docker icon indicating copy to clipboard operation
docker copied to clipboard
verified publisher icon jbt

dox 0.8.1 dependency vulnerability

Open leviwheatcroft opened this issue 8 years ago • 0 comments

My repo's with docker in the package-lock are showing a security vulnerability for marked < 0.3.9:

  • https://nvd.nist.gov/vuln/detail/CVE-2017-17461
  • https://nvd.nist.gov/vuln/detail/CVE-2017-1000427

The dependency is docker > dox@^0.8.0 > marked

[email protected] switched to markdown-it for markdown. The version release message notes that this might be a breaking change as markdown output would change.

Any thoughts about what problems we might encounter upgrading to [email protected] ?

leviwheatcroft avatar Jan 12 '18 03:01 leviwheatcroft