You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: .nsprc
-8Lines changed: 0 additions & 8 deletions
Original file line number
Diff line number
Diff line change
@@ -1,12 +1,4 @@
1
1
{
2
-
"GHSA-2g4f-4pwh-qvx6": {
3
-
"notes": "ajv ReDoS when using $data option. Accepted risk: dev-only transitive dependency (@jupyterlab/settingregistry, table), fix requires ajv@8.18.0 but consumers are on 6.x, not bundled in extension.",
4
-
"expiry": "2026-08-15"
5
-
},
6
-
"GHSA-3ppc-4f35-3m26": {
7
-
"notes": "minimatch ReDoS via repeated wildcards. Accepted risk: dev-only transitive dependency (mocha, glob, @vscode/test-cli), fix requires minimatch@10.2.1 but consumers are on 3.x-5.x, not bundled in extension.",
8
-
"expiry": "2026-08-15"
9
-
},
10
2
"GHSA-848j-6mx2-7j84": {
11
3
"notes": "CVE-2025-14505: elliptic ECDSA signature corruption can lead to private key recovery if attacker obtains both faulty and correct signatures for identical inputs. Accepted risk: dev-only transitive dependency (node-stdlib-browser -> crypto-browserify -> browserify-sign), not used for signing in this project, no fix available.",
0 commit comments