search

asciidoctor / asciidoctor-kroki

Asciidoctor.js extension to convert diagrams to images using Kroki!
https://kroki.io/
MIT License
147 stars 50 forks source link

npm audit said there is a high vulnerability with >=0.16.0 and json5 #403

Closed patrickdung closed 1 year ago

patrickdung commented 1 year ago 
# npm audit report

json5  2.0.0 - 2.2.1
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix --force`
Will install asciidoctor-kroki@0.15.4, which is a breaking change
node_modules/json5
  asciidoctor-kroki  >=0.16.0
  Depends on vulnerable versions of json5
  node_modules/asciidoctor-kroki

2 high severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force

Please have a check, thanks.

ggrossetie commented 1 year ago

it will be fixed as part of https://github.com/ggrossetie/asciidoctor-kroki/pull/394