Skip to content

Add Kiota redirect scrub package references#8364

Open
cookesan wants to merge 1 commit into
github:cookesan/advisory-improvement-8364from
cookesan:kiota-396q-fix-references
Open

Add Kiota redirect scrub package references#8364
cookesan wants to merge 1 commit into
github:cookesan/advisory-improvement-8364from
cookesan:kiota-396q-fix-references

Conversation

@cookesan

@cookesan cookesan commented Jun 30, 2026

Copy link
Copy Markdown

Adds Kiota redirect scrub package references to GHSA-396q-4vc8-28x9.

Audit refresh, July 8, 2026:

  • Confirmed the live PR is open, ready for review, merge-clean, and the visible advisory check is green.
  • Rechecked the merge-base diff: exactly one advisory JSON file changes (advisories/github-reviewed/2026/06/GHSA-396q-4vc8-28x9/GHSA-396q-4vc8-28x9.json), JSON parses, git diff --check passes, and the exact-head worktree is clean.
  • Revalidated the added public references and package-version evidence in the diff; all resolve through their source site or registry.

@github-actions github-actions Bot changed the base branch from main to cookesan/advisory-improvement-8364 June 30, 2026 01:18
@cookesan

cookesan commented Jul 7, 2026

Copy link
Copy Markdown
Author

Maintainer audit: this only expands the reference set for the Kiota redirect scrub advisory. Commit 09f8bd9b34d68bf412a9b78f6ca7e7961ef14974 resolves, the package release URL resolves, npm version @microsoft/kiota-http-fetchlibrary 1.0.0-preview.102 resolves, and CVE-2026-49336 is present in NVD. The advisory JSON parses, the committed diff passes git diff --check, the PR is merge-clean, and advisory processing is successful. No package, affected range, severity, or database metadata is changed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant