Hi, On Sat, Feb 05, 2022 at 08:23:17AM +0100, Yadd wrote: > On 04/02/2022 17:59, Yadd wrote: > > Hi, > > > > my new pkgjs-audit tool found this 3 vulnerabilities, not found on > > security-tracker: > > > > eslint-config-eslint 5.0.1 > > Severity: critical > > Malicious Package in eslint-scope - > > https://github.com/advisories/GHSA-hxxf-q3w9-4xgw > > False positive, vulnerable version is 5.0.2 which was removed from Internet > > > trim-newlines <3.0.1 > > Severity: high > > Regular Expression Denial of Service in trim-newlines - > > https://github.com/advisories/GHSA-7p7h-4mm5-852v > > CVE-2021-33623 is marked as not-for-us which is bad. Just fixed into > unstable > > > nth-check <2.0.1 > > Severity: moderate > > Inefficient Regular Expression Complexity in nth-check - > > https://github.com/advisories/GHSA-rp65-9cf3-cjxr > > CVE-2021-3803 is marked as not-for-us which is bad. Just fixed into unstable
thank you! I have updated the tracking information. Regards, Salvatore -- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
