pidoc/core: Security vulnerability in markdown-it

Question

pidoc/core: Security vulnerability in markdown-it

Closed this issue 10 months ago · 2 comments

Black Duck reports a security vulnerability in markdown-it 12.3.2 which is used in our project, matching the version identifier for markdown-it in pidoc/core, ^12.0.6.
It is reported to be fixed with markdown-it 13.0.2.
Could you please update the dependencies accordingly?

pidoc/core 0.18.0
CWE-400, CWE-835

Answer 1 · 2024-04-25T06:53:32.000Z

Sure - consider it done :)

Answer 2 · 2024-04-25T13:37:58.000Z

With latest pidoc/core 0.18.1 I am getting a type error with flexsearch:

ERROR in ./src/codegen/search.codegen
Module build failed (from ../../parcel-codegen-loader/lib/index.js):
TypeError: FlexSearch is not a constructor
    at createSearch (<projectdir>\node_modules\@pidoc\core\src\tools\search.js:8:17)

Pinning flexsearch to 0.27.1 (as suggested in other posts) did not help.
nextapps-de/flexsearch#341