ngx-md
ngx-md copied to clipboard
marked moderate vulnerability
There seems to be a vulnerability for the marked
dependency here. It can be seen when running npm audit
.
The solution seems to be to upgrade to marked v0.6.2 or newer.
=== npm audit security report ===
┌──────────────────────────────────────────────────────────────────────────────┐
│ Manual Review │
│ Some vulnerabilities require your attention to resolve │
│ │
│ Visit https://go.npm.me/audit-guide for additional guidance │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ marked │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=0.6.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ ngx-md │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ ngx-md > marked │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/812 │
└───────────────┴──────────────────────────────────────────────────────────────┘
will their be a new NPM version with this patch soon?
@xileftenurb Just pushed it.