GHSA-4cpg-3vgw-4877 need to be updated, it doesn't have a fix yet.

[mario-canva]

The prototype pollution vulnerability for plist is marked as fixed on 3.0.4 but this version doesn't fix this issue.
GHSA-4cpg-3vgw-4877

I added more details here, could you please update the advisory accordingly? Or point me on how to do it?

Thank you.

[KateCatlin]

Hey @mario-canva!

If I'm understanding you correctly, you want to submit a change in the affected and patched version for this advisory: https://github.com/advisories/GHSA-4cpg-3

You can do that through our new community contributions feature!

That means you can either:

1. Create a pull request to the file for that advisory in this repository to change the affected version, or
2. (Recommended) Go through our UI to submit the change on https://github.com/advisories/GHSA-4cpg-3:
   
   vgw-4877

In either case, a member of our experienced Curation team will review the change and merge it into our database if approved. Including a link to references of how you know this information will help us move faster.

Thanks in advance for making our community stronger!

Kate

[mario-canva]

Hey @darakian not sure why you closed this, but this issue is not fully resolved and should not be closed. Please re-open this issue and only close it once #150 is merged.

[darakian]

@mario-canva, my bad. It's back open.

[darakian]

And re-closing since it's now actually updated