New release with ansi_up fix
TysonMN opened this issue · comments
The latest version of codedoc/core
is 0.2.23
, which was made with commit 75207e8 on March 2. Shortly after that on March 11, PR #106 fixed a security issue with ansi_up
. GitHub's dependabot is telling me about this security issue in my blog's repo, but I think I need a new release of codedoc/core
to fix it.
Dependabot cannot update ansi_up to a non-vulnerable version
The latest possible version that can be installed is 4.0.4 because of the following conflicting dependency:@codedoc/core@0.2.23 requires ansi_up@^4.0.4
The earliest fixed version is 5.0.0.
Can a new release of codedoc/code
be made?
yep. will generally release a security-focused version (of codedoc and all related packages) this week.
fixed in @codedoc/core@0.2.24
Perfect. Now I have no Dependabot alerts. Thanks! :)
sorry for the delay, I was getting an influx of new alerts for a week, so I waited a bit for all the fixes to be rolled out.