Skip to content

Add parse-server trailing-dot upload advisory references#8257

Open
cookesan wants to merge 2 commits into
github:cookesan/advisory-improvement-8257from
cookesan:parse-server-7wqv-fix-references
Open

Add parse-server trailing-dot upload advisory references#8257
cookesan wants to merge 2 commits into
github:cookesan/advisory-improvement-8257from
cookesan:parse-server-7wqv-fix-references

Conversation

@cookesan

@cookesan cookesan commented Jun 29, 2026

Copy link
Copy Markdown

Adds parse-server trailing-dot upload advisory references to GHSA-7wqv-xjf3-x35v.

Audit refresh, July 8, 2026:

  • Confirmed the live PR is open, ready for review, merge-clean, and the visible advisory check is green.
  • Rechecked the merge-base diff: exactly one advisory JSON file changes (advisories/github-reviewed/2026/06/GHSA-7wqv-xjf3-x35v/GHSA-7wqv-xjf3-x35v.json), JSON parses, git diff --check passes, and the exact-head worktree is clean.
  • Revalidated the added public references in the diff; all resolve through their source site or registry.

@github-actions github-actions Bot changed the base branch from main to cookesan/advisory-improvement-8257 June 29, 2026 08:40
@cookesan

cookesan commented Jul 7, 2026

Copy link
Copy Markdown
Author

Rechecked this reference-only PR while keeping the open Advisory Database queue current.

Adds direct commit and release references for GHSA-7wqv-xjf3-x35v in both Parse Server release lines. The advisory already references NVD, upstream PR #10489, upstream PR #10490, and package source; this PR links each merged fix to its fixed release.

Current audit, July 8, 2026:

  • GHSA-7wqv-xjf3-x35v is live and not withdrawn.
  • CVE-2026-53724 resolves in NVD with Deferred status.
  • PR #10489 merged to alpha as commit 66484ce8fdd87a5d4c23bf9e40f7ea379b4dce79; release 9.9.1-alpha.4 is published, marked prerelease, and not marked draft.
  • PR #10490 merged to release-8.x.x as commit 9e992797ebd47df8143d4530fce4cc46fefb6532; release 8.6.79 is published and not marked draft or prerelease.
  • npm parse-server 9.9.1-alpha.4 and 8.6.79 both resolve with package tarball and integrity metadata.
  • Local JSON validation and whitespace checks pass, and the diff only changes this advisory.

No advisory data fields are changed.

@cookesan cookesan changed the title Add parse-server trailing-dot upload fix references Add parse-server trailing-dot upload advisory references Jul 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant