Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[VUL] #1411

Open
GuillermoDoradoVide opened this issue Nov 13, 2023 · 2 comments
Open

[VUL] #1411

GuillermoDoradoVide opened this issue Nov 13, 2023 · 2 comments
Assignees
@vogloblinsky
Labels
Type: Bug

Comments

@GuillermoDoradoVide
Copy link

I'm getting a vulnerability report on the version of the vis.min.js library resource being used by compodoc. The moment.js versin that's beeing used is 2.19.1 and that is what is triggering the vulnerability.
Can it be updated to 2.19.3 or higher? or maybe explained why it's being triggered?
@vogloblinsky
Copy link
Contributor

hello,
you talk first about vis.min.js and after moment.js which it seems not be used by compodoc

@json-derulo
Copy link

They are both used by Compodoc. vis is a direct dependency of this project. vis has a dependency to moment.js.

It seems like those packages were introduced by this commit: 28cb2ea

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vogloblinsky vogloblinsky

Labels
Type: Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@vogloblinsky @GuillermoDoradoVide @json-derulo