textract icon indicating copy to clipboard operation
textract copied to clipboard

Published 20 hours ago verified publisher icon dbashford

Security: update package use of marked library

Open camsjams opened this issue 4 years ago • 1 comments

There is an advisory for the npm package marked that can be solved by upgrading to the latest version (currently at v1.0.0).

By upgrading, this issue should be fixed:

Regular Expression Denial of Service

This was also reported in #194 in August.

Temporary Fix

A quick fix for users of this repo is to modify their package-lock.json file to use the latest version of marked:

   "marked": {
      "version": "0.7.0",
      "resolved": "https://registry.npmjs.org/marked/-/marked-0.7.0.tgz",
      "integrity": "sha512-c+yYdCZJQrsRjTPhUx7VKkApw9bwDkNbHUKo1ovgcfDjb2kc8rLuRbIFyXL5WOEUwzSSKo3IXpph2K6DqB/KZg=="
     }

camsjams avatar Apr 21 '20 17:04 camsjams

Fixed by #203

camsjams avatar Apr 21 '20 17:04 camsjams