search

IBM / marked-it-cli

marked-it-cli
MIT License
5 stars 15 forks source link

Upgrade highlightjs npm #15

Open gracelo opened 3 years ago

gracelo commented 3 years ago

I think v9 of highlight.js is not supported. I would suggest move up to v10 and APIDocs also will do the same to make sure the highlighting look the same.

I saw these lines on my own uService today:

  Verion 9 of Highlight.js has reached EOL.  It will no longer
  be supported or receive security updates in the future.
  Please upgrade to version 10 or encourage your indirect
  dependencies to do so.

  For more info:

  https://github.com/highlightjs/highlight.js/issues/2877
  https://github.com/highlightjs/highlight.js/blob/master/VERSION_10_UPGRADE.md
gracelo commented 3 years ago

On my microservice's daily vulnerability report, it says:

Regular Expression Denial of Service (ReDoS)

Vulnerable module: | highlight.js
Introduced through: highlight.js@10.4.0
Exploit maturity: No known exploit
Fixed in: 10.4.1

So I think may need to move up to 10.4.1.