Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerabilities on the package "marked" #1847

Closed
codespede opened this issue Jan 16, 2022 · 3 comments
Closed

Vulnerabilities on the package "marked" #1847

codespede opened this issue Jan 16, 2022 · 3 comments
Labels
bug Functionality does not match expectation

Comments

@codespede
Copy link

The current version of typedoc comes with version 3.x.x of "marked" and causes the below vulnerabilities:

GHSA-rrrm-qjm4-v8hf
high severity
Vulnerable versions: < 4.0.10
Patched version: 4.0.10

GHSA-5v2h-r2cx-5xgj
high severity
Vulnerable versions: < 4.0.10
Patched version: 4.0.10

Below are the Remediations I got from Gtihub:

2 marked vulnerabilities found in package-lock.json 

Remediation
Upgrade marked to version 4.0.10 or later. For example:

"dependencies": {
  "marked": ">=4.0.10"
}
or…
"devDependencies": {
  "marked": ">=4.0.10"
}

Hope you will take care of this soon.
@codespede codespede added the bug Functionality does not match expectation label Jan 16, 2022
@Gerrit0
Copy link
Collaborator

Gerrit0 commented Jan 16, 2022

#1844

@Dayday10
Copy link

Fix

@beyerleinf beyerleinf mentioned this issue Jan 18, 2022
Closed
@Gerrit0
Copy link
Collaborator

Gerrit0 commented Jan 19, 2022

Resolved with #1851

@Gerrit0 Gerrit0 closed this as completed Jan 19, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Functionality does not match expectation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@codespede @Gerrit0 @Dayday10