New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Potential security vulnerability #116

Open

crishpeen opened this issue Feb 2, 2018 · 1 comment

Member

crishpeen commented Feb 2, 2018

We have been reported this issue:

We found a potential security vulnerability in a repository which you have been granted security alert access.

@visionappscz visionappscz/bootstrap-ui
Known moderate severity security vulnerability detected in marked < 0.3.7 defined in package-lock.json.
package-lock.json update suggested: marked ~> 0.3.7.

However marked isn't direct BUI dependency. Its is dependency of https://github.com/kss-node/kss-node/ which is dependency of https://github.com/kss-node/grunt-kss which is finally direct dependency of BUI.

There is already issue in upstream http://github.com/kss-node/kss-node/issues/447

Maybe we should give up on kss, because it causes troubles all the time.

The text was updated successfully, but these errors were encountered:

Member

adamkudrna commented Feb 5, 2018

Only affects docs generation tool, does not compromise the library itself.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment