codedoc icon indicating copy to clipboard operation
codedoc copied to clipboard

Published 20 hours ago verified publisher icon CONNECT-platform

Update marked to 4.0.10 to avoid CVE-2022-21680

Open TysonMN opened this issue 2 years ago • 1 comments

Can you update @connectv/marked to at least 4.0.10 to avoid CVE-2022-21680 (and address Dependabot security issues like this one)?

TysonMN avatar Sep 12 '22 01:09 TysonMN

the security issue does not affect codedoc (since we don't run any untrusted markdown), but yeah @connectv/marked does require an update generally.

loreanvictor avatar Sep 12 '22 07:09 loreanvictor