New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

⚠️ Solve underscore vulnerability #29

Closed

3 tasks done

martijnversluis opened this issue Oct 13, 2021 · 1 comment

Closed

3 tasks done

⚠️ Solve underscore vulnerability #29

martijnversluis opened this issue Oct 13, 2021 · 1 comment

Milestone

Collaborator

martijnversluis commented Oct 13, 2021 •

edited

Loading

On ChordSheetJS, there is a transitive dependency on a version of underscore which is affected by CVE-2021-23358:

jsdoc-to-markdown 7.0.1
  jsdoc-api ^7.0.0
    jsdoc ^3.6.6
      underscore ~1.10.2

jsdoc 3.6.7 depends on underscore ~1.13.1, so we need to:

update jsdoc to 3.6.7 on jsdoc-api => Update jsdoc to 3.6.7 jsdoc2md/jsdoc-api#25
update jsdoc-api on jsdoc-to-markdown => Update jsdoc-api to 7.1.0 jsdoc2md/jsdoc-to-markdown#258
update jsdoc-to-markdown on ChordSheetJS => Update jsdoc-to-markdown to 7.1.0 martijnversluis/ChordSheetJS#384

The text was updated successfully, but these errors were encountered:

martijnversluis added this to the PC Editor MVP milestone

martijnversluis changed the title ~~Solve underscore vulnerability~~ 💡 Solve underscore vulnerability

martijnversluis changed the title ~~💡 Solve underscore vulnerability~~ ⚠️ Solve underscore vulnerability

isaiahdahl commented Oct 13, 2021

Seems like a no-brainer.

martijnversluis closed this as completed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment