Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade @playwright/test from 1.19.0-alpha-1643749494000 to 1.38.1 #798

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

fix: upgrade @playwright/test from 1.19.0-alpha-1643749494000 to 1.38.1

faa710c
Select commit
Loading
Failed to load commit list.
Open

[Snyk] Upgrade @playwright/test from 1.19.0-alpha-1643749494000 to 1.38.1 #798

fix: upgrade @playwright/test from 1.19.0-alpha-1643749494000 to 1.38.1
faa710c
Select commit
Loading
Failed to load commit list.
Mend Bolt for GitHub / WhiteSource Security Check failed Oct 24, 2023 in 7m 18s

Security Report

You have successfully remediated 16 vulnerabilities, but introduced 6 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2023-26136

Path to dependency file: /utils/flakiness-dashboard/package.json

Path to vulnerable library: /utils/flakiness-dashboard/package.json

Dependency Hierarchy:

-> storage-blob-12.2.1.tgz (Root Library)

   -> core-http-1.1.9.tgz

     -> ❌ tough-cookie-4.0.0.tgz (Vulnerable Library)

Critical 9.8 tough-cookie-4.0.0.tgz Upgrade to version: tough-cookie - 4.1.3 None
CVE-2023-45133

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/@babel/traverse/package.json

Dependency Hierarchy:

-> @playwright/test-1.20.0-next.tgz (Root Library)

   -> core-7.16.12.tgz

     -> ❌ traverse-7.16.10.tgz (Vulnerable Library)

Critical 9.3 traverse-7.16.10.tgz Upgrade to version: @babel/traverse - 7.23.2 None
CVE-2022-25883

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/semver/package.json

Dependency Hierarchy:

-> @playwright/test-1.20.0-next.tgz (Root Library)

   -> core-7.16.12.tgz

     -> ❌ semver-6.3.0.tgz (Vulnerable Library)

High 7.5 semver-6.3.0.tgz Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 None
CVE-2023-2976

Path to dependency file: /packages/playwright-core/src/server/android/driver/app/build.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.google.guava/guava/28.1-jre/b0e91dcb6a44ffb6221b5027e12a5cb34b841145/guava-28.1-jre.jar

Dependency Hierarchy:

-> lint-gradle-27.1.0.jar (Root Library)

   -> builder-4.1.0.jar

     -> apkzlib-4.1.0.jar

       -> ❌ guava-28.1-jre.jar (Vulnerable Library)

High 7.1 guava-28.1-jre.jar Upgrade to version: com.google.guava:guava:32.0.1-android,32.0.1-jre None
CVE-2023-33201

Path to dependency file: /packages/playwright-core/src/server/android/driver/app/build.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.bouncycastle/bcprov-jdk15on/1.64/513f78dc2971d73eec9716788948ec02704899aa/bcprov-jdk15on-1.64.pom

Dependency Hierarchy:

-> ❌ bcprov-jdk15on-1.64.jar (Vulnerable Library)

Medium 5.3 bcprov-jdk15on-1.64.jar Upgrade to version: org.bouncycastle:bcprov-ext-jdk18on:1.74, org.bouncycastle:bcprov-jdk18on:1.74, org.bouncycastle:bcprov-debug-jdk18on:1.74, org.bouncycastle:bcprov-ext-debug-jdk18on:1.74, org.bouncycastle:bcprov-ext-jdk15to18:1.74, org.bouncycastle:bcprov-jdk15to18:1.74, org.bouncycastle:bcprov-debug-jdk14:1.74, org.bouncycastle:bcprov-debug-jdk15to18:1.74, org.bouncycastle:bcprov-ext-debug-jdk14:1.74, org.bouncycastle:bcprov-ext-debug-jdk15to18:1.74, org.bouncycastle:bcprov-jdk14:1.74 None
CVE-2023-33201

Path to dependency file: /packages/playwright-core/src/server/android/driver/app/build.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.bouncycastle/bcprov-jdk15on/1.56/a153c6f9744a3e9dd6feab5e210e1c9861362ec7/bcprov-jdk15on-1.56.jar

Dependency Hierarchy:

-> lint-gradle-27.1.0.jar (Root Library)

   -> builder-4.1.0.jar

     -> ❌ bcprov-jdk15on-1.56.jar (Vulnerable Library)

Medium 5.3 bcprov-jdk15on-1.56.jar Upgrade to version: org.bouncycastle:bcprov-ext-jdk18on:1.74, org.bouncycastle:bcprov-jdk18on:1.74, org.bouncycastle:bcprov-debug-jdk18on:1.74, org.bouncycastle:bcprov-ext-debug-jdk18on:1.74, org.bouncycastle:bcprov-ext-jdk15to18:1.74, org.bouncycastle:bcprov-jdk15to18:1.74, org.bouncycastle:bcprov-debug-jdk14:1.74, org.bouncycastle:bcprov-debug-jdk15to18:1.74, org.bouncycastle:bcprov-ext-debug-jdk14:1.74, org.bouncycastle:bcprov-ext-debug-jdk15to18:1.74, org.bouncycastle:bcprov-jdk14:1.74 None

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2022-33987 got-9.6.0.tgz
CVE-2022-25881 http-cache-semantics-4.1.0.tgz
CVE-2022-37601 loader-utils-1.4.0.tgz
CVE-2022-29247 electron-12.2.1.tgz
CVE-2022-46175 json5-1.0.1.tgz
CVE-2022-37599 loader-utils-2.0.0.tgz
CVE-2022-37603 loader-utils-2.0.0.tgz
CVE-2021-33502 normalize-url-4.5.0.tgz
CVE-2022-37601 loader-utils-2.0.0.tgz
CVE-2023-28154 webpack-5.68.0.tgz
CVE-2023-2968 proxy-1.0.2.tgz
CVE-2022-36077 electron-12.2.1.tgz
CVE-2022-29257 electron-12.2.1.tgz
CVE-2022-25858 terser-5.10.0.tgz
CVE-2022-24999 qs-6.9.3.tgz
CVE-2022-21718 electron-12.2.1.tgz

Base branch total remaining vulnerabilities: 44
Base branch commit: null


Total libraries scanned: 354

Scan token: 8c66c72740f94492a8f2d9d35a3f58ab