dash icon indicating copy to clipboard operation
dash copied to clipboard
verified publisher icon plotly

Selenium 4.2.0 Version Vulnerability

Open flowconnor opened this issue 2 years ago • 8 comments

Selenium Version Vulnerability: selenium>=3.141.0,<=4.2.0

using dash 2.14.2

Describe the bug

We are using Synk to scan the dependencies of our project, which is using the latest version of dash. The Synk scan is showing these vulnerabilities (Snyk: CVSS 7.5 NVD: CVSS 7.5), as a result of the selenium version being kept below 4.2.0 here.

Expected behavior

We expect there not to be open high vulnerabilities in the dash application - although they are only exposed through testing.

A suggestion is that this dependency on selenium is either upgraded, or removed from the client-facing installation.

flowconnor avatar Dec 28 '23 18:12 flowconnor

I am also hit by this upper boundary on the selenium version. Is there a particular reason for this?

tscheburaschka avatar Jun 18 '24 08:06 tscheburaschka

cc @mike-sol

gvwilson avatar Jul 26 '24 13:07 gvwilson