Closed amirmohsen closed 6 years ago
Why are all dependencies locked? https://github.com/esdoc/esdoc/commit/86cf2206f7b53b599091573f888b8403635d96ca
That's a good point. If your dependencies follow semver, you shouldn't have to lock them like that.
reported here too: https://github.com/esdoc/esdoc-plugins/issues/50
I am using ESDoc to generate documentation for my library. Github has given me an alert about a security issue with one of my dependencies, marked which is in fact a dependency of esdoc. Here's the result of running
npm ls marked
on my library:As you can see, both core and at least one of the plugins depend on it. Could you please upgrade marked to its latest version to address this security issue?