Security vulnerability in esdoc-publish-html-plugin using marked@0.3.19
Opened this issue · 0 comments
zachawilson commented
Both esdoc and esdoc-publish-html-plugin depend on 'marked', which has a security warning in the npm audit report.
Please upgrade to >=0.6.2 of marked to resolve this audit failure.
See: https://nodesecurity.io/advisories/812 for more information
npm audit --registry https://registry.npmjs.org
=== npm audit security report === Manual Review Some vulnerabilities require your attention to resolve Visit https://go.npm.me/audit-guide for additional guidance Moderate Regular Expression Denial of Service Package marked Patched in >=0.6.2 Dependency of esdoc [dev] Path esdoc > marked More info https://nodesecurity.io/advisories/812 Moderate Regular Expression Denial of Service Package marked Patched in >=0.6.2 Dependency of esdoc-standard-plugin [dev] Path esdoc-standard-plugin > esdoc-publish-html-plugin > marked More info https://nodesecurity.io/advisories/812 found 2 moderate severity vulnerabilities in 859520 scanned packages 2 vulnerabilities require manual review. See the full report for details.