docsifyjs / docsify-cli

🖌 docsify cli tool - A magical documentation generator.
https://cli.docsifyjs.org
MIT License
721 stars 153 forks source link

Security Vulnerabilities #206

Open bennycode opened 1 year ago

bennycode commented 1 year ago

I installed docsify-cli v4.4.4 and got several security reports in my repo:

yonjans commented 1 year ago

Same +1

adamlui commented 9 months ago

Same +1, for marked it now says "The earliest fixed version is 4.0.10."

For got "Got allows a redirect to a UNIX socket" the earliest fixed version is 11.8.5

prabhu commented 7 months ago

update-notifier is resulting in a got vulnerability. I honestly cannot understand why this CLI even needs an update notifier, or such extra fancy features as direct dependencies.

erika9star commented 2 months ago

The fixed version of update-notifier is incompatible with docsify-cli (ECMAscript vs vanilla JS). Removing update-notifier is probably the easiest way to eliminate the vulnerabilities.