Component Comment.jsx is using an insecure method to sanitize input --could suffer XSS atacks

It is using the option sanitize of the library marked, as seen at:

react-webpack-rails-tutorial/client/app/bundles/comments/components/CommentBox/CommentList/Comment/Comment.jsx

Line 16 in 7feaf74

const rawMarkup = marked(text, { gfm: true, sanitize: true });

However that library warns at https://marked.js.org/using_advanced#options:

Warning: This feature is deprecated and it should NOT be used as it cannot be considered secure.
Instead use a sanitize library, like DOMPurify (recommended), sanitize-html or insane on the output HTML!