BrowserStack Local is a valuable tool for developers needing to test web applications and websites in a secure local environment with BrowserStack's cloud infrastructure. Version 1.2.0 introduces enhancements over the previous stable version 1.1.0, primarily focused on dependency updates and potential bug fixes reflected in those changes.
A key difference lies in the addition of sinon and temp-fs as dependencies in version 1.2.0. sinon is a popular library for spies, stubs, and mocks, suggesting improved testing capabilities within the BrowserStack Local library itself. temp-fs simplifies the creation and management of temporary files and directories, potentially indicating enhancements in how BrowserStack Local handles temporary data or file system interactions during its operation. These additions make the library more robust and reliable, giving confidence to the developers.
Both versions maintain the core dependencies of is-running and https-proxy-agent, ensuring the continuation of process monitoring and secure proxy support. The development dependency list remains consistent, ensuring testing processes are kept aligned through version upgrade. Upgrading to version 1.2.0 is recommended for developers seeking more reliable testing environment and who could benefit from those testing specific features that the new dependencies allow. This update streamlines the local testing process and facilitates a smoother workflow with BrowserStack.
All the vulnerabilities related to the version 1.2.0 of the package
Denial of Service in https-proxy-agent
Versions of https-proxy-agent before 2.2.0 are vulnerable to denial of service. This is due to unsanitized options (proxy.auth) being passed to Buffer().
Update to version 2.2.0 or later.
Machine-In-The-Middle in https-proxy-agent
Versions of https-proxy-agent prior to 2.2.3 are vulnerable to Machine-In-The-Middle. The package fails to enforce TLS on the socket if the proxy server responds the to the request with a HTTP status different than 200. This allows an attacker with access to the proxy server to intercept unencrypted communications, which may include sensitive information such as credentials.
Upgrade to version 3.0.0 or 2.2.3.
semver vulnerable to Regular Expression Denial of Service
Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
