[Pkg-javascript-devel] Bug#1111769: Bug#1111769: node-sha.js: CVE-2025-9288
Moritz Mühlenhoff
jmm at inutil.org
Fri Aug 22 10:02:18 BST 2025
On Thu, Aug 21, 2025 at 11:55:47PM +0200, Yadd wrote:
> MISSING:
> sha.js at 2.4.12
> └── to-buffer (1.2.1)
> └── typed-array-buffer (1.0.3)
> └── call-bound (1.0.4)
> └── call-bind-apply-helpers (1.0.2)
> └── es-errors (1.3.0)
> └── (^) es-errors (1.3.0)
>
> i can push this new module (with its deps as uscan-components) in new queue.
> Maybe embed all in node-sha.js package for Trixie/Bookworm ?
I think that would be a sensible workaround, yes.
Cheers,
Moritz
More information about the Pkg-javascript-devel
mailing list