underscore.js dependency: security warning

[Ben Hourahine]

Hi,

Thanks for this excellent tool!

We use it for various things in a quantum chemistry tool-chain, but have recently received a warning from github's dependabot scanning about one of the packages upstream from you:  underscore.js has a security announcement ( CVE-2021-23358 ) for arbitrary code execution. Unfortunately this is fixed in underscore 1.12.1, but Sphinx-4.0.1 is still on 1.12.0.

Regards

Ben

[Komiya Takeshi]

Hi,

Thank you for letting us know. I'll upgrade it on 4.0.2 soon (will be
released this weekend).

Thanks,
Takeshi KOMIYA

2021年5月12日(水) 22:29 Ben Hourahine <bhour...@gmail.com>:

> --
> You received this message because you are subscribed to the Google Groups "sphinx-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to sphinx-users...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/sphinx-users/8d539903-4300-4162-afc6-c08a8e741d19n%40googlegroups.com.

[Ben Hourahine]

Great, thank you!

Incidentally, any tips on upgrading an existing Sphinx project to a newer releases?  (In the past, we've tended to populate a fresh quickstart template.)

Regards

Ben

[Start Export]

hi thank you 

great work 

im appy to learn with 

blessing

To view this discussion on the web visit https://groups.google.com/d/msgid/sphinx-users/8a049b75-ad1d-4ffc-a7ac-4fcb2bebb0bfn%40googlegroups.com.

[Komiya Takeshi]

I think there is nothing to do on upgrading Sphinx basically. If you
have time, I recommend you to read the CHANGES file to understand
breaking change.

Thanks,
Takeshi KOMIYA

2021年5月13日(木) 3:29 Ben Hourahine <bhour...@gmail.com>:

> To view this discussion on the web visit https://groups.google.com/d/msgid/sphinx-users/8a049b75-ad1d-4ffc-a7ac-4fcb2bebb0bfn%40googlegroups.com.