Dependency package "marked" is vulnerable to "Regular Expression Denial of Service"

*From @applitopia on Sun, 19 Nov 2017 07:18:17 GMT*


### What happened

The dev dependency report at [https://david-dm.org/facebook/immutable-js?type=dev](https://david-dm.org/facebook/immutable-js?type=dev) shows that `marked` package is vulnerable to **"Regular Expression Denial of Service"**.

Additional information can be found at [https://nodesecurity.io/advisories/531](https://nodesecurity.io/advisories/531) and at [https://github.com/chjj/marked/issues/937](https://github.com/chjj/marked/issues/937).

Even though this type of security issue is probably not a concern on dev dependency it would be nice if we could get rid of it to have a clean report.



### How to reproduce

Check the dev dependency report at [https://david-dm.org/facebook/immutable-js?type=dev](https://david-dm.org/facebook/immutable-js?type=dev).




*Copied from original issue: https://github.com/immutable-js/immutable-js/issues/1448*

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Dependency package "marked" is vulnerable to "Regular Expression Denial of Service" #61

What happened

How to reproduce

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Dependency package "marked" is vulnerable to "Regular Expression Denial of Service" #61

Description

What happened

How to reproduce

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions