jpbberry
commented
3 years ago I think, but I might be wrong so I'd appreciate @Xetera's input. But that's being added just due to jsdocs generator. But we don't actually use jsdoc we only statically convert js to markdown files. So this isn't something major that requires a bump or anything. Especially since we plan on moving from jsdoc to typedoc soon so the dependency will be completely gone. Thanks for the concern though!
moyshik7
I'm sure it's already fixed on your side (It showed a huge notification on my package)
But just to be sure npm shows this issue called Arbitrary Code Execution vulnerability error on the package
underscore.It's auto fixable with
npm update jsdoc --depth 3ornpm audit --fixor simply changing the version of theunderscorepackage from v1.13 to 1.12 (1.12 was safe if I remember.If you've already done it then feel free to ignore this message. Have a nice day ☺️😊