We have been reported this issue:
We found a potential security vulnerability in a repository which you have been granted security alert access.
@visionappscz visionappscz/bootstrap-ui
Known moderate severity security vulnerability detected in marked < 0.3.7 defined in package-lock.json.
package-lock.json update suggested: marked ~> 0.3.7.
However marked isn't direct BUI dependency. Its is dependency of https://github.com/kss-node/kss-node/ which is dependency of https://github.com/kss-node/grunt-kss which is finally direct dependency of BUI.
There is already issue in upstream http://github.com/kss-node/kss-node/issues/447
Maybe we should give up on kss, because it causes troubles all the time.
We have been reported this issue:
However
markedisn't direct BUI dependency. Its is dependency of https://github.com/kss-node/kss-node/ which is dependency of https://github.com/kss-node/grunt-kss which is finally direct dependency of BUI.There is already issue in upstream http://github.com/kss-node/kss-node/issues/447
Maybe we should give up on
kss, because it causes troubles all the time.