A transitive dependency is a library that is included in your project indirectly through another dependency. A vulnerability in a transitive dependency can be fixed by adding a new direct dependency of the library in your project.
This issue was fixed in version 0.3.6. That version is currently considered safe, so we suggest that you add version 0.3.6.
Applying the fix may break your project, so we recommend that you always build and test your project to verify that the fix has been successful.
##### package.json
"dependencies": {
...,
"marked": "0.3.6",
...,
}
For more information on this vulnerability, please visit the SourceClear Registry.
Your marked 0.3.5 library, a transitive dependency in your RiseVision/rise-core repository, is subject to vulnerability SID-2309: Cross-site Scripting (XSS) Due to Sanitization Bypass Using HTML Entities.
A transitive dependency is a library that is included in your project indirectly through another dependency. A vulnerability in a transitive dependency can be fixed by adding a new direct dependency of the library in your project.
This issue was fixed in version 0.3.6. That version is currently considered safe, so we suggest that you add version 0.3.6.
Applying the fix may break your project, so we recommend that you always build and test your project to verify that the fix has been successful. ##### package.json
For more information on this vulnerability, please visit the SourceClear Registry.