Description
Hi @cnishina ,a high severity vulnerability is introduced in your package
Issue
1 vulnerability (high severity) is introduced in webdriver-manager:
Vulnerability SNYK-JS-ADMZIP-1065796 (high severity) is detected in package adm-zip(versions:<0.5.2):https://snyk.io/vuln/SNYK-JS-ADMZIP-1065796
The above vulnerable package is referenced by webdriver-manager via:
[email protected] ➔ [email protected]
Solution
Since [email protected].* is transitively referenced by 248 downstream projects (e.g., protractor 7.0.0 (latest version),
grunt-protractor-runner 5.0.0 (latest version), gulp-protractor 4.1.1 (latest version), protractor-flake 4.0.0 (latest version), @types/protractor 4.0.0(latest version)),
[email protected].* is referenced by 26 downstream projects (e.g., protractor-perf 0.2.3 (latest version), sabium-framework 3.10.1030 (latest version), elementor 2.1.0 (latest version), wix-node-build 1.1.220 (latest version), gulp-binarta-template 0.0.68 (latest version)),
[email protected].* is referenced by 4 downstream projects (opal-setup 0.4.6 (latest version), @torpadev/orpa-setup 0.2.11 (latest version), @torpadev/orpa-setup-dev 0.1.3 (latest version), @telligro/opal-setup 0.3.1 (latest version)),
If webdriver-manager removes the vulnerable package from the above versions, then its fixed versions can help downstream users decrease their pain.
Could you help update packages in these versions?
Fixing suggestions
(1)In [email protected].*, you can kindly perform the following upgrades (not crossing their major versions):
adm-zip ^0.4.9 ➔ ^0.5.2
;
Note:
[email protected](>=0.5.2) has fixed the vulnerability SNYK-JS-ADMZIP-1065796
(2)In [email protected].*, you can kindly perform the following upgrades (not crossing their major versions):
adm-zip ^0.4.7 ➔ ^0.5.2
;
Note:
[email protected](>=0.5.2) has fixed the vulnerability SNYK-JS-ADMZIP-1065796
(3)In [email protected].*, you can kindly perform the following upgrades (not crossing their major versions):
adm-zip ^0.4.7 ➔ ^0.5.2
;
Note:
[email protected](>=0.5.2) has fixed the vulnerability SNYK-JS-ADMZIP-1065796
Thank you for your contribution!
Best regards,
Paimon