-
Notifications
You must be signed in to change notification settings - Fork 680
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Multiple security vulnerabilities in dependencies #978
Comments
Thanks for sharing, We'll update our dependencies before the next release which should help fix some of these. |
In the meantime I was able to circumvent this problem by adding this into my package.json:
|
Is the next release scheduled soon? Many teams have policies against using modules that have reported security vulnerabilities. This seems like a big deal to be open for nearly a month... |
Sorry, I'm working on some changes that I'm hoping to get into the next release but I may make an interim release. Most of the security vulnerabilities are things like minimatch so the security vulnerabilities aren't relevant in this use case but I recognize that those things are hard to sort out. |
Hi,
We use yarn and yarn audit in our build pipeline and by upgrading to the latest typedoc version (0.14.2), we have more than 20 vulnerabilities reported in the dependencies of typedoc. I have attached a JSON output containing the details.
audit.json.txt
The text was updated successfully, but these errors were encountered: