Testcafe security vulnerabilities

[JayarathneDha]

What is your Scenario?

I have started working with TestCafe v3. 5.0

The Following was noted in the console.

up to date, audited 478 packages in 4s

38 packages are looking for funding run npm fund for details

3 high severity vulnerabilities

How to fix the vulnerabilities?

What is the Current behavior?

3 high severity vulnerabilities when installing

What is the Expected behavior?

There should not be severity vulnerabilities

What is the public URL of the test page? (attach your complete example)

In the installation

What is your TestCafe test code?

In the installation

Your complete configuration file

No response

Your complete test report

No response

Screenshots

No response

Steps to Reproduce

TestCafe version

v3. 5.0

Node.js version

v20.11.0

Command-line arguments

npm install --save-dev testcafe

Browser name(s) and version(s)

No response

Platform(s) and version(s)

Windows 11

Other

No response

[aleks-pro]

Hello @JayarathneDha ,

Thank you for reporting the issue. We are working on the fix and will update this thread once we have any results.

Please bear with us.

[PavelMor25]

Hello @JayarathneDha ,

The developers of ip have released a patch that fixes this vulnerability. You can re-install the package, after which the necessary version of ip should be pulled. Also, we updated the package-lock.json file in the testcafe GitHub repository.

We prioritize vulnerabilities in dependencies and aim to keep our packages and repositories clean in this regard. Thank you for your report.