Sync Collecting Fix Commits: Fri Jun 5 20:22:15 UTC 2026

Signed-off-by: AboutCode Automation <automation@aboutcode.org>

Author: aboutcode-automation

data/fix-commits/advisory-database-b78f1d41.json

@@ -1,6 +1,39 @@
 {
   "vcs_url": "https://github.com/imagemagick/imagemagick",
   "vulnerabilities": {
+    "GHSA-H5R4-W88W-7CCR": {
+      "ed143b98d72bba764b010eb822464f2a12b24ff1": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h5r4-w88w-7ccr"
+    },
+    "GHSA-PJXJ-PCHX-4C3M": {
+      "47ca7210515f3c9ea033b86fe4323a70caa74468": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pjxj-pchx-4c3m"
+    },
+    "GHSA-H58X-R7F7-RH84": {
+      "b237a4fa9cbffcb11ee579d386fd37c570d5dffe": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h58x-r7f7-rh84"
+    },
+    "GHSA-M596-67P7-69WH": {
+      "fdbf39ba9a681e53e6025d40501ae5a2bfec3000": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-m596-67p7-69wh"
+    },
+    "GHSA-R628-69V2-2F9C": {
+      "b2dc602e175ee07b0794f3e31f1a29ae6b7267d1": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r628-69v2-2f9c"
+    },
+    "GHSA-H7F2-F9CC-H2GV": {
+      "808506dc4d0cbf3972ce0d57544a06209b65009c": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h7f2-f9cc-h2gv"
+    },
+    "GHSA-JFQ9-Q63X-RC63": {
+      "f34065ecd9512df16cb10083c8b4b46b5cd09b30": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-jfq9-q63x-rc63"
+    },
+    "GHSA-99W9-HV66-RFV7": {
+      "0bb3578ee087f3c4f14bbf1d8883ae456fc99092": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-99w9-hv66-rfv7"
+    },
+    "GHSA-3564-H588-56GR": {
+      "f80b878e884f5b4e2b8f0b512d685701729f7def": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-3564-h588-56gr"
+    },
+    "GHSA-HV63-QGJ6-7GH7": {
+      "d0d8ae7c5cfbd8990c2f9e0d5ca7621600b469c4": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hv63-qgj6-7gh7"
+    },
+    "GHSA-HWF3-R46V-5GGX": {
+      "4079949bae0cde7e683df2e63c40f2e36f52c1b6": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hwf3-r46v-5ggx"
+    },
     "GHSA-J8RH-V2R8-V94X": {
       "b535126ba5abf23f2693e62ed79f10277d938cf4": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-j8rh-v2r8-v94x"
     },

data/fix-commits/buildroot-0b809119.json

@@ -1,6 +1,36 @@
 {
   "vcs_url": "https://github.com/imagemagick/imagemagick6",
   "vulnerabilities": {
+    "GHSA-C8R2-MC3P-4F8J": {
+      "6aee53fdae5c70020abe2a7f92d55ec8071d32ef": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-c8r2-mc3p-4f8j"
+    },
+    "GHSA-H5R4-W88W-7CCR": {
+      "3f0595f0778201326163253bfdc8bce9a4bbadf6": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h5r4-w88w-7ccr"
+    },
+    "GHSA-PJXJ-PCHX-4C3M": {
+      "833156b68d4ed83ef84eb1a5936575947b574e7c": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pjxj-pchx-4c3m"
+    },
+    "GHSA-H58X-R7F7-RH84": {
+      "e4b68bfb6a9541a9c3a4af81a21bf0c253661083": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h58x-r7f7-rh84"
+    },
+    "GHSA-M596-67P7-69WH": {
+      "3c574f9ba5387f5f11669fdb4d4e8febc199dca3": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-m596-67p7-69wh"
+    },
+    "GHSA-R628-69V2-2F9C": {
+      "ca6c9da425880fde937da41d59666dedf5e719e1": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r628-69v2-2f9c"
+    },
+    "GHSA-H7F2-F9CC-H2GV": {
+      "875bd8912b3b54a58e09c14085cf2b14a478a86b": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h7f2-f9cc-h2gv"
+    },
+    "GHSA-99W9-HV66-RFV7": {
+      "353e2604d1983b6d8ec4c04f4f38bbd4668ba0e1": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-99w9-hv66-rfv7"
+    },
+    "GHSA-3564-H588-56GR": {
+      "21ff81fa3843db8b0babe77a8b6baaa4f6e7726f": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-3564-h588-56gr"
+    },
+    "GHSA-HV63-QGJ6-7GH7": {
+      "c2030791d2cfe08214c755b305f2948d2aab1f00": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hv63-qgj6-7gh7"
+    },
     "GHSA-P9RQ-Q46C-G4X6": {
       "3492c2ef45160d0fdfe34724fa6bce07583d3ec1": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p9rq-q46c-g4x6"
     },

data/fix-commits/imagemagick-b15feb65.json

@@ -1,6 +1,12 @@
 {
   "vcs_url": "https://github.com/vercel/next.js",
   "vulnerabilities": {
+    "CVE-2026-4800": {
+      "735d6a68dd699099cc1aae3b31bfa299d973eac8": "Update vendored lodash to 4.18.1 (#94473)\n\n### What?\n\nUpdates the vendored lodash dependency from `4.17.23` to `4.18.1` and\nregenerates the compiled `jsonwebtoken` and `babel-packages` bundles.\n\n### Why?\n\nNext.js currently ships lodash `4.17.23` inside `dist/compiled`, which\ntriggers security scanners for CVE-2026-4800 / GHSA-r5fr-rjxr-66jc.\nConsumers cannot override these vendored compiled copies.\n\nFixes #94449.\n\n### How?\n\nBumped the root lodash pin and lockfile resolution, installed the\npatched package, and reran the focused ncc tasks for the affected\ncompiled sources.\n\n### Verification\n\n- `pnpm --filter=next build`\n- `grep -oE '4\\.17\\.[0-9]+'\npackages/next/dist/compiled/jsonwebtoken/index.js\npackages/next/dist/compiled/babel-packages/packages-bundle.js` produced\nno matches\n- `grep -oE '4\\.18\\.[0-9]+'\npackages/next/dist/compiled/jsonwebtoken/index.js\npackages/next/dist/compiled/babel-packages/packages-bundle.js` reported\n`4.18.1` for both files\n- `node -e \"const\njwt=require('./packages/next/dist/compiled/jsonwebtoken'); const\ntoken=jwt.sign({sub:'94449'}, 'secret'); const decoded=jwt.verify(token,\n'secret'); if (decoded.sub !== '94449') throw new Error('jsonwebtoken\nroundtrip failed'); console.log('jsonwebtoken roundtrip ok')\"`\n- `node -e \"const\nbundle=require('./packages/next/dist/compiled/babel-packages'); if\n(typeof bundle.presetEnv !== 'function') throw new Error('presetEnv\nexport missing'); console.log('babel-packages export ok')\"`\n\n<!-- NEXT_JS_LLM_PR -->"
+    },
+    "GHSA-R5FR-RJXR-66JC": {
+      "735d6a68dd699099cc1aae3b31bfa299d973eac8": "Update vendored lodash to 4.18.1 (#94473)\n\n### What?\n\nUpdates the vendored lodash dependency from `4.17.23` to `4.18.1` and\nregenerates the compiled `jsonwebtoken` and `babel-packages` bundles.\n\n### Why?\n\nNext.js currently ships lodash `4.17.23` inside `dist/compiled`, which\ntriggers security scanners for CVE-2026-4800 / GHSA-r5fr-rjxr-66jc.\nConsumers cannot override these vendored compiled copies.\n\nFixes #94449.\n\n### How?\n\nBumped the root lodash pin and lockfile resolution, installed the\npatched package, and reran the focused ncc tasks for the affected\ncompiled sources.\n\n### Verification\n\n- `pnpm --filter=next build`\n- `grep -oE '4\\.17\\.[0-9]+'\npackages/next/dist/compiled/jsonwebtoken/index.js\npackages/next/dist/compiled/babel-packages/packages-bundle.js` produced\nno matches\n- `grep -oE '4\\.18\\.[0-9]+'\npackages/next/dist/compiled/jsonwebtoken/index.js\npackages/next/dist/compiled/babel-packages/packages-bundle.js` reported\n`4.18.1` for both files\n- `node -e \"const\njwt=require('./packages/next/dist/compiled/jsonwebtoken'); const\ntoken=jwt.sign({sub:'94449'}, 'secret'); const decoded=jwt.verify(token,\n'secret'); if (decoded.sub !== '94449') throw new Error('jsonwebtoken\nroundtrip failed'); console.log('jsonwebtoken roundtrip ok')\"`\n- `node -e \"const\nbundle=require('./packages/next/dist/compiled/babel-packages'); if\n(typeof bundle.presetEnv !== 'function') throw new Error('presetEnv\nexport missing'); console.log('babel-packages export ok')\"`\n\n<!-- NEXT_JS_LLM_PR -->"
+    },
     "CVE-2025-13465": {
       "0cf61307c63aefc16fac286bdd0c3f9b01cc071f": "Update vendored lodash to 4.17.23 to fix CVE-2025-13465 (#91558)\n\n\nCo-authored-by: Sebastian Sebbie Silbermann <sebastian.silbermann@vercel.com>"
     },