Skip to content

[GHSA-653v-rqx9-j85p] deep-object-diff vulnerable to Prototype Pollution#7272

Open
rsholokh wants to merge 1 commit intorsholokh/advisory-improvement-7272from
rsholokh-GHSA-653v-rqx9-j85p
Open

[GHSA-653v-rqx9-j85p] deep-object-diff vulnerable to Prototype Pollution#7272
rsholokh wants to merge 1 commit intorsholokh/advisory-improvement-7272from
rsholokh-GHSA-653v-rqx9-j85p

Conversation

@rsholokh
Copy link
Copy Markdown

@rsholokh rsholokh commented Mar 31, 2026

Updates

  • Affected products

Comments
If the safe version is 1.1.9, then the correct “Affected version” should be “< 1.1.9”. See SNYK report https://security.snyk.io/vuln/SNYK-JS-DEEPOBJECTDIFF-3104594

@github-actions github-actions bot changed the base branch from main to rsholokh/advisory-improvement-7272 March 31, 2026 15:56
@JonathanLEvans
Copy link
Copy Markdown

JonathanLEvans commented Mar 31, 2026

Hi @rsholokh,

We include the 1.1.6 lower bound based on this comment from the maintainer and #819.

@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 16, 2026

👋 This pull request has been marked as stale because it has been open with no activity. You can: comment on the issue or remove the stale label to hold stale off for a while, add the Keep label to hold stale off permanently, or do nothing. If you do nothing this pull request will be closed eventually by the stale bot. Please see CONTRIBUTING.md for more policy details.

@github-actions github-actions bot added the Stale label Apr 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Stale

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rsholokh @JonathanLEvans