postman-collection icon indicating copy to clipboard operation
postman-collection copied to clipboard

Published 20 hours ago verified publisher icon postmanlabs

Security upgrade file-type from 3.9.0 to 16.5.4

Open appendixshuffle opened this issue 2 years ago • 5 comments

Hi I would like to ask for reopening this PR , which was closed without review. It is blocking our pipelines because of CVE-2022-36313

appendixshuffle avatar Sep 26 '22 08:09 appendixshuffle

+1 we are also having this issue

evanrolfe avatar Dec 07 '22 13:12 evanrolfe

+1 for this issue

mtica avatar Jan 30 '23 16:01 mtica

I verified using this test that [email protected] is not affected by the reported CVE, because the vulnerable code doesn't exist in this version.

I don't see this getting flagged using npm audit as well, which tool is reporting this version?

codenirvana avatar Jan 31 '23 16:01 codenirvana

This is being flagged by snyk as a vulnerability.

alhalama avatar Mar 20 '23 22:03 alhalama

Yeah, if the code is not present in this version then getting the CVE updated would be ideal. Then again, 3.9.0 is a liiitttle bit outdated so it's being flagged in our VMS on that basis alone. 3.9.0 is 7 years old and there's been 78 releases since that one.

scotty6435 avatar Mar 20 '24 13:03 scotty6435