A known security vulnerabilities in your dependencies. #2919

BBBOND · 2017-12-18T07:43:28Z

Environment Info

Node version(node -v):
v9.2.0

For BUG

Github show a vulnerability alerts.
I push package-lock.json to the dependency.

For question

hexo(3.4.3) --> swig(1.4.2) --> uglify-js(2.4.24)

For feature request

The text was updated successfully, but these errors were encountered:

NoahDragon · 2017-12-19T03:42:12Z

Thanks for point this out. We don't think this vulnerability applies to Hexo, unless using it as a server.

#2895

Fixes #2939 Fixes #2919

Fixes hexojs#2939 Fixes hexojs#2919

JLHwung added a commit that referenced this issue Jan 7, 2018

refactor(swig): replace swig by swig-templates

db1bb1e

Fixes #2939 Fixes #2919

JLHwung mentioned this issue Jan 7, 2018

refactor(swig): replace swig by swig-templates #2949

Merged

2 tasks

JLHwung closed this as completed in #2949 Jan 14, 2018

thom4parisot pushed a commit to thom4parisot/hexo that referenced this issue Jan 17, 2020

refactor(swig): replace swig by swig-templates

ad77417

Fixes hexojs#2939 Fixes hexojs#2919

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

A known security vulnerabilities in your dependencies. #2919

A known security vulnerabilities in your dependencies. #2919

BBBOND commented Dec 18, 2017

NoahDragon commented Dec 19, 2017

A known security vulnerabilities in your dependencies. #2919

A known security vulnerabilities in your dependencies. #2919

Comments

BBBOND commented Dec 18, 2017

Environment Info

For BUG

For question

For feature request

NoahDragon commented Dec 19, 2017