jaredwray
commented
4 months ago @hkjeffchan - thanks and we will look into this but most likely will need to just remove helper-md as it looks like a dead project.
Closed hkjeffchan closed 3 months ago
jaredwray
commented
4 months ago @hkjeffchan - thanks and we will look into this but most likely will need to just remove helper-md as it looks like a dead project.
jaredwray
commented
3 months ago closing this as moved it to fumanchu
lodash.template * Severity: high Command Injection in lodash - https://github.com/advisories/GHSA-35jh-r3h4-6jhm fix available via npm audit fix node_modules/lodash.template gulp-header >=1.8.10 Depends on vulnerable versions of lodash.template node_modules/gulp-header
2 high severity vulnerabilities
└─┬ @jaredwray/fumanchu@1.3.0 └─┬ helper-md@0.2.2 └─┬ remarkable@1.7.4 └─┬ autolinker@0.28.1 └─┬ gulp-header@1.8.12 └── lodash.template@4.5.0
helper-md stills depends on lodash.template@4.5.0