False positives w.r.t. malware in Puppeteer: GHSA-grrc-v84p-qwv3 & GHSA-rvxm-vq55-8p53

[mathiasbynens]

There seem to be two false positives that are affecting Puppeteer-related packages:

• @puppeteer/browsers is being flagged as malware in GHSA-grrc-v84p-qwv3.
• puppeteer-core is being flagged as malware in GHSA-rvxm-vq55-8p53.

Speaking on behalf of the Puppeteer maintainers, we have not been contacted with details of any supposed malware as part of our packages, and we are not aware of any such malware. Please urgently review these advisories as this is also preventing us from publishing new releases.

[shelbyc]

@mathiasbynens Thanks for opening an issue! GHSA-grrc-v84p-qwv3 and GHSA-rvxm-vq55-8p53 have both been withdrawn and there should be no more alerts.