
+
|
|
20
|
+
### Committers: 1
|
|
21
|
+
|
|
22
|
+
- Wim Selles ([@wswebcreation](https://github.com/wswebcreation))
|
|
23
|
+
|
|
3
24
|
## 1.2.1
|
|
4
25
|
|
|
5
26
|
### Patch Changes
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@wdio/image-comparison-core",
|
|
3
|
-
"version": "1.2.
|
|
3
|
+
"version": "1.2.2",
|
|
4
4
|
"author": "Wim Selles - wswebcreation",
|
|
5
5
|
"description": "Image comparison core module for @wdio/visual-service - WebdriverIO visual testing framework",
|
|
6
6
|
"keywords": [
|
|
@@ -26,12 +26,12 @@
|
|
|
26
26
|
"url": "https://github.com/webdriverio/visual-testing/issues"
|
|
27
27
|
},
|
|
28
28
|
"dependencies": {
|
|
29
|
-
"jimp": "^1.6.
|
|
29
|
+
"jimp": "^1.6.1",
|
|
30
30
|
"@wdio/logger": "^9.18.0",
|
|
31
|
-
"@wdio/types": "^9.
|
|
31
|
+
"@wdio/types": "^9.27.0"
|
|
32
32
|
},
|
|
33
33
|
"devDependencies": {
|
|
34
|
-
"webdriverio": "^9.
|
|
34
|
+
"webdriverio": "^9.27.0"
|
|
35
35
|
},
|
|
36
36
|
"publishConfig": {
|
|
37
37
|
"access": "public"
|