npm-audit-html depends on vulnerable versions of marked
jwtd opened this issue · 1 comments
jwtd commented
npm-audit-html is being flagged by...npm audit :D
Not a production dependency for me, but wanted to share.
$ npm audit
# npm audit report
marked 1.1.1 - 1.2.9
Severity: moderate
Regular Expression Denial of Service - https://npmjs.com/advisories/1623
fix available via `npm audit fix`
node_modules/marked
npm-audit-html >=1.4.2
Depends on vulnerable versions of marked
node_modules/npm-audit-html
whoisbob commented
Heya! I see a PR has been opened for this issue but the tests seem to be failing. Is anyone on the team able to take a look?