Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Issue] Upgrade the axios version to solve the security issue 'follow-redirects' Proxy-Authorization header kept across hosts #1' #143

Closed
tamtmnguyen-kms opened this issue Apr 5, 2024 · 2 comments · Fixed by #145
Closed

[Security Issue] Upgrade the axios version to solve the security issue 'follow-redirects' Proxy-Authorization header kept across hosts #1' #143

tamtmnguyen-kms opened this issue Apr 5, 2024 · 2 comments · Fixed by #145
Assignees
@AmsterGet

Comments

@tamtmnguyen-kms
Copy link

tamtmnguyen-kms commented Apr 5, 2024
edited
Loading

Hi team,
My Github GitHub found 1 vulnerability on my repo rated to follow-redirects' Proxy-Authorization header kept across hosts
My setup: "@playwright/test": "^1.41.2", "@reportportal/agent-js-playwright": "^5.1.7".
Please take a look. Thanks!

image image
@tamtmnguyen-kms tamtmnguyen-kms changed the title [Security Issue] Upgrade the axios version to solve the security issue [Security Issue] Upgrade the axios version to solve the security issue 'follow-redirects' Proxy-Authorization header kept across hosts #1' Apr 5, 2024
@AmsterGet
Copy link
Member

Hi @tamtmnguyen-kms !
Thank you for pointing this out.
We are aware of this vulnerable dependency, it is part of our client-javascript.
Since it is medium severity and we don't use the Proxy-Authorisation header directly, we will fix it within a few weeks.
In case you are affected, the follow-redirects dependency can be safely updated in your codebase until we publish a fix.
Thanks!

@AmsterGet AmsterGet self-assigned this Apr 8, 2024
@AmsterGet
Copy link
Member

Hi @tamtmnguyen-kms !
A new version of the package 5.1.8 with the corresponding fixes is now available.
Please check it out.

@AmsterGet AmsterGet linked a pull request Apr 11, 2024 that will close this issue
Release 5.1.8 #145
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AmsterGet AmsterGet

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Release 5.1.8 reportportal/agent-js-playwright
2 participants
@AmsterGet @tamtmnguyen-kms