Expecting a new release from develop branch to resolve marked dependency vulnerabilities

[somnathpathak]

Bug Report

Steps to reproduce

npm install docsify
npm audit

Current behaviour

Bump the marked devDependency to 4.2.12 in new release

Expected behaviour

Currently, marked is at 1.2.9 which results in following vulnerabilities:

• Regular Expression Denial of Service (REDoS) in Marked - GHSA-4r62-v4vq-hr96
• Inefficient Regular Expression Complexity in marked - GHSA-rrrm-qjm4-v8hf
• Inefficient Regular Expression Complexity in marked - GHSA-5v2h-r2cx-5xgj

Other relevant information

• Docsify version: 4.13.1

• Bug still occurs when all/other plugins are disabled?

• Docsify plugins (if the bug happens when plugins enabled, please try to isolate the issue):

Please create a reproducible sandbox

Mention the docsify version in which this bug was not present (if any)

develop branch. NOT YET RELEASED.

[somnathpathak]

@jhildenbiddle @QingWei-Li Could you please look into this.

[trusktr]

Hi, thanks for getting involved!

Its nice to be up to date with libraries, but if you had an issue with this, you can easily change the offending markup in your markdown.

It would be far more valuable to know what problem you specifically face, if anything, rather than just assuming that posting npm audit results is always meaningful.

We will release when ready.

In the meantime, if you have an actual problem with a piece of markdown, please open another issue.