marked moderate vulnerability

[migglu]

There seems to be a vulnerability for the marked dependency here. It can be seen when running npm audit. The solution seems to be to upgrade to marked v0.6.2 or newer.

[oznu]

                       === npm audit security report ===                        
                                                                                
┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Regular Expression Denial of Service                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ marked                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=0.6.2                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ ngx-md                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ ngx-md > marked                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/812                             │
└───────────────┴──────────────────────────────────────────────────────────────┘

[xileftenurb]

will their be a new NPM version with this patch soon?

[dimpu]

@xileftenurb Just pushed it.