From 5207295cc900c3827ea53794ce892706d684d989 Mon Sep 17 00:00:00 2001
From: Karan Shah <64479353+karanshah-browserstack@users.noreply.github.com>
Date: Tue, 5 May 2026 13:47:14 +0530
Subject: [PATCH 1/2] fix(security): bump vulnerable dependencies for path
traversal and DoS [APS-18945, APS-18946]
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
- Bump org.json:json from 20210307 to 20231013 (fixes CVE stack overflow / DoS — APS-18945)
- Bump org.testng:testng from 7.4.0 to 7.5.1 (fixes path traversal vulnerability — APS-18946)
Resolves: APS-18945, APS-18946
---
pom.xml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/pom.xml b/pom.xml
index 2d64c31..f1b03f7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -17,11 +17,11 @@
1.8
1.8
7.4.1
- 7.4.0
+ 7.5.1
1.55.0
1.0.6
2.0
- 20210307
+ 20231013
3.0.0-M5
From cc65b1fc65f14e6488e1dbd328090584f357bb20 Mon Sep 17 00:00:00 2001
From: Karan Shah <64479353+karanshah-browserstack@users.noreply.github.com>
Date: Tue, 5 May 2026 13:57:48 +0530
Subject: [PATCH 2/2] fix(compat): use String charset in URLEncoder.encode for
Java 8 [APS-18945] [APS-18946]
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
- Replace StandardCharsets.UTF_8 (Charset) with "UTF-8" (String) in
URLEncoder.encode calls — the Charset overload requires Java 10+
- Add throws Exception to @Before setUp methods to satisfy the
checked UnsupportedEncodingException declaration
- Pre-existing compilation failure on main branch; unrelated to the
dependency version bumps in this PR
---
.../java/com/browserstack/stepdefs/e2e/StackDemoSteps.java | 4 ++--
.../java/com/browserstack/stepdefs/local/StackLocalSteps.java | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/test/java/com/browserstack/stepdefs/e2e/StackDemoSteps.java b/src/test/java/com/browserstack/stepdefs/e2e/StackDemoSteps.java
index da95d1d..0b940a2 100644
--- a/src/test/java/com/browserstack/stepdefs/e2e/StackDemoSteps.java
+++ b/src/test/java/com/browserstack/stepdefs/e2e/StackDemoSteps.java
@@ -38,7 +38,7 @@ public class StackDemoSteps {
private static final String PRODUCT_IN_CART = "//*[@id=\"__next\"]/div/div/div[2]/div[2]/div[2]/div/div[3]/p[1]";
@Before
- public void setUp(Scenario scenario) {
+ public void setUp(Scenario scenario) throws Exception {
playwright = Playwright.create();
BrowserType browserType = playwright.chromium();
@@ -53,7 +53,7 @@ public void setUp(Scenario scenario) {
caps.put("browser", "chrome");
caps.put("sessionName", scenario.getName());
- String encoded = URLEncoder.encode(new JSONObject(caps).toString(), StandardCharsets.UTF_8);
+ String encoded = URLEncoder.encode(new JSONObject(caps).toString(), "UTF-8");
String wsEndpoint = "wss://cdp.browserstack.com/playwright?caps=" + encoded;
browser = browserType.connect(wsEndpoint);
diff --git a/src/test/java/com/browserstack/stepdefs/local/StackLocalSteps.java b/src/test/java/com/browserstack/stepdefs/local/StackLocalSteps.java
index 7f618cb..78b1c8e 100644
--- a/src/test/java/com/browserstack/stepdefs/local/StackLocalSteps.java
+++ b/src/test/java/com/browserstack/stepdefs/local/StackLocalSteps.java
@@ -29,7 +29,7 @@ public class StackLocalSteps {
private Page page;
@Before
- public void setUp(Scenario scenario) {
+ public void setUp(Scenario scenario) throws Exception {
playwright = Playwright.create();
BrowserType browserType = playwright.chromium();
@@ -45,7 +45,7 @@ public void setUp(Scenario scenario) {
caps.put("browserstack.local", "true");
caps.put("sessionName", scenario.getName());
- String encoded = URLEncoder.encode(new JSONObject(caps).toString(), StandardCharsets.UTF_8);
+ String encoded = URLEncoder.encode(new JSONObject(caps).toString(), "UTF-8");
String wsEndpoint = "wss://cdp.browserstack.com/playwright?caps=" + encoded;
browser = browserType.connect(wsEndpoint);