marked dependency should be upgraded to fix vulnerabilities

Question

marked dependency should be upgraded to fix vulnerabilities

Closed this issue 5 years ago · 0 comments

When dotnetify-elements is installed into the project, npm audit currently reports that 'marked' should be upgraded to at least 0.7.0 and it can only be done by the author of dotnetify-elements.

                       === npm audit security report ===


                                 Manual Review
             Some vulnerabilities require your attention to resolve

          Visit https://go.npm.me/audit-guide for additional guidance


  Moderate        Regular Expression Denial of Service

  Package         marked

  Patched in      >=0.6.2

  Dependency of   dotnetify-elements

  Path            dotnetify-elements > marked

  More info       https://npmjs.com/advisories/812


  Low             Regular Expression Denial of Service

  Package         marked

  Patched in      >=0.7.0

  Dependency of   dotnetify-elements

  Path            dotnetify-elements > marked

  More info       https://npmjs.com/advisories/1076

The first vulnerability appears quite a long time ago. The second is much newer.