After installing the package via npm system throws a warning about an old version of highlight.js.
Code from package.json:
"dependencies": { "highlight.js": "^9.12.0" }
Manual install of non-vulnerable version didn't help, because npm installs vulnerable version to vue-markdown-v2/node_modules
npm audit output:
highlight.js 9.0.0 - 10.4.0
Severity: moderate
ReDOS vulnerabities: multiple grammars - https://github.com/advisories/GHSA-7wwv-vh3v-89cq
No fix available
node_modules/vue-markdown-v2/node_modules/highlight.js
vue-markdown-v2 *
Depends on vulnerable versions of highlight.js
node_modules/vue-markdown-v2
2 moderate severity vulnerabilities
Some issues need review, and may require choosing
a different dependency.
After installing the package via npm system throws a warning about an old version of highlight.js. Code from package.json:
"dependencies": { "highlight.js": "^9.12.0" }
Manual install of non-vulnerable version didn't help, because npm installs vulnerable version to vue-markdown-v2/node_modules
npm audit output:
highlight.js 9.0.0 - 10.4.0 Severity: moderate ReDOS vulnerabities: multiple grammars - https://github.com/advisories/GHSA-7wwv-vh3v-89cq No fix available node_modules/vue-markdown-v2/node_modules/highlight.js vue-markdown-v2 * Depends on vulnerable versions of highlight.js node_modules/vue-markdown-v2
2 moderate severity vulnerabilities
Some issues need review, and may require choosing a different dependency.