关键信息总结 1. Vulnerability Description - A vulnerability related to AST nodes being emitted for imports has been fixed. - This fix is in response to a specific GitHub Security Advisory: GHSA-h4rm-mm56-xf63. 2. Code Changes - : - Removed the check for builtins imports to ensure necessary imports are emitted properly (commit lines 1166-1162, 1168-1173) - Modified and class logic to handle builtins accurately (commit lines 1194-1185, 1187-1202). - : - Added a test case to validate the fix thoroughly. - : - Minor updates to handle references appropriately. 3. Vulnerability Impact - If the earlier version did not handle builtins imports correctly, an attacker could exploit this oversight by leveraging misconfigured import checks in the AST emission phase. - Impact was mitigated by ensuring proper validation and emission of builtins imports. 4. Advisory Reference - The advisory identifier is GHSA-h4rm-mm56-xf63. - Provides more details and context for the security risk.