sp-dev-fx-controls-react icon indicating copy to clipboard operation
sp-dev-fx-controls-react copied to clipboard

Published 20 hours ago verified publisher icon pnp

Update markdown-it to >=13.0.2

Open brianpmccullough opened this issue 11 months ago • 4 comments

Thank you for reporting an issue, suggesting an enhancement, or asking a question. We appreciate your feedback - to help the team understand your needs please complete the below template to ensure we have the details to help. Thanks!

Please check out the documentation to see if your question is already addressed there. This will help us ensure our documentation is up to date.

Category

[ X] Enhancement

[ ] Bug

[ ] Question

Version

Please specify what version of the library you are using: [ 3.20 ]

If you are not using the latest release, please update and see if the issue is resolved before submitting an issue.

Expected / Desired Behavior / Question

If you are reporting an issue please describe the expected behavior. If you are suggesting an enhancement please describe thoroughly the enhancement, how it can be achieved, and expected benefit. If you are asking a question, ask away! Update markdown-it package dependency to a more recent version (>= 13.0.2) to avoid vulnerability found in currently referenced version. https://github.com/pnp/sp-dev-fx-controls-react/blob/873aa00689eaeba8c2dc85c25c5bdcb6b03f3f00/package.json#L75C6-L75C17 https://security.snyk.io/vuln/SNYK-JS-MARKDOWNIT-6483324

Observed Behavior

If you are reporting an issue please describe the behavior you expected to occur when performing the action. If you are making a suggestion or asking a question delete this section. N/A

Steps to Reproduce

If you are reporting an issue please describe the steps to reproduce the bug in sufficient detail to allow testing. If you are making a suggestion or asking a question delete this section. N/A

brianpmccullough avatar Dec 09 '24 16:12 brianpmccullough

I am also waiting on this one. I am facing issues with vulnerability scans in my repository due to the current version (12.3.2) of markdown-it package being used in spfx-controls-react package. When do we expect this PR to get merged?

Thanks in advance!

cc: @AJIXuMuK

vishalshitole avatar Jan 07 '25 14:01 vishalshitole

We are also getting this flagged in our repository due to "markdown-it" package version. Please share any updates on this.

cc: @AJIXuMuK

Thanks in advance!

akshataggrwal avatar Jan 13 '25 10:01 akshataggrwal

@michaelmaillot if you have questions or need any help with anything, please let me know.

brianpmccullough avatar Feb 07 '25 20:02 brianpmccullough

Any updates on this or next release of the controls?

brianpmccullough avatar Feb 22 '25 13:02 brianpmccullough