Package: node-mixin-deep Version: 1.1.3-3 Severity: important Dear Maintainer,
node-mixin-deep 1.1.3-3 is affected by a prototype pollution vulnerability: https://snyk.io/vuln/SNYK-JS-MIXINDEEP-450212 https://github.com/jonschlinkert/mixin-deep/issues/6 Please upgrade to either 1.3.2 or 2.0.1. Thanks, Paolo -- System Information: Debian Release: 10.0 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-5-amd64 (SMP w/12 CPU cores) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8), LANGUAGE= (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages node-mixin-deep depends on: ii node-for-in 1.0.2-1 ii node-is-extendable 1.0.1-1 ii nodejs 10.15.2~dfsg-2 node-mixin-deep recommends no packages. node-mixin-deep suggests no packages. -- no debconf information -- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
