-
-
Notifications
You must be signed in to change notification settings - Fork 154
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security Vulnerabilities #206
Comments
Same +1 |
Same +1, for marked it now says "The earliest fixed version is 4.0.10." For got "Got allows a redirect to a UNIX socket" the earliest fixed version is 11.8.5 |
update-notifier is resulting in a got vulnerability. I honestly cannot understand why this CLI even needs an update notifier, or such extra fancy features as direct dependencies. |
The fixed version of update-notifier is incompatible with docsify-cli (ECMAscript vs vanilla JS). Removing update-notifier is probably the easiest way to eliminate the vulnerabilities. |
I installed docsify-cli v4.4.4 and got several security reports in my repo:
The text was updated successfully, but these errors were encountered: