search

visionappscz / bootstrap-ui

⚠️ IN MAINTENANCE MODE. Bootstrap UI is a Bootstrap extension for building beautiful web apps user interfaces.
http://www.bootstrap-ui.com
MIT License
63 stars 15 forks source link

Potential security vulnerability #116

Open crishpeen opened 6 years ago

crishpeen commented 6 years ago

We have been reported this issue:

We found a potential security vulnerability in a repository which you have been granted security alert access.

@visionappscz visionappscz/bootstrap-ui
Known moderate severity security vulnerability detected in marked < 0.3.7 defined in package-lock.json.
package-lock.json update suggested: marked ~> 0.3.7.

However marked isn't direct BUI dependency. Its is dependency of https://github.com/kss-node/kss-node/ which is dependency of https://github.com/kss-node/grunt-kss which is finally direct dependency of BUI.

There is already issue in upstream http://github.com/kss-node/kss-node/issues/447

Maybe we should give up on kss, because it causes troubles all the time.

adamkudrna commented 6 years ago

Only affects docs generation tool, does not compromise the library itself.