node-cached-path-relative (1.0.1-2+deb10u1) buster-security; urgency=high

  * Non-maintainer upload by the LTS Security Team.
  * CVE-2018-16472: A prototype pollution attack allows an attacker to inject
    properties on Object.prototype which are then inherited by all the JS
    objects through the prototype chain causing a DoS attack.
  * CVE-2021-23518: Prototype Pollution vulnerability via the cache variable,
    which allows access to the parent prototype properties when the object is
    used to create the cached relative path.

 -- Guilhem Moulin <guilhem@debian.org>  Sun, 04 Dec 2022 17:59:38 +0100

node-cached-path-relative (1.0.1-2) unstable; urgency=medium

  * Move to salsa
  * Bump policy and comapt (no changes)

 -- Bastien Roucariès <rouca@debian.org>  Wed, 16 May 2018 18:02:08 +0200

node-cached-path-relative (1.0.1-1) unstable; urgency=low

  * Initial release (Closes: #860471)

 -- Bastien Roucariès <rouca@debian.org>  Mon, 17 Apr 2017 14:57:56 +0200