Hello JSReport Support Team,
During our latest AWS Inspector security scan on the JSReport production deployment, multiple critical and high-level vulnerabilities were detected originating from the Puppeteer dependency bundled with JSReport.
We request guidance on the following:
• Whether there is a patched/updated JSReport release that resolves the Puppeteer-related vulnerabilities.
• If there is a recommended workaround or manual upgrade process for Puppeteer versions inside JSReport.
• Any official security best practices to mitigate this issue while continuing to run JSReport in production?
This vulnerability is impacting our production security compliance, so we request your assistance as soon as possible.
Thanks and Regards,
Gaurav Kelkar