You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The text was updated successfully, but these errors were encountered:
seintun
changed the title
Upcoming release plan for v4.0.0? Security vulnerabilities exist in the current v3.6.6 through marked and underscore
Upcoming release plan for v4.0.0/3.6.7? Security vulnerabilities exist in the current v3.6.6 through marked and underscore
Apr 23, 2021
dae
added a commit
to ankitects/anki
that referenced
this issue
May 7, 2021
Unfortunately we're still stuck with a security alert about underscore,
because the latest jsdoc uses an old underscore, and protobufjs depends
on it.
jsdoc/jsdoc#1908
Hello jsdoc maintainers/community!
Is there any upcoming planned release for v4.0.0? I saw a couple efforts and activities for v4.0.0 dev.
Raising the security vulnerability concerns for the community in the latest published
v3.6.6
withunderscore@1.10.2
andmarked@0.8.2
.I noticed these libraries were removed in the master branch already, but not yet available in published form.
Just noticed this helpful PR after posting: #1906
Thank you in advance!
References:
https://snyk.io/test/npm/jsdoc/3.6.6
https://snyk.io/vuln/SNYK-JS-MARKED-584281
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-23358
The text was updated successfully, but these errors were encountered: