package.json dependency on "pure-gist-embed" involves a security vulnerability

Question

package.json dependency on "pure-gist-embed" involves a security vulnerability

Opened this issue 6 months ago · 2 comments

Apparently tui2tone/gist-embed (aka pure-gist-embed) hasn't been updated for several years now.
It pulls axios with a known security vulnerability:

Maybe it's time to replace it (?)

Answer 1 · 2024-08-27T09:14:16.000Z

do you have an alternative in mind? @igal1c0de4n

Answer 2 · 2024-08-29T06:29:17.000Z

sorry - I don't have sufficient experience with the desired functionality nor with packages which may replace it