10.1.8: Patch version should be bumped

[rcollette]

In addition to redeploying so that distribution would not include the malware, the patch version should have been bumped because SCA tools are going to continue to report this version as having an issue, which is problematic especially for those with strict requirements such as operating in FedRAMP.

[rcollette]

Also, by not bumping the patch version, cached versions have the potential to not be updated (yes I understand there are hashes, I'm purposely pessimistic about hashes in this scenario)

[narayanpai]

Any updates on this to address https://nvd.nist.gov/vuln/detail/CVE-2025-54313

[JounQin]

Any updates on this to address https://nvd.nist.gov/vuln/detail/CVE-2025-54313

That has been resolved by months.

---

I'm not sure why a minor version is needed, issue fixing happens in patch versions, while minor versions for new features.

[MichaHuhn]

Is version 10.1.8 safe?
WebStorm is still showing this warning:

[JounQin]

Is version 10.1.8. safe?
WebStorm is still showing this warning:

That's WebStorm's problem then, it should not ignore patch versions.