From 67b7dcf38e28a68256ca476d5195827dad4ca936 Mon Sep 17 00:00:00 2001 From: Mariusz Nowak Date: Tue, 2 Sep 2025 12:49:42 +0200 Subject: [PATCH] Update introduced version in GHSA advisory Fixes the issue where security vulnerability is incorrectly applied to projects that depend on the v0.4 version of `next` which is a totally different product than one started at v0.9.9. It was already discussed before, see #179 for context This problem was already fixed for some previous vulnerabilities of `next`, but constantly gets back, when new vulnerability is introduced Note: I wasn't able to introduce this change via suggest form as it exposes just "Affected versions" field, which logically would have to be `>=0.9.9, < 14.2.31` but that value is not accepted (Looks as another bug worth reporting) --- .../2025/08/GHSA-g5qg-72qw-gw5v/GHSA-g5qg-72qw-gw5v.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/advisories/github-reviewed/2025/08/GHSA-g5qg-72qw-gw5v/GHSA-g5qg-72qw-gw5v.json b/advisories/github-reviewed/2025/08/GHSA-g5qg-72qw-gw5v/GHSA-g5qg-72qw-gw5v.json index 978135fc5404f..93309138a8b10 100644 --- a/advisories/github-reviewed/2025/08/GHSA-g5qg-72qw-gw5v/GHSA-g5qg-72qw-gw5v.json +++ b/advisories/github-reviewed/2025/08/GHSA-g5qg-72qw-gw5v/GHSA-g5qg-72qw-gw5v.json @@ -25,7 +25,7 @@ "type": "ECOSYSTEM", "events": [ { - "introduced": "0" + "introduced": "0.9.9" }, { "fixed": "14.2.31" @@ -92,4 +92,4 @@ "github_reviewed_at": "2025-08-29T22:06:22Z", "nvd_published_at": "2025-08-29T22:15:31Z" } -} \ No newline at end of file +}