We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
When I installing documentation@14.0.0:
npm audit report parse-url <=8.0.0 Severity: critical parse-url parses http URLs incorrectly, making it vulnerable to host name spoofing - GHSA-pqw5-jmp5-px4v Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url - GHSA-j9fq-vwqv-2fm2 fix available via npm audit fix --force Will install documentation@3.0.4, which is a breaking change node_modules/parse-url git-up <=6.0.0 Depends on vulnerable versions of parse-url node_modules/git-up git-url-parse 4.0.0 - 12.0.0 Depends on vulnerable versions of git-up node_modules/git-url-parse documentation >=4.0.0-beta Depends on vulnerable versions of git-url-parse node_modules/documentation 4 vulnerabilities (3 moderate, 1 critical) To address all issues (including breaking changes), run: npm audit fix --force └─┬ documentation@14.0.0 └─┬ git-url-parse@12.0.0 └─┬ git-up@6.0.0 └── parse-url@7.0.2
npm audit fix --force
Could you check these vulnerabilities, and update module versions?
The text was updated successfully, but these errors were encountered:
chore: upgrade git-url-parse to 13.1.0
39bec2c
Fixes: documentationjs#1558 Signed-off-by: Lance Ball <lball@redhat.com>
chore: upgrade git-url-parse to 13.1.0 (#1565)
97e9361
Fixes: #1558 Signed-off-by: Lance Ball <lball@redhat.com> Signed-off-by: Lance Ball <lball@redhat.com>
Successfully merging a pull request may close this issue.
When I installing documentation@14.0.0:
Could you check these vulnerabilities, and update module versions?
The text was updated successfully, but these errors were encountered: