Mongoose search injection vulnerability (V7.8.4 fix is not accepted)

[wolfsch-6]

This refers to 'Mongoose search injection vulnerability - CVE-2025-23061'.
Although I use mongoose in version V7.8.6, I get a vulerability finding via 'npm audit' with the reference to the explanation in link
'GHSA-vg7j-7cwx-8wgw'.

Furthermore 'npm audit' recommended to use V8.9.5 via 'npm audit fix --force, which is a breaking change.
However, the link above describes that the fix is already available in V7.8.4.

Can someone please help me what is going wrong?

[wolfsch-6]

The problem now seems to have been resolved.

When calling 'npm audit' again, vulnerabuility is no longer reported, i.e. the fix of mongoose V7.8.6 is recognized. Sorry for the inconvenience!