Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Snyk is reporting high vulnerability in "org.json.json" dependency #4106

Closed
1 of 2 tasks
akkadaya opened this issue Jun 15, 2023 · 3 comments · Fixed by #4174
Closed
1 of 2 tasks

Snyk is reporting high vulnerability in "org.json.json" dependency #4106

akkadaya opened this issue Jun 15, 2023 · 3 comments · Fixed by #4174
Assignees
@asafkorem
Labels
platform: android status: accepted type: bug 🐞

Comments

@akkadaya
Copy link

What happened?

Snyk is reporting a high vulnerability in "org.json.json:20140107" and recommends upgrading to "org.json.json:20230227" or higher

Dependency location:
https://github.com/wix/Detox/blob/master/detox/android/detox/build.gradle#L136

What was the expected behaviour?

No response

Was it tested on latest Detox?

  • I have tested this issue on the latest Detox release and it still reproduces.

Did your test throw out a timeout?

Help us reproduce this issue!

Do snyk test

In what environment did this happen?

No response

Detox logs

No response

Device logs

No response

More data, please!

No response
@stale
Copy link

stale bot commented Jul 15, 2023

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
If you believe the issue is still relevant, please test on the latest Detox and report back.

Thank you for your contributions!

For more information on bots in this repository, read this discussion.

@stale stale bot added the 🏚 stale label Jul 15, 2023
@stale
Copy link

stale bot commented Aug 12, 2023

The issue has been closed for inactivity.

@stale stale bot closed this as completed Aug 12, 2023
@asafkorem asafkorem reopened this Aug 27, 2023
asafkorem added a commit that referenced this issue Aug 27, 2023
@asafkorem
chore(android): bump org.json:json (vulnerable version).
8ea9d8f 
Addressed in: #4106
See recommended fixes:
https://security.snyk.io/vuln/SNYK-JAVA-ORGJSON-5488379
https://security.snyk.io/vuln/SNYK-JAVA-ORGJSON-2841369
@asafkorem asafkorem mentioned this issue Aug 27, 2023
Merged
@asafkorem
Copy link
Contributor

Thanks for the report @akkadaya. I've opened a PR: #4174

@asafkorem asafkorem self-assigned this Aug 27, 2023
asafkorem added a commit that referenced this issue Aug 27, 2023
@asafkorem
chore(android): bump org.json:json (vulnerable version). (#4174)
b76f54e 
Addressed in: #4106
See recommended fixes:
https://security.snyk.io/vuln/SNYK-JAVA-ORGJSON-5488379
https://security.snyk.io/vuln/SNYK-JAVA-ORGJSON-2841369
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@asafkorem asafkorem

Labels
platform: android status: accepted type: bug 🐞
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

chore(android): bump org.json:json (vulnerable version). wix/Detox
2 participants
@akkadaya @asafkorem