-
Notifications
You must be signed in to change notification settings - Fork 8
Expand file tree
/
Copy path.nsprc
More file actions
10 lines (10 loc) · 1.09 KB
/
.nsprc
File metadata and controls
10 lines (10 loc) · 1.09 KB
1
2
3
4
5
6
7
8
9
10
{
"GHSA-848j-6mx2-7j84": {
"notes": "CVE-2025-14505: elliptic ECDSA signature corruption can lead to private key recovery if attacker obtains both faulty and correct signatures for identical inputs. Accepted risk: dev-only transitive dependency (node-stdlib-browser -> crypto-browserify -> browserify-sign), not used for signing in this project, no fix available.",
"expiry": "2026-08-15"
},
"GHSA-vpq2-c234-7xj6": {
"notes": "@tootallnate/once AbortSignal control flow (promise may never settle). The current lockfile still resolves vulnerable transitive copies through @deepnote/sql-language-server -> @google-cloud/bigquery -> teeny-request -> http-proxy-agent@5 -> @tootallnate/once@2.0.0, @vscode/jupyter-ipywidgets8 -> @jupyterlab/filebrowser -> jest-environment-jsdom -> jsdom -> http-proxy-agent@5 -> @tootallnate/once@2.0.0, and @vscode/test-electron -> http-proxy-agent@4.0.1 -> @tootallnate/once@1.1.2. No @tootallnate/once override is currently applied in this repo because we are not forcing a major-version transitive override.",
"expiry": "2026-08-15"
}
}