Hi Xavier, On Sat, Apr 04, 2026 at 08:24:30AM +0200, Xavier wrote: > Hi, > > CVE-2025-66648 is just for vega.js 6.1.0 and fixed in 6.1.1, so vega.js > isn't affected.
What is the fixing change so we can properly track it in the security-tracker? Things are not very clear to me with https://github.com/vega/vega/commits/v6.1.1/ . Regards, Salvatore
