Request to Update SmartUI CLI Dependency (Fastify Security Vulnerability)

[tipr2003]

Hello LambdaTest Support Team,
We are using @lambdatest/smartui-cli in our test automation framework and our security scanner (GitHub Copilot / Cycode) has detected a high‑severity security vulnerability introduced through a transitive dependency inside the SmartUI CLI package.
Below are the details:

Vulnerability Details

• Ecosystem: NPM
• Package: fastify
• Version used by SmartUI CLI: 4.29.1
• Dependency path:
• @lambdatest/smartui-cli@4.1.59 → fastify@4.29.1
• Severity: HIGH
• CVE: CVE‑2026‑25223
• GHSA: GHSA‑jx2c‑rxcm‑jvmq
• Fixed Version: fastify@5.7.2

This vulnerability is reported even though SmartUI CLI is a development dependency, because it introduces a known exploitable version in our dependency tree.

Impact on Our Projectc`

• Our organization enforces strict supply‑chain and dependency vulnerability policies.
• CI blocks merges for any HIGH‑severity vulnerabilities, even in transitive dev dependencies.
• Since the vulnerability exists inside SmartUI CLI, we cannot remediate it directly from our side.

Request
Could you please:

1. Update SmartUI CLI to use fastify@5.7.2 or above,
   where the vulnerability is fixed?
2. Provide an estimated timeline for the updated SmartUI CLI release?
   This will allow us to clear the vulnerability from our CI/CD checks and continue using SmartUI without manual overrides.

Environment Details (if useful)
SmartUI CLI version: 4.1.59
Node version:
OS: Windows
Security scanner: GitHub Copilot (Cycode)
Frameworks involved: Playwright + SmartUI