The latest version of codedoc/core is 0.2.23, which was made with commit 75207e8 on March 2. Shortly after that on March 11, PR #106 fixed a security issue with ansi_up. GitHub's dependabot is telling me about this security issue in my blog's repo, but I think I need a new release of codedoc/core to fix it.

Dependabot cannot update ansi_up to a non-vulnerable version
The latest possible version that can be installed is 4.0.4 because of the following conflicting dependency:

@codedoc/core@0.2.23 requires ansi_up@^4.0.4

The earliest fixed version is 5.0.0.

Can a new release of codedoc/code be made?

yep. will generally release a security-focused version (of codedoc and all related packages) this week.

fixed in @codedoc/core@0.2.24

Perfect. Now I have no Dependabot alerts. Thanks! :)

sorry for the delay, I was getting an influx of new alerts for a week, so I waited a bit for all the fixes to be rolled out.