Skip to content

Vulnerability introduced by package adm-zip #499

Open
@paimon0715

Description

@paimon0715

Hi @cnishina ,a high severity vulnerability is introduced in your package

Issue

1 vulnerability (high severity) is introduced in webdriver-manager:
Vulnerability SNYK-JS-ADMZIP-1065796 (high severity) is detected in package adm-zip(versions:<0.5.2):https://snyk.io/vuln/SNYK-JS-ADMZIP-1065796
The above vulnerable package is referenced by webdriver-manager via:
[email protected][email protected]

Solution

Since [email protected].* is transitively referenced by 248 downstream projects (e.g., protractor 7.0.0 (latest version),
grunt-protractor-runner 5.0.0 (latest version), gulp-protractor 4.1.1 (latest version), protractor-flake 4.0.0 (latest version), @types/protractor 4.0.0(latest version)),

[email protected].* is referenced by 26 downstream projects (e.g., protractor-perf 0.2.3 (latest version), sabium-framework 3.10.1030 (latest version), elementor 2.1.0 (latest version), wix-node-build 1.1.220 (latest version), gulp-binarta-template 0.0.68 (latest version)),

[email protected].* is referenced by 4 downstream projects (opal-setup 0.4.6 (latest version), @torpadev/orpa-setup 0.2.11 (latest version), @torpadev/orpa-setup-dev 0.1.3 (latest version), @telligro/opal-setup 0.3.1 (latest version)),

If webdriver-manager removes the vulnerable package from the above versions, then its fixed versions can help downstream users decrease their pain.

Could you help update packages in these versions?

Fixing suggestions

(1)In [email protected].*, you can kindly perform the following upgrades (not crossing their major versions):
adm-zip ^0.4.9 ➔ ^0.5.2;

Note:
[email protected](>=0.5.2) has fixed the vulnerability SNYK-JS-ADMZIP-1065796

(2)In [email protected].*, you can kindly perform the following upgrades (not crossing their major versions):
adm-zip ^0.4.7 ➔ ^0.5.2;

Note:
[email protected](>=0.5.2) has fixed the vulnerability SNYK-JS-ADMZIP-1065796

(3)In [email protected].*, you can kindly perform the following upgrades (not crossing their major versions):
adm-zip ^0.4.7 ➔ ^0.5.2;

Note:
[email protected](>=0.5.2) has fixed the vulnerability SNYK-JS-ADMZIP-1065796

Thank you for your contribution!

Best regards,
Paimon

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions