Open dpash opened 2 years ago
The version of marked that you're depending on has a number of security issues: CVE-2022-21681 and CVE-2022-21680.
https://github.com/advisories/GHSA-5v2h-r2cx-5xgj
Upgrading to at least 4.0.10 will remove these issues. Without this change, any project that depends on vue-easymde will also have a vulnerable version of marked too.
PR #19 will fix this.
dpash
commented
2 years ago
The version of marked that you're depending on has a number of security issues: CVE-2022-21681 and CVE-2022-21680.
https://github.com/advisories/GHSA-5v2h-r2cx-5xgj
Upgrading to at least 4.0.10 will remove these issues. Without this change, any project that depends on vue-easymde will also have a vulnerable version of marked too.