Old version of `remark-parse` dependency has security vulnerability

[rootwork]

I get the impression this project is no longer actively maintained, but I'm hoping an exception might be made for a dependency version bump to address a security vulnerability.

The version of remark-parse used by modern-node is old; 5.0.0 while the current version is (as of this writing) 10.0.1.

This old version of remark-parse in turn has a dependency on an old version of trim, which has a security vulnerability: CVE-2020-7753.

Please consider:

• bumping your dependency on remark-parse to 10.0.1 (or possibly earlier versions if you wanted), or
• manually overriding the dependency on trim to >=0.0.3

Thanks for this helpful project!

[rootwork]

After reading https://overreacted.io/npm-audit-broken-by-design/ and the CVE I'm going to close this -- the vulnerability assumes a hostile actor passing data to trim (via remark-parse, via modern-node). Given that modern-node is meant to run in your own project, on your own machine, that's not really a realistic vector (someone with access to your machine can do a lot more than overrun buffers) and thus not really a concern.

Apologies for opening this; have learned more about the deficiencies of npm audit in the process.