Dependency Marked 1.2.9 npm module is having a high vulnerability open

[ShilpaJalaja]

Dependency module Marked 1.2.9 npm module is having a high vulnerability open. https://github.com/advisories/GHSA-rrrm-qjm4-v8hf Marked-1.2.9 is a transient dependency for parent module docsify-cli. docsify-cli latest version is 4.4.4 which is still using marked-1.2.9 .

Request you move to upgrade dependency module Marked with version > 4.0.10 so that the vulnerability can be fixed and consumers of docsify-cli can use the latest version with no vulnerabilities

[yanxin152133]

C:\Windows\system32>npm audit

npm audit report

marked <=4.0.9 Severity: high Inefficient Regular Expression Complexity in marked - https://github.com/advisories/GHSA-5v2h-r2cx-5xgj Inefficient Regular Expression Complexity in marked - https://github.com/advisories/GHSA-rrrm-qjm4-v8hf Regular Expression Denial of Service (REDoS) in Marked - https://github.com/advisories/GHSA-4r62-v4vq-hr96 No fix available node_modules/docsify/node_modules/marked docsify * Depends on vulnerable versions of marked node_modules/docsify docsify-cli * Depends on vulnerable versions of docsify Depends on vulnerable versions of docsify-server-renderer node_modules/docsify-cli docsify-server-renderer >=4.8.1 Depends on vulnerable versions of docsify node_modules/docsify-server-renderer

4 high severity vulnerabilities

Some issues need review, and may require choosing a different dependency.