[GHSA-493p-pfq6-5258] json-smart Uncontrolled Recursion vulnerabilty

[dkontyko]

Updates

• Description

Comments
This appears to be a transitive dependency, i.e., it is a dependency of a different dependency that I am directly using. It would be extremely helpful if GitHub would display a graph of some kind (a visual graph, not just a list) showing the chain of dependencies from which this derives. Otherwise, I have no way of knowing which direct dependency in my project to look at. Thanks.

[github]

Hi there @oswaldobapvicjr! A community member has suggested an improvement to your security advisory. If approved, this change will affect the global advisory listed at github.com/advisories. It will not affect the version listed in your project repository.

This change will be reviewed by our highly-trained Security Curation Team. If you have thoughts or feedback, please share them in a comment here! If this PR has already been closed, you can start a new community contribution for this advisory

[shelbyc]

👋 Hi there @dkontyko, thank you for the feedback about what GitHub can do better with respect to transitive dependency information. This repo currently has an open issue that invites comments about transitive dependency disclosure and alerting, and you're welcome to continue the conversation at that issue: #1565

Since the feedback about transitive dependency alerting shouldn't go into the text of GHSA-493p-pfq6-5258 itself, we'll close the pull request.