Open gracelo opened 3 years ago
On my microservice's daily vulnerability report, it says:
Regular Expression Denial of Service (ReDoS)
Vulnerable module: | highlight.js
Introduced through: highlight.js@10.4.0
Exploit maturity: No known exploit
Fixed in: 10.4.1
So I think may need to move up to 10.4.1.
I think v9 of highlight.js is not supported. I would suggest move up to v10 and APIDocs also will do the same to make sure the highlighting look the same.
I saw these lines on my own uService today: