Regarding the libpng version used in cordova plugin crosswalk

We have received an announcement that the app currently registered with Google Play is using version ligpng, which contains the vulnerability.
While I was looking into where it was used,

$grep-r libpng./*

and

Binary file./build/intermediates/exploded-aar/org.xwalk/xwalk_core_library_beta/13.42.319.12/jni/armeabi-v7a/libxwalkcore.so matches

It says (there were other outputs, but we have omitted them).
We are concerned that our cordova plugin crosswalk is vulnerable.

So I'd like to find out if the version I'm currently using is vulnerable, but I haven't been able to get any clear information.Do you have any clear information about the following?

·Is libpng used for cordova cross walk?
·What versions of libpng are included in cordova crosswalk 1.2.0 as being used?
·What versions of libpng are included in cordova crosswalk 1.7.0 as being used?
*If 1.2.0 is vulnerable, the first thing I think about is to update it, but I understand that the current latest version is 1.7.0, so I would like to know if it is working.

Below is the URL I checked. https://github.com/crosswalk-project/chromium-crosswalk/tree/master/third_party/libpng
この I don't know if it contains this repository.First of all, the master version is 1.2.56, so there is no problem.I guessed that it was close to 13.42.319.12 (there is no confirmation of this either).For crosswalk-13/42.0.2311.68, 1.2.45 seems to be a problem.