- firstname.lastname@example.org, Prototype Pollution (medium risk)
- Introduced by email@example.com > firstname.lastname@example.org > email@example.com > firstname.lastname@example.org. This issue was fixed in versions: 5.1.1. See also: https://snyk.io/vuln/SNYK-JS-DOTPROP-543489.
- email@example.com, Information Disclosure (low risk)
- Introduced by firstname.lastname@example.org > email@example.com > firstname.lastname@example.org > email@example.com > firstname.lastname@example.org and 44 other path(s). This issue was fixed in versions: 6.0.3. See also: https://snyk.io/vuln/SNYK-JS-KINDOF-537849.
The low-severity Vuln-Infoleak for kind-of appears to be resolved within the latest 13.1.0 release of stylelint. The medium-severity prototype pollution vulnerability for dot-prop still exists within the aforementioned 13.1.0 release, so I've filed a security issue with them via github.
Lastly, would it be a good idea to set up a formal security reporting policy for stylelint-config-wikimedia? I believe github is the canonical repo location for this code, correct?