Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security Vulnerabilities #206

Open
bennycode opened this issue Aug 14, 2023 · 3 comments
Open

Security Vulnerabilities #206

bennycode opened this issue Aug 14, 2023 · 3 comments

Comments

@bennycode
Copy link

I installed docsify-cli v4.4.4 and got several security reports in my repo:

  • Inefficient Regular Expression Complexity in marked: docsify-cli@4.4.4 requires marked@^1.2.9 via a transitive dependency on docsify@4.13.1 typedoc@0.24.8 requires marked@^4.3.0
  • Got allows a redirect to a UNIX socket: docsify-cli@4.4.4 requires got@^9.6.0 via a transitive dependency on package-json@6.5.0
  • Regular Expression Denial of Service (REDoS) in Marked: docsify-cli@4.4.4 requires marked@^1.2.9 via a transitive dependency on docsify@4.13.1 typedoc@0.24.8 requires marked@^4.3.0
@yonjans
Copy link

yonjans commented Aug 20, 2023

Same +1

@adamlui
Copy link

adamlui commented Feb 24, 2024

Same +1, for marked it now says "The earliest fixed version is 4.0.10."

For got "Got allows a redirect to a UNIX socket" the earliest fixed version is 11.8.5

@prabhu prabhu mentioned this issue Apr 21, 2024
Closed
@prabhu
Copy link

prabhu commented Apr 21, 2024
edited

update-notifier is resulting in a got vulnerability. I honestly cannot understand why this CLI even needs an update notifier, or such extra fancy features as direct dependencies.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@prabhu @bennycode @adamlui @yonjans