Open github-actions[bot] opened 1 month ago
Well, that's not right - it collates two distinct vulnerabilities.
But that's an issue with the upstream OSV data, not our code: https://osv.dev/vulnerability/GHSA-9328-gcfq-p269
I don't get where they even got that from. The OSV data exported by Github looks correct: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-9328-gcfq-p269/GHSA-9328-gcfq-p269.json
Automated changes by create-pull-request GitHub action