-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
npm audit fix
#10
Comments
I would like to take a crack at this! |
Thank you @MarkovianPD ! |
@AurelienLourot Absolutely! I'm new to contributions trying to get my foot in the door anyway possible and help out! I created a fork to mess around with it before your reply and from what I could dig up and conclude is that you'll want to upgrade npm package "marked" to version 0.6.2. I'm not sure if I can do that by editing the package.json version to the updated version and it will upgrade? It does also seem you're using a 0.3.X version and I assume you're using an older version for a reason and upgrading may not be the best solution? Any and all feedback would be appreciated! |
It must be a dependency of one of all these dependencies. So if we're using an old version, it's not on purpose from us, but it might be on purpose from one of these dependencies, I'm not sure. If pinning explicitly the latest |
Very interesting! If you could explained the process of pinning the latest in your package.json I would be thankful and more than happy to get it done asap! |
I was thinking of adding
This is interesting however as it's showing me that it's our dependency So contacting the maintainer to update their dependency to |
This is the only alternative I could find, https://socket.dev/npm/package/md-spell it says it is loosely based on lukeapage's node-markdown. I'm not sure this would accomplish exactly what you're looking for. Pertaining to the ugprade some users experiencing this issue in the past have commented that running npm upgrade solved the issue I would recommend at least trying this but as mentioned earlier there may be some issues if you're not wanting to upgrade specific packages. Multiple users responded to the recommendation stating that had worked for their situation. |
Which means "any version between 0.7.0 and 1", so this prevents us from getting the latest https://www.npmjs.com/package/md-spell has no link to a github repository, so I'm not sure where the code lives. There is a Tab |
I see, great catch I believe you're correct about jumping to another abandoned project. I believe I don't have sufficient knowledge to assist further with this but thank you for letting me have the chance to help you! I hope I can assist with other contributions in the future. If you find anything more on this npm audit and I can help I'll be ecstatic to help out! |
I think the
It might require some configuring to have it spellcheck only the markdown files, but this guide might be helpful: https://tjaddison.com/blog/2021/02/spell-checking-your-markdown-blog-posts-with-cspell/ I don't have time right now to dig deeper, but happy to help you @MarkovianPD if you want to pursue this issue :) |
@ilu Thank you for chiming in! I'll take a look at it when I can and see if any of it makes sense haha I'd love to crack the case and get it solved! |
Thank you all for the help trying to get to the bottom of this! I've taken a read up on the cspell blog post and I believe this is beyond my expertise at the moment. |
No worries @MarkovianPD, thank you for having a look. Please drop by again to see if any new issues would be suitable for you :) |
as we are moving the documentation to docs.frameright.io
FYI the spellchecker is now gone but we still have some |
My mistake, I had forgotten to actually remove the dependency. Now the remaining |
At the moment, NPM detects a high severity vulnerability in one of our dependency. However
npm audit fix
doesn't help:The text was updated successfully, but these errors were encountered: