Critical vulnerability for rack 0.0.0 in docker-scout

[IainMcHugh]

Hello

I am currently using "@pact-foundation/pact": "^12.3.0" as a dev dependency in a NextJS project. Docker-scout is listing a critical vulnerability for rack 0.0.0 , and the package path is:

Type: gem Location: /node_modules/@pact-foundation/pact-core/standalone/darwin-arm64-2.4.2/pact/lib/vendor/ruby/3.2.0/gems/rack-2.2.8.1/rack.gemspec /node_modules/@pact-foundation/pact-core/standalone/darwin-x64-2.4.2/pact/lib/vendor/ruby/3.2.0/gems/rack-2.2.8.1/rack.gemspec /node_modules/@pact-foundation/pact-core/standalone/linux-arm64-2.4.2/pact/lib/vendor/ruby/3.2.0/gems/rack-2.2.8.1/rack.gemspec /node_modules/@pact-foundation/pact-core/standalone/linux-x64-2.4.2/pact/lib/vendor/ruby/3.2.0/gems/rack-2.2.8.1/rack.gemspec /node_modules/@pact-foundation/pact-core/standalone/windows-x64-2.4.2/pact/lib/vendor/ruby/3.2.0/gems/rack-2.2.8.1/rack.gemspec We upgraded the @pact-foundation/pact version based on https://github.com/pact-foundation/pact-ruby-standalone/issues/132 issue hoping it would fix this but the location is linking back to @pact-foundation/pact-core

[YOU54F]

its suspect that docker-scout is complaining incorrectly about the rack version 0.0.0 when its at 2.2.8.1, which was the most recent patched version for rack in the 2.x release branch

[YOU54F]

Closing due to lack of response, and I also think the report is invalid as per previous comments