Security vulnerabilities with jsdoctypeparser and lodash

Question

Security vulnerabilities with jsdoctypeparser and lodash

Closed this issue 4 years ago · 1 comments

stebl commented 4 years ago

Hi,

NPM audit shows security vulnerabilities in this package stemming from jsdoctypeparser and lodash.

jsdoctypeparser has fixed the issue, can dox be updated to pick up the changes?

dox is currently using jsdoctypeparser ^1.2.0 when latest jsdoctypeparser is on 9.0.0

I attempted the version bump locally and it broke many tests. It is probably out of my scope to address the issue.

Answer 1 · 2020-10-02T20:33:12.000Z

See #187 and #190. jsdoctypeparser performed a total API change in version 2, and updating to it is not a simple fix. If someone wants to do the work, then I'll happily take a PR, but personally I'm inclined to mark this library as deprecated. There are other tools out there now that are better equipped to do this kind of parsing.