There is 1 open security issue in bookworm.
1 issue left for the package maintainer to handle:
- CVE-2025-7339:
(needs triaging)
on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions `<1.1.0` may result in response headers being inadvertently modified when an array is passed to `response.writeHead()`. Users should upgrade to version 1.1.0 to receive a patch. Uses are strongly encouraged to upgrade to `1.1.0`, but this issue can be worked around by passing an object to `response.writeHead()` rather than an array.
You can find information about how to handle this issue in the security team's documentation.