Security vulnerabilities with jsdoctypeparser and lodash
Closed this issue · 1 comments
stebl commented
Hi,
NPM audit shows security vulnerabilities in this package stemming from jsdoctypeparser
and lodash
.
jsdoctypeparser
has fixed the issue, can dox
be updated to pick up the changes?
dox
is currently using jsdoctypeparser
^1.2.0 when latest jsdoctypeparser
is on 9.0.0
I attempted the version bump locally and it broke many tests. It is probably out of my scope to address the issue.
Twipped commented
See #187 and #190. jsdoctypeparser performed a total API change in version 2, and updating to it is not a simple fix. If someone wants to do the work, then I'll happily take a PR, but personally I'm inclined to mark this library as deprecated. There are other tools out there now that are better equipped to do this kind of parsing.