Skip to content

Commit b38dab1

Browse files
philvarnerPhil Varner
philvarner
and
Phil Varner
authored
add 2025-09-8 malware attack packages upper bounds and ignore in .nsprc (#971)
* add 2025-09-8 malware attack packages upper bounds and ignore in .nsprc * update with more malicious packages --------- Co-authored-by: Phil Varner <[email protected]>
1 parent 094b7cf commit b38dab1

File tree

3 files changed

+72
-3
lines changed

3 files changed

+72
-3
lines changed

.nsprc

Lines changed: 46 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,48 @@
11
{
2+
"1107280": {
3+
"active": true,
4+
"notes": "color-name security vulnerability in version 2.0.1",
5+
"expiry": "2025-11-01"
6+
},
7+
"1107276": {
8+
"active": true,
9+
"notes": "color-string security vulnerability in version 2.1.1",
10+
"expiry": "2025-11-01"
11+
},
12+
"1107278": {
13+
"active": true,
14+
"notes": "is-arrayish security vulnerability in version 0.3.3",
15+
"expiry": "2025-11-01"
16+
},
17+
"1107292": {
18+
"active": true,
19+
"notes": "ansi-regex security vulnerability in version 6.2.1",
20+
"expiry": "2025-11-01"
21+
},
22+
"1107296": {
23+
"active": true,
24+
"notes": "ansi-styles security vulnerability in version 6.2.2",
25+
"expiry": "2025-11-01"
26+
},
27+
"1107295": {
28+
"active": true,
29+
"notes": "chalk security vulnerability in version 5.6.1",
30+
"expiry": "2025-11-01"
31+
},
32+
33+
"1107294": {
34+
"active": true,
35+
"notes": "strip-ansi security vulnerability in version 7.1.1",
36+
"expiry": "2025-11-01"
37+
},
38+
"1107293": {
39+
"active": true,
40+
"notes": "supports-color security vulnerability in version 10.2.1",
41+
"expiry": "2025-11-01"
42+
},
43+
"1107291": {
44+
"active": true,
45+
"notes": "wrap-ansi security vulnerability in version 9.0.1",
46+
"expiry": "2025-11-01"
47+
}
248
}

package-lock.json

Lines changed: 13 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 13 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -59,20 +59,32 @@
5959
"@mapbox/extent": "^0.4.0",
6060
"@opensearch-project/opensearch": "^2.13.0",
6161
"@redocly/cli": "^2.0.8",
62+
"ansi-regex": "<6.2.1 || >6.2.1",
63+
"ansi-styles": "<6.2.2 || >6.2.2",
64+
"chalk": "<5.6.1 || >5.6.1",
65+
"color-convert": "<3.1.1 || >3.1.1",
66+
"color-name": "<2.0.1 || >2.0.1",
67+
"color-string": "<2.1.1 || >2.1.1",
6268
"compression": "^1.8.1",
6369
"cors": "^2.8.5",
70+
"debug": "<4.4.2 || >4.4.2",
6471
"express": "^4.21.2",
6572
"got": "^13.0",
6673
"http-errors": "^2.0.0",
74+
"is-arrayish": "<0.3.3 || >0.3.3",
6775
"lodash-es": "^4.17.21",
6876
"memorystream": "^0.3.1",
6977
"morgan": "^1.10.1",
7078
"p-filter": "^4.1.0",
7179
"serverless-http": "^3.2.0",
80+
"simple-swizzle": "<0.2.3 || >0.2.3",
81+
"strip-ansi": "<7.1.1 || >7.1.1",
82+
"supports-color": "<10.2.1 || >10.2.1",
7283
"through2": "^4.0.2",
7384
"ts-loader": "^9.5.4",
7485
"winston": "^3.17.0",
75-
"xml2js": "0.6.2",
86+
"wrap-ansi": "<9.0.1 || >9.0.1",
87+
"xml2js": "^0.6.2",
7688
"zod": "^4.1.5"
7789
},
7890
"devDependencies": {

0 commit comments

Comments
 (0)