Vulnerability #105

navjotjsingh · 2019-08-01T20:20:03Z

Getting this on running npm audit

Low │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ marked │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=0.7.0 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ hexo-renderer-marked │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ hexo-renderer-marked > marked │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/1076 │
└───────────────┴──────────────────────────────────────────────────────────────┘

Please check.

tomap · 2019-08-02T05:20:52Z

Fixed by #102
Most vulnerability you'll see on npm don't apply to hexo due to the simple context where they occur. But still it is a good pratice
We will need to publish a new version so you can see the fix, or in the meantime, you can use "hexojs/hexo-renderer-marked" instead of the version number "^1.0.1"
and run npm i

curbengh · 2019-08-02T06:55:51Z

To be closed once v2 stable is released.

curbengh · 2019-08-24T09:10:15Z

v2 stable released
#108
#108

curbengh added this to the v2.0.0 milestone Aug 2, 2019

curbengh closed this as completed Aug 24, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Vulnerability #105

Vulnerability #105

navjotjsingh commented Aug 1, 2019

tomap commented Aug 2, 2019

curbengh commented Aug 2, 2019

curbengh commented Aug 24, 2019

Vulnerability #105

Vulnerability #105

Comments

navjotjsingh commented Aug 1, 2019

tomap commented Aug 2, 2019

curbengh commented Aug 2, 2019

curbengh commented Aug 24, 2019