You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
marked before 1.1.1 is vulnerable to Regular Expression Denial of Service (REDoS). rules.js have multiple unused capture groups which can lead to a Denial of Service
jsdoc - marked dependency should be upgraded to 1.1.1 or above version.
The text was updated successfully, but these errors were encountered:
Removal of markdown has been proposed back in 2017, see #1413, so I'm not counting on this work landing any time soon.
I was wondering if a simpler approach would be to upgrade the existing marked library version into 1.1.1, given that marked version 1.0.0 is "non-breaking for most users".
I tried looking into making this fix, but gave up after running into the good ol' node-gyp errors, which I'm currently not willing to work through.
Potentially vulnerable dependency marked-0.8.2.js
Please see markedjs/marked@bd4f8c4
marked before 1.1.1 is vulnerable to Regular Expression Denial of Service (REDoS). rules.js have multiple unused capture groups which can lead to a Denial of Service
jsdoc - marked dependency should be upgraded to 1.1.1 or above version.
The text was updated successfully, but these errors were encountered: