New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bug: There are a High Vulnerability on marked dependences #112

Closed

nternouski opened this issue Jan 19, 2022 · 1 comment

Labels

bug

nternouski commented Jan 19, 2022

There are a High Vulnerability on marked dependences

version (md-to-pdf -v): "^5.0.1"
platform (Unix, macOS, Windows): Windows
node version: v12

npm audit return this:

marked  <4.0.10
Severity: high
Inefficient Regular Expression Complexity in marked - https://github.com/advisories/GHSA-5v2h-r2cx-5xgj
fix available via `npm audit fix --force`
Will install md-to-pdf@1.1.0, which is a breaking change
node_modules/marked
  md-to-pdf  >=2.1.4
  Depends on vulnerable versions of listr
  Depends on vulnerable versions of marked
  node_modules/md-to-pdf

Can someone update de dependences? Thx

The text was updated successfully, but these errors were encountered:

nternouski added the bug label

humble-barnacle001 mentioned this issue

Update marked to resolve CVE-2022-21681 #113

Closed

simonhaenisch closed this as completed in

80083a8

Owner

simonhaenisch commented Jan 21, 2022

Released as 5.0.2.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment