Security issue in Swig uglify dependency - Swig uglify依赖关系中的安全问题

[orcmid]

Security Notification

This a fixed (no ^) dependency in swig 1.4.2. Swig is no longer maintained. Only Swig requires uglify-js.

Question

I do not believe the vulnerability applies to the embedded Hexo dependency. I am prepared to remove the warning.

Can the Swig dependency be removed in order to have a clean security analysis?

[Google Translate}

##安全通知##

https://user-images.githubusercontent.com/3372580/33781531-d554638a-dc09-11e7-8771-0d170d3c8daf.png

这是swig 1.4.2中的一个固定的（no ^）依赖。 Swig不再维护。 只有Swig需要uglify-js。

题

我不相信这个漏洞适用于嵌入式的Hexo依赖。 我准备取消这个警告。

Swig依赖关系是否可以被删除以便进行干净的安全分析？

[NoahDragon]

We also plan to remove swig in Hexo 4 as it is deprecated. You are right, this vulnerability doesn't apply to Hexo unless using it as a server 😄 .