add 2025-09-8 malware attack packages upper bounds and ignore in .nsprc

Phil Varner · Phil Varner · commit e2c09c11760b · 2025-09-08T14:03:21.000-04:00
diff --git a/.nsprc b/.nsprc
@@ -1,2 +1,32 @@
 {
+  "1107275": {
+    "active": true,
+    "notes": "color-convert security vulnerability in version 3.1.1",
+    "expiry": "2025-11-01"
+  },
+  "1107280": {
+    "active": true,
+    "notes": "color-name security vulnerability in version 2.0.1",
+    "expiry": "2025-11-01"
+  },
+  "1107276": {
+    "active": true,
+    "notes": "color-string security vulnerability in version 2.1.1",
+    "expiry": "2025-11-01"
+  },
+  "1107274": {
+    "active": true,
+    "notes": "debug security vulnerability in version 4.4.2",
+    "expiry": "2025-11-01"
+  },
+  "1107278": {
+    "active": true,
+    "notes": "is-arrayish security vulnerability in version 0.3.3",
+    "expiry": "2025-11-01"
+  },
+  "1107279": {
+    "active": true,
+    "notes": "simple-swizzle security vulnerability in version 0.2.3",
+    "expiry": "2025-11-01"
+  }
 }
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -59,16 +59,22 @@
     "@mapbox/extent": "^0.4.0",
     "@opensearch-project/opensearch": "^2.13.0",
     "@redocly/cli": "^2.0.8",
+    "color-convert": "<=3.1.0",
+    "color-name": "<=2.0.0",
+    "color-string": "<=2.1.0",
     "compression": "^1.8.1",
     "cors": "^2.8.5",
+    "debug": "<=4.4.1",
     "express": "^4.21.2",
     "got": "^13.0",
     "http-errors": "^2.0.0",
+    "is-arrayish": "<=0.3.2",
     "lodash-es": "^4.17.21",
     "memorystream": "^0.3.1",
     "morgan": "^1.10.1",
     "p-filter": "^4.1.0",
     "serverless-http": "^3.2.0",
+    "simple-swizzle": "<=0.2.2",
     "through2": "^4.0.2",
     "ts-loader": "^9.5.4",
     "winston": "^3.17.0",
