This repository was archived by the owner on Jul 29, 2024. It is now read-only.

Commit 3b7fe02

alan-agius4Keen Yee Liau

authored and

Keen Yee Liau

committed

fix: security prototype pollution

Optimist has been deprecated over 2 years ago as has a security vulnerability. With this change we use it's successor `yargs`. Closes: #5413

1 parent 7beca52 commit 3b7fe02Copy full SHA for 3b7fe02

File tree

6 files changed

+284

-78

lines changed

docs
- faq.md
lib
- cli.ts
package-lock.json
package.json
spec
- driverProviderTest.js
testapp/scripts
- web-server.js

6 files changed

+284

-78

lines changed

`‎docs/faq.md‎`

Lines changed: 4 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -187,12 +187,13 @@ is complete before continuing.`
`187`	`187`
`188`	`188`	`How do I switch off an option in the CLI?`
`189`	`189`	`-----------------------------------------`
`190`		-i.e. `webdriver-manager update --chrome=false` does not work.
`191`		-This has to do with the way `optimist` parses command line args. In order to pass a false value, do one of the following:
	`190`	+This has to do with the way `yargs` parses command line args. In order to pass a false value, do one of the following:
`192`	`191`
`193`	`192`	1) `webdriver-manager update --chrome=0`
`194`	`193`
`195`		-2) `webdriver-manager update --no-chrome` (see https://github.com/substack/node-optimist#negate-fields)
	`194`	+2) `webdriver-manager update --chrome=false`
	`195`	`+`
	`196`	+3) `webdriver-manager update --no-chrome` (see https://github.com/yargs/yargs/blob/HEAD/docs/tricks.md#negate)
`196`	`197`
`197`	`198`	`Why does Protractor fail when I decorate $timeout?`
`198`	`199`	`--------------------------------------------------`

`‎lib/cli.ts‎`

Lines changed: 16 additions & 13 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`import * as fs from 'fs';`
`2`		`-import * as optimist from 'optimist';`
`3`	`2`	`import * as path from 'path';`
	`3`	`+import * as yargs from 'yargs';`
`4`	`4`
`5`	`5`	`/**`
`6`	`6`	`* The command line interface for interacting with the Protractor runner.`
`@@ -115,7 +115,7 @@ let allowedNames = [`
`115`	`115`	`'stackTrace'`
`116`	`116`	`];`
`117`	`117`
`118`		`-let optimistOptions: any = {`
	`118`	`+let yargsOptions: any = {`
`119`	`119`	`describes: {`
`120`	`120`	`help: 'Print Protractor help menu',`
`121`	`121`	`version: 'Print Protractor version',`
`@@ -153,30 +153,33 @@ let optimistOptions: any = {`
`153`	`153`	`strings: {'capabilities.tunnel-identifier': ''}`
`154`	`154`	`};`
`155`	`155`
`156`		`-optimist.usage(`
	`156`	`+yargs.usage(`
`157`	`157`	`'Usage: protractor [configFile] [options]\n' +`
`158`	`158`	`'configFile defaults to protractor.conf.js\n' +`
`159`	`159`	`'The [options] object will override values from the config file.\n' +`
`160`	`160`	`'See the reference config for a full list of options.');`
`161`		`-for (let key of Object.keys(optimistOptions.describes)) {`
`162`		`- optimist.describe(key, optimistOptions.describes[key]);`
	`161`	`+for (let key of Object.keys(yargsOptions.describes)) {`
	`162`	`+ yargs.describe(key, yargsOptions.describes[key]);`
`163`	`163`	`}`
`164`		`-for (let key of Object.keys(optimistOptions.aliases)) {`
`165`		`- optimist.alias(key, optimistOptions.aliases[key]);`
	`164`	`+for (let key of Object.keys(yargsOptions.aliases)) {`
	`165`	`+ yargs.alias(key, yargsOptions.aliases[key]);`
`166`	`166`	`}`
`167`		`-for (let key of Object.keys(optimistOptions.strings)) {`
`168`		`- optimist.string(key);`
	`167`	`+for (let key of Object.keys(yargsOptions.strings)) {`
	`168`	`+ yargs.string(key);`
`169`	`169`	`}`
`170`		`-optimist.check(function(arg: any) {`
	`170`	`+`
	`171`	`+yargs.check(function(arg: any) {`
`171`	`172`	`if (arg._.length > 1) {`
`172`	`173`	`throw new Error('Error: more than one config file specified');`
`173`	`174`	`}`
	`175`	`+`
	`176`	`+ return true;`
`174`	`177`	`});`
`175`	`178`
`176`		`-let argv: any = optimist.parse(args);`
	`179`	`+let argv: any = yargs.parse(args);`
`177`	`180`
`178`	`181`	`if (argv.help) {`
`179`		`- optimist.showHelp();`
	`182`	`+ yargs.showHelp();`
`180`	`183`	`process.exit(0);`
`181`	`184`	`}`
`182`	`185`
`@@ -233,7 +236,7 @@ if (!configFile && !argv.elementExplorer && args.length < 3) {`
`233`	`236`	`console.log(`
`234`	`237`	`'**you must either specify a configuration file ' +`
`235`	`238`	`'or at least 3 options. See below for the options:\n');`
`236`		`- optimist.showHelp();`
	`239`	`+ yargs.showHelp();`
`237`	`240`	`process.exit(1);`
`238`	`241`	`}`
`239`	`242`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit 3b7fe02

File tree

6 files changed

6 files changed

`‎docs/faq.md‎`

`‎lib/cli.ts‎`

0 commit comments