Releases: quasarframework/quasar-testing
@quasar/testing-security-antivuln-v1.0.0-alpha.1
This testing app extension will scan your installed dependencies (the entire chain) and compare them with the list of advisories found here: https://www.npmjs.com/advisories
Should any unsafe packages be found, the AE will warn you and stop your dev or build process if you desire.
You can execute this extension with:
$ quasar test --security antivuln
See this page for more information:
https://github.com/quasarframework/quasar-testing/blob/dev/packages/security-antivuln/README.md
v1.0.0-rc.9 - Security and Dependency Updates
This release updates dependencies across all submodules, specifically to address the vulnerabilities in Axios and fstream.
Please note:
Due to Lighthouse 5 requiring node 10LTS as minimum version, we have also bumped the minimum level of node required for the quality extension. In the next 30 days we will be bumping the minimum level of node for ALL testing packages.
[email protected] Get your HUD on!!!
We've now rigged the OWASP ZAP HUD to open a Firefox or Chrome browser with instrumentation.
You will need to rerun the installer if you used it before, because this brings in the first version of the HUD that allows us to specify browser and initial route. (Just released today!)
If you've already installed @quasar/testing - then just:
$ quasar ext add @quasar/testing-security
Otherwise run:
$ quasar ext add @quasar/testing
When its done, just run:
$ quasar test --security zap
Now with Security Tool.
INTRODUCING THE ZAP HUD
This release introduces the OWASP ZAPROXY HUD. It is a WIP, but you can (probably) use it today. It is Alpha quality and not yet fully integrated with quasar CTX.
$ quasar ext add @quasar/testing
Choose to add security and then choose a local installation. Then you can run:
$ quasar test --security zap
And when the instrumented Firefox browser opens enter your localhost for the dev server.
Note: at this time there is no option for Chrome, and there is no method to pass an url:port to mozrunner's marionette - but these two features will be landing upstream very Soon ™️.
Almost ready for prime time.
Lots of people are using this extension - and that's awesome! Thanks for your feedback - and keep it coming!