Open shrubom opened 1 week ago
thanks for reporting @shrubom . It needs to be analyzed by someone. From a quick look it seems that it isn't applicable to this project. If you look at the advisory, it mentions "proxy versions" >= 2.0.0, < 2.1.1, where this package is using "proxy" version 1.0.2
Thank you for the prompt response. Highly appreciated. :-)
Could you please confirm if I am using the correct npm dependency version? "@xray-app/playwright-junit-reporter": "^0.3.0"
If it is the correct one, then I will contact my security team to analyze this from our end as well.
0.3.0 is the latest version of this package; I advise you to look at your package-lock.json file of your project to see what "proxy" version is being resolved by npm and therefore being used in your project
Perfect. Thank you so much will do so and keep you posted. :)
Hi @bitcoder ,
I am currently integrating new playwright tests to Xray TMT. But when i need to use JFrog Xray scans as the standards of my organization.
CVE-2023-2968 - Severity: High Impacted Components: proxy:1.0.2JFrog(XRAY-520917) generate an enhanced JUnit XML report suitable for Xray with the playwright test results Latest version: 0.3.0 published 1 month ago https://github.com/Xray-App/playwright-junit-reporter
Is there a way to mitigate this ? or will this be addressed in the coming releases?
Please advice.
Thank you.