Update introduced version in GHSA advisory

medikoo · web-flow · commit 67b7dcf38e28 · 2025-09-02T12:49:42.000+02:00
Fixes the issue where security vulnerability is incorrectly applied to projects that depend on the v0.4 version of `next` which is a totally different product than one started at v0.9.9. It was already discussed before, see #179 for context This problem was already fixed for some previous vulnerabilities of `next`, but constantly gets back, when new vulnerability is introduced Note: I wasn't able to introduce this change via suggest form as it exposes just "Affected versions" field, which logically would have to be `>=0.9.9, < 14.2.31` but that value is not accepted (Looks as another bug worth reporting)
diff --git a/advisories/github-reviewed/2025/08/GHSA-g5qg-72qw-gw5v/GHSA-g5qg-72qw-gw5v.json b/advisories/github-reviewed/2025/08/GHSA-g5qg-72qw-gw5v/GHSA-g5qg-72qw-gw5v.json
@@ -25,7 +25,7 @@
           "type": "ECOSYSTEM",
           "events": [
             {
-              "introduced": "0"
+              "introduced": "0.9.9"
             },
             {
               "fixed": "14.2.31"
@@ -92,4 +92,4 @@
     "github_reviewed_at": "2025-08-29T22:06:22Z",
     "nvd_published_at": "2025-08-29T22:15:31Z"
   }
-}
+}

Original file line number	Diff line number	Diff line change
`@@ -25,7 +25,7 @@`
`25`	`25`	`"type": "ECOSYSTEM",`
`26`	`26`	`"events": [`
`27`	`27`	`{`
`28`		`- "introduced": "0"`
	`28`	`+ "introduced": "0.9.9"`
`29`	`29`	`},`
`30`	`30`	`{`
`31`	`31`	`"fixed": "14.2.31"`
`@@ -92,4 +92,4 @@`
`92`	`92`	`"github_reviewed_at": "2025-08-29T22:06:22Z",`
`93`	`93`	`"nvd_published_at": "2025-08-29T22:15:31Z"`
`94`	`94`	`}`
`95`		`-}`
	`95`	`+}`