New codedown release on npm
dhanvi opened this issue · 2 comments
dhanvi commented
npm audit is failing with a moderate vulnerability, the dependency is updated in the repo, releasing new package on npm should fix this error.
=== npm audit security report ===
┌──────────────────────────────────────────────────────────────────────────────┐
│ Manual Review │
│ Some vulnerabilities require your attention to resolve │
│ │
│ Visit https://go.npm.me/audit-guide for additional guidance │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ marked │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=0.6.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ codedown │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ codedown > marked │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/812 │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 1 moderate severity vulnerability in 3 scanned packages
1 vulnerability requires manual review. See the full report for details.
earldouglas commented
This vulnerability (and a few others) have been addressed in version 2.1.7, which is now up on npm.
Thanks for the report, and apologies for the delayed response!
dhanvi commented
Thank You!