Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

markdown-it is possibly vulnerable to ReDOS in newline rule #1423

Closed
mfranzke opened this issue Feb 3, 2022 · 0 comments · Fixed by #1424
Closed

markdown-it is possibly vulnerable to ReDOS in newline rule #1423

mfranzke opened this issue Feb 3, 2022 · 0 comments · Fixed by #1424
Assignees
@mfranzke
Labels
core fix / refactor 🚧

Comments

@mfranzke
Copy link
Contributor

mfranzke commented Feb 3, 2022

I am using Pattern Lab Node v5.16.1 on Mac, with Node v12.13.1, using a Node Handlebars Edition.

Expected Behavior

After installation, there shouldn't be any vulnerabilities warnings.

Actual Behavior

The output currently shows some in the output on consuming setups.

There has already been a security fix release by the related dependency markdown-it: https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md#1232---2022-01-08

Steps to Reproduce

Do a regular npm install within an existing installation.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mfranzke mfranzke

Labels
core fix / refactor 🚧
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

refactor: updated markdown-it dependency mfranzke/patternlab-node
1 participant
@mfranzke