search

11ty / eleventy-plugin-syntaxhighlight

A pack of Eleventy plugins for syntax highlighting in Markdown, Liquid, and Nunjucks templates.
https://www.11ty.dev/docs/plugins/syntaxhighlight/
MIT License
129 stars 32 forks source link

npm audit shows high severity advisory #53

Closed wolfjagger closed 3 years ago

wolfjagger commented 3 years ago 
# npm audit report

css-what  <5.0.1
Severity: high
Denial of Service - https://npmjs.com/advisories/1754
fix available via `npm audit fix --force`
Will install linkedom@0.9.3, which is a breaking change
node_modules/css-what
  css-select  <=3.1.2
  Depends on vulnerable versions of css-what
  node_modules/css-select
    linkedom  0.1.0 - 0.7.3
    Depends on vulnerable versions of css-select
    node_modules/linkedom

3 high severity vulnerabilities

linkedom currently pinned ^0.5.5

brycewray commented 3 years ago

Now up to four:

# npm audit report

css-what  <5.0.1
Severity: high
Denial of Service - https://npmjs.com/advisories/1754
fix available via `npm audit fix --force`
Will install @11ty/eleventy-plugin-syntaxhighlight@3.0.6, which is a breaking change
node_modules/css-what
  css-select  <=3.1.2
  Depends on vulnerable versions of css-what
  node_modules/css-select
    linkedom  0.1.0 - 0.7.3
    Depends on vulnerable versions of css-select
    node_modules/linkedom
      @11ty/eleventy-plugin-syntaxhighlight  >=3.1.0
      Depends on vulnerable versions of linkedom
      node_modules/@11ty/eleventy-plugin-syntaxhighlight

4 high severity vulnerabilities
zachleat commented 3 years ago

This was fixed in v3.1.2, which shipped a few months ago.