Control: tags -1 + moreinfo On Thu, 2021-07-29 at 13:07 +0200, Yadd wrote: > node-jszip is vulnerable to a prototype pollution (CVE-2021-23413) > + * Fix a null prototype object for this.files (Closes: CVE-2021- 23413) As far as I can tell, you're fixing an issue by *using* a null prototype object, whereas the changelog entry above implies that you're removing such a use. Regards, Adam