docsify-cli Security Vulnerabilities

Security Vulnerabilities

Open bennycode opened this issue 2 years ago • 4 comments

trafficstars

I installed docsify-cli v4.4.4 and got several security reports in my repo:

Inefficient Regular Expression Complexity in marked: [email protected] requires marked@^1.2.9 via a transitive dependency on [email protected] [email protected] requires marked@^4.3.0
Got allows a redirect to a UNIX socket: [email protected] requires got@^9.6.0 via a transitive dependency on [email protected]
Regular Expression Denial of Service (REDoS) in Marked: [email protected] requires marked@^1.2.9 via a transitive dependency on [email protected] [email protected] requires marked@^4.3.0

Aug 14 '23 08:08 bennycode

Same +1

Aug 20 '23 05:08 yonjans

Same +1, for marked it now says "The earliest fixed version is 4.0.10."

For got "Got allows a redirect to a UNIX socket" the earliest fixed version is 11.8.5

Feb 24 '24 00:02 adamlui

update-notifier is resulting in a got vulnerability. I honestly cannot understand why this CLI even needs an update notifier, or such extra fancy features as direct dependencies.

Apr 21 '24 12:04 prabhu

docsify-cli docsify-cli copied to clipboard

Security Vulnerabilities

docsify-cli
docsify-cli copied to clipboard