@wdio/visual-service 9.2.0 → 9.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/CHANGELOG.md +39 -0
  2. package/package.json +5 -5
package/CHANGELOG.md CHANGED
@@ -1,5 +1,44 @@
1
1
  # @wdio/visual-service
2
2
 
3
+ ## 9.2.2
4
+
5
+ ### Patch Changes
6
+
7
+ - db33fa7: #### `@wdio/image-comparison-core` and `@wdio/ocr-service` Security: update jimp (CVE in `file-type` transitive dep)
8
+
9
+ Bumped `jimp` to the latest version to resolve a reported vulnerability in its `file-type` transitive dependency (see [#1130](https://github.com/webdriverio/visual-testing/issues/1130), raised by [@denis-sokolov](https://github.com/denis-sokolov), thank you!).
10
+
11
+ **Actual impact on these packages**
12
+ `file-type` is used by `@jimp/core` solely to detect image MIME types when reading a buffer. In both `@wdio/image-comparison-core` and `@wdio/ocr-service`, every image passed to jimp originates from either WebDriver screenshots (browser-controlled base64 data) or local files written by the framework itself. There is no code path where untrusted external input is fed directly into jimp, which removes the exploitability that the CVE describes.
13
+
14
+ That said, the reputational and compliance risk was real, security scanners flag the package as vulnerable, enterprise users hit audit failures, and some organisations block installation of packages with known CVEs. The update addresses all of that.
15
+
16
+ #### `@wdio/visual-reporter` and `@wdio/visual-service`
17
+
18
+ Updated internal dependencies to pick up the jimp bump in `@wdio/image-comparison-core`.
19
+
20
+ ### Committers: 1
21
+
22
+ - Wim Selles ([@wswebcreation](https://github.com/wswebcreation))
23
+
24
+ - Updated dependencies [db33fa7]
25
+ - @wdio/image-comparison-core@1.2.2
26
+
27
+ ## 9.2.1
28
+
29
+ ### Patch Changes
30
+
31
+ - d5afb54: ## #1129 Fix `TypeError: element.getBoundingClientRect is not a function` when a `ChainablePromiseElement` is passed to `checkElement`
32
+
33
+ When `checkElement` (or `saveElement`) was called with a `ChainablePromiseElement`, the lazy promise-based element reference that WebdriverIO's `$()` returns, the element was passed directly as an argument to `browser.execute()` without being awaited first. `browser.execute()` serializes its arguments for transfer to the browser context and cannot handle a pending Promise, so it arrived in the browser as a plain empty object `{}` instead of a WebElement reference. This caused `element.getBoundingClientRect is not a function` because the browser-side `scrollElementIntoView` script received `{}` rather than a DOM element.
34
+
35
+ # Committers: 1
36
+
37
+ - Wim Selles ([@wswebcreation](https://github.com/wswebcreation))
38
+
39
+ - Updated dependencies [d5afb54]
40
+ - @wdio/image-comparison-core@1.2.1
41
+
3
42
  ## 9.2.0
4
43
 
5
44
  ### Minor Changes
package/package.json CHANGED
@@ -2,7 +2,7 @@
2
2
  "name": "@wdio/visual-service",
3
3
  "author": "Wim Selles - wswebcreation",
4
4
  "description": "Image comparison / visual regression testing for WebdriverIO",
5
- "version": "9.2.0",
5
+ "version": "9.2.2",
6
6
  "license": "MIT",
7
7
  "homepage": "https://webdriver.io/docs/visual-testing",
8
8
  "repository": {
@@ -20,11 +20,11 @@
20
20
  "type": "module",
21
21
  "types": "./dist/index.d.ts",
22
22
  "dependencies": {
23
- "@wdio/globals": "^9.23.0",
23
+ "@wdio/globals": "^9.27.0",
24
24
  "@wdio/logger": "^9.18.0",
25
- "@wdio/types": "^9.25.0",
26
- "expect-webdriverio": "^5.6.4",
27
- "@wdio/image-comparison-core": "1.2.0"
25
+ "@wdio/types": "^9.27.0",
26
+ "expect-webdriverio": "^5.6.5",
27
+ "@wdio/image-comparison-core": "1.2.2"
28
28
  },
29
29
  "scripts": {
30
30
  "build": "run-s clean build:*",