Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Potential security vulnerability #116

Open
crishpeen opened this issue Feb 2, 2018 · 1 comment
Open

Potential security vulnerability #116

crishpeen opened this issue Feb 2, 2018 · 1 comment

Comments

@crishpeen
Copy link
Member

We have been reported this issue:

We found a potential security vulnerability in a repository which you have been granted security alert access.

@visionappscz visionappscz/bootstrap-ui
Known moderate severity security vulnerability detected in marked < 0.3.7 defined in package-lock.json.
package-lock.json update suggested: marked ~> 0.3.7.

However marked isn't direct BUI dependency. Its is dependency of https://github.com/kss-node/kss-node/ which is dependency of https://github.com/kss-node/grunt-kss which is finally direct dependency of BUI.

There is already issue in upstream http://github.com/kss-node/kss-node/issues/447

Maybe we should give up on kss, because it causes troubles all the time.

@adamkudrna
Copy link
Member

Only affects docs generation tool, does not compromise the library itself.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants