vulnerable package marked #280
Comments
petebacondarwin
added a commit
to petebacondarwin/dgeni-packages
that referenced
this issue
May 6, 2019
The previous version of `marked` was vulnerable to a [ReDoS](https://app.snyk.io/vuln/SNYK-JS-MARKED-174116) attack. BREAKING CHANGES There are a few relevant breaking changes with this latest version of `marked`. This only affects usage of the `renderMarkdown()` service and the `marked` nunjucks filter. Take a look through the [marked release notes](https://github.com/markedjs/marked/releases) and check if this affects you. Fixes angular#280
petebacondarwin
added a commit
to petebacondarwin/dgeni-packages
that referenced
this issue
Jul 12, 2019
The previous version of `marked` was vulnerable to a [ReDoS](https://app.snyk.io/vuln/SNYK-JS-MARKED-174116) attack. BREAKING CHANGES There are a few relevant breaking changes with this latest version of `marked`. This only affects usage of the `renderMarkdown()` service and the `marked` nunjucks filter. Take a look through the [marked release notes](https://github.com/markedjs/marked/releases) and check if this affects you. Fixes angular#280
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
You have old version vulnerable package marked
https://app.snyk.io/vuln/SNYK-JS-MARKED-174116
Upgrade package to 0.6.2
The text was updated successfully, but these errors were encountered: