Fix security vulnerabilities for latest 3.6.6 release #1906
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
These commits fixes multiple security vulnerabilities with the latest stable release of JSDoc. It would be really helpful to get a a new bugfix release for the 3.6 line with these security vulnerabilities adressed.
For PROD dependencies:
update to a 1.x version not possible as these have multiple other vulnerabilities
For DEV dependencies - i know they are not exported for other projects using this, but as the
package-lock.json
is commited into this repository for all others to use the same version i updated them to safe version too (minor bugfix releases only):I did rin the test cases and tested it with our own projects to generate documentation and found no problems. For the smaller
underscore
update there should not be any problem, the update formarked
has a new major release 0.8 -> 2.0 but it seems to work so far without any code changes needed.