vuln: update deps index.json (#1547)

github-actions[bot] · create-or-update-pull-request · web-flow · commit c55e1c1443f2 · 2026-03-19T11:13:58.000-03:00
Co-authored-by: Create or Update Pull Request Action &lt;create-or-update-pull-request@users.noreply.github.com&gt;
diff --git a/vuln/deps/index.json b/vuln/deps/index.json
@@ -1,61 +1,61 @@
 {
-    "1": {
-        "cve": [
-            "CVE-2023-45853"
-        ],
-        "description": "MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field.",
-        "overview": "This CVE was created for MiniZip (part of zlib/contrib/minizip), which is not used by Node.js. Node.js uses zlib for compression but does not use the MiniZip component where this vulnerability exists.",
-        "ref": "https://github.com/nodejs/nodejs-dependency-vuln-assessments/issues/205",
-        "reason": "vulnerable_code_not_present"
-    },
-    "2": {
-        "cve": [
-            "CVE-2024-7535"
-        ],
-        "description": "Inappropriate implementation in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
-        "overview": "This V8 vulnerability does not fall within Node.js's threat model. The vulnerable code path is not exposed through Node.js APIs and cannot be exploited in normal Node.js usage.",
-        "ref": "https://github.com/nodejs/nodejs-dependency-vuln-assessments/issues/190",
-        "reason": "vulnerable_code_not_in_execute_path"
-    },
-    "3": {
-        "cve": [
-            "CVE-2024-4761",
-            "CVE-2024-4947",
-            "CVE-2024-5274"
-        ],
-        "description": "Out of bounds write in V8. Type Confusion in V8. Type confusion in V8 in Google Chrome.",
-        "overview": "These V8 vulnerabilities do not fall within Node.js's threat model. The vulnerable code paths are not exposed through Node.js APIs.",
-        "ref": "https://github.com/nodejs/nodejs-dependency-vuln-assessments/issues/191",
-        "reason": "vulnerable_code_not_in_execute_path"
-    },
-    "4": {
-        "cve": [
-            "CVE-2024-3159",
-            "CVE-2024-3156"
-        ],
-        "description": "V8 vulnerabilities in JavaScript engine",
-        "overview": "These V8 vulnerabilities do not affect Node.js. The vulnerable functionality is not exposed in Node.js's implementation.",
-        "ref": "https://github.com/nodejs/nodejs-dependency-vuln-assessments/issues/184",
-        "reason": "vulnerable_code_not_in_execute_path"
-    },
-    "5": {
-        "cve": [
-            "CVE-2024-13176"
-        ],
-        "description": "OpenSSL security vulnerability",
-        "overview": "This OpenSSL vulnerability does not affect Node.js. Node.js's usage of OpenSSL does not trigger the vulnerable code path.",
-        "ref": "https://github.com/nodejs/nodejs-dependency-vuln-assessments/issues/201",
-        "reason": "vulnerable_code_not_in_execute_path"
-    },
-    "6": {
-        "cve": [
-            "CVE-2025-9230",
-            "CVE-2025-9231",
-            "CVE-2025-9232"
-        ],
-        "description": "OpenSSL security vulnerabilities",
-        "overview": "These OpenSSL vulnerabilities do not affect Node.js. Node.js's usage of OpenSSL does not trigger the vulnerable code paths.",
-        "ref": "https://github.com/nodejs/nodejs-dependency-vuln-assessments/issues/213",
-        "reason": "vulnerable_code_not_in_execute_path"
-    }
+  "1": {
+    "cve": [
+      "CVE-2023-45853"
+    ],
+    "description": "MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field.",
+    "overview": "This CVE was created for MiniZip (part of zlib/contrib/minizip), which is not used by Node.js. Node.js uses zlib for compression but does not use the MiniZip component where this vulnerability exists.",
+    "ref": "https://github.com/nodejs/nodejs-dependency-vuln-assessments/issues/205",
+    "reason": "vulnerable_code_not_present"
+  },
+  "2": {
+    "cve": [
+      "CVE-2024-7535"
+    ],
+    "description": "Inappropriate implementation in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
+    "overview": "This V8 vulnerability does not fall within Node.js's threat model. The vulnerable code path is not exposed through Node.js APIs and cannot be exploited in normal Node.js usage.",
+    "ref": "https://github.com/nodejs/nodejs-dependency-vuln-assessments/issues/190",
+    "reason": "vulnerable_code_not_in_execute_path"
+  },
+  "3": {
+    "cve": [
+      "CVE-2024-4761",
+      "CVE-2024-4947",
+      "CVE-2024-5274"
+    ],
+    "description": "Out of bounds write in V8. Type Confusion in V8. Type confusion in V8 in Google Chrome.",
+    "overview": "These V8 vulnerabilities do not fall within Node.js's threat model. The vulnerable code paths are not exposed through Node.js APIs.",
+    "ref": "https://github.com/nodejs/nodejs-dependency-vuln-assessments/issues/191",
+    "reason": "vulnerable_code_not_in_execute_path"
+  },
+  "4": {
+    "cve": [
+      "CVE-2024-3159",
+      "CVE-2024-3156"
+    ],
+    "description": "V8 vulnerabilities in JavaScript engine",
+    "overview": "These V8 vulnerabilities do not affect Node.js. The vulnerable functionality is not exposed in Node.js's implementation.",
+    "ref": "https://github.com/nodejs/nodejs-dependency-vuln-assessments/issues/184",
+    "reason": "vulnerable_code_not_in_execute_path"
+  },
+  "5": {
+    "cve": [
+      "CVE-2024-13176"
+    ],
+    "description": "OpenSSL security vulnerability",
+    "overview": "This OpenSSL vulnerability does not affect Node.js. Node.js's usage of OpenSSL does not trigger the vulnerable code path.",
+    "ref": "https://github.com/nodejs/nodejs-dependency-vuln-assessments/issues/201",
+    "reason": "vulnerable_code_not_in_execute_path"
+  },
+  "6": {
+    "cve": [
+      "CVE-2025-9230",
+      "CVE-2025-9231",
+      "CVE-2025-9232"
+    ],
+    "description": "OpenSSL security vulnerabilities",
+    "overview": "These OpenSSL vulnerabilities do not affect Node.js. Node.js's usage of OpenSSL does not trigger the vulnerable code paths.",
+    "ref": "https://github.com/nodejs/nodejs-dependency-vuln-assessments/issues/213",
+    "reason": "vulnerable_code_not_in_execute_path"
+  }
 }
