Security issue in Swig uglify dependency - Swig uglify依赖关系中的安全问题 #2895
Comments
7 tasks
|
We also plan to remove swig in Hexo 4 as it is deprecated. You are right, this vulnerability doesn't apply to Hexo unless using it as a server 😄 . |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Security Notification
This a fixed (no ^) dependency in swig 1.4.2. Swig is no longer maintained. Only Swig requires uglify-js.
Question
I do not believe the vulnerability applies to the embedded Hexo dependency. I am prepared to remove the warning.
Can the Swig dependency be removed in order to have a clean security analysis?
[Google Translate}
##安全通知##
https://user-images.githubusercontent.com/3372580/33781531-d554638a-dc09-11e7-8771-0d170d3c8daf.png
这是swig 1.4.2中的一个固定的(no ^)依赖。 Swig不再维护。 只有Swig需要uglify-js。
题
我不相信这个漏洞适用于嵌入式的Hexo依赖。 我准备取消这个警告。
Swig依赖关系是否可以被删除以便进行干净的安全分析?
The text was updated successfully, but these errors were encountered: