SoftwareBrothers
High vulnerability issue
Better-docs is using outdated version of vue-docgen-api, that has known high severity vulnerability. This issue cannot be automatically resolved with npm audit fix.
I can confirm this Environment: Ubuntu 20 , npm 7.16
pug <3.0.1
Severity: high
Remote Code Execution - https://npmjs.com/advisories/1643
fix available via npm audit fix --force
Will install [email protected], which is a breaking change
node_modules/pug
vue-docgen-api 3.0.0 - 4.28.1
Depends on vulnerable versions of pug
node_modules/vue-docgen-api
better-docs >=1.3.0-beta.1
Depends on vulnerable versions of vue-docgen-api
node_modules/better-docs
Still not solved to this day.
The workaround is that i use the version 1.2.2, if you think that your project is not suitable for this, you can go for other alternatives, if you know something about, please tell on this issue.
This plugin is only used when docs are parsed in a VueJs app. I mostly work on back-end NodeJs, React and Svelte apps and don't have my bearings with VueJs. Does anyone following this thread work in Vue and have an app with thorough docs in place that they can test out a ^4.0.0 of vue-docgen-api on a locally cloned version of this repo?
Any updates on this? Did anybody experience any issues because of this vulnerability?
