sassdoc icon indicating copy to clipboard operation
sassdoc copied to clipboard
verified publisher icon SassDoc

Remove vulnerable `update-notifier` dependency

Open mhassan1 opened this issue 3 years ago • 0 comments

update-notifier@5 has a transitive dependency on got@9, which has an open vulnerability that will not be backported. See https://snyk.io/test/npm/sassdoc/2.7.4#SNYK-JS-GOT-2932019.

One potential solution: replace update-notifier with simple-update-notifier (nodemon has done that: https://github.com/remy/nodemon/pull/2033).

mhassan1 avatar Jul 11 '22 20:07 mhassan1