react-notion-x icon indicating copy to clipboard operation
react-notion-x copied to clipboard

Published 20 hours ago verified publisher icon NotionX

`katex` Requires Update

Open powersagitar opened this issue 1 year ago • 3 comments
trafficstars

Description

Package katex that packages/react-notion-x depends on has a few security vulnerabilities:

  • https://github.com/advisories/GHSA-64fm-8hw2-v72w
  • https://github.com/advisories/GHSA-f98w-7cxr-ff2h
  • https://github.com/advisories/GHSA-3wc5-fcw2-2329
  • https://github.com/advisories/GHSA-cvr6-37gx-v8wc

It is better to bump katex to 0.16.10 to install the patches.

Currently katex is on 0.15.3.

powersagitar avatar Apr 29 '24 16:04 powersagitar

Any progress?

rossirpaulo avatar May 29 '24 07:05 rossirpaulo

How do we patch this manually?

rossirpaulo avatar May 29 '24 07:05 rossirpaulo

How do we patch this manually?

Maybe you can fork react-notion-x, update its package.json, and add that fork as a dependency?

This repository contains 5 packages, and I couldn't figure out a way to add only one of them as a dependency using git.

powersagitar avatar May 29 '24 13:05 powersagitar