-
Notifications
You must be signed in to change notification settings - Fork 686
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
npm vulnerability reported #1009
Comments
@aciccarello |
Thanks for checking into this. TypeDoc should still pick up the latest patch so there shouldn't be an issue (GitHub doesn't report a vulnerability for marked on master) but we should update the package.json to ensure that a patched version is used. |
@aciccarello Is there any ETA for the |
1. Updated dependencies reported from running yarn audit. All high vulnerabilities have been fixed. The only remaining one is coming from typedoc and typedoc-neo-theme. According to TypeStrong/typedoc#1009 this issue has already been reported. Bug: 131167989 Change-Id: I974afeb03cfc398af4e8524fb3135200aa9d1c68
Closing in favor of #994 |
@Gerrit0 why was this closed in favor of #994? I don't see any mention of the Unfortunately, I'm in the same predicament as @jeremymeng... our company has policies against using packages with vulnerabilities, and I need to go ahead and remove it from my repos :/ |
Sorry about that, reopening. While the fix for To try to mitigate this issue at least partially I'm setting up a mirror package ( |
Using yarn and its selective dependency resolutions you can work around this by adding the following to your package.json:
|
Any idea when the next release will be published? I just downloaded TypeDoc today and noticed the vulnerability. I don't think NPM supports |
Based on the latest release, I think this can be closed? |
Yep, this has been fixed with 0.15.0 |
Dear,
The latest stable release and the new (beta?) release are both vulnerable.
The text was updated successfully, but these errors were encountered: