Nicolas Graves via Guix-patches via <guix-patches@gnu.org> writes:

> This fixes CVE-2023-50471 and CVE-2023-50472.
>
> * gnu/packages/javascript.scm (cjson): Update to 1.7.18.
> ---
>  gnu/packages/javascript.scm | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/gnu/packages/javascript.scm b/gnu/packages/javascript.scm
> index 4f97dcfef6..b48acf47dc 100644
> --- a/gnu/packages/javascript.scm
> +++ b/gnu/packages/javascript.scm
> @@ -49,7 +49,7 @@ (define-module (gnu packages javascript)
>  (define-public cjson
>    (package
>      (name "cjson")
> -    (version "1.7.16")
> +    (version "1.7.18")
>      (source (origin
>                (method git-fetch)
>                (uri (git-reference
> @@ -57,7 +57,7 @@ (define-public cjson
>                      (commit (string-append "v" version))))
>                (file-name (git-file-name name version))
>                (sha256
> -               (base32 "00599lzzb0vszk317n0gln7wizdpchy4warxgpj3khrir73pphbb"))))
> +               (base32 "08p37q4i3za3dgz7wynma1fh8y4rq7pyzyjzcda710nxrmsm1pyv"))))
>      (build-system cmake-build-system)
>      (arguments
>       `(#:configure-flags '("-DENABLE_CJSON_UTILS=On")))

apply