corresponding to CVE-2021-43138. However, upon further investigation, this CVE had nothing to do with core.async at all. Instead, it is/was associated with a completely separate JavaScript library: https://github.com/caolan/async, which core.async does not even have as a dependency. (Closed PR regarding the issue: https://github.com/caolan/async/pull/1828)
This error was reproduced on nvd-clojure versions 1.9.0 and 2.5.0 on both MacOS and Ubuntu via GitHub Actions.
Since around April 13, nvd-clojure reports the following CVE:
corresponding to CVE-2021-43138. However, upon further investigation, this CVE had nothing to do with core.async at all. Instead, it is/was associated with a completely separate JavaScript library: https://github.com/caolan/async, which core.async does not even have as a dependency. (Closed PR regarding the issue: https://github.com/caolan/async/pull/1828)
This error was reproduced on nvd-clojure versions 1.9.0 and 2.5.0 on both MacOS and Ubuntu via GitHub Actions.