fix vulnerable dependencies

angular / dgeni-packages

A collection of dgeni packages for generating documentation from source code.

MIT License

142 stars 106 forks source link

fix vulnerable dependencies #281

Closed petebacondarwin closed 5 years ago

petebacondarwin commented 5 years ago

The previous version of marked was vulnerable to a ReDoS attack.

BREAKING CHANGES

There are a few relevant breaking changes with this latest version of marked. This only affects usage of the renderMarkdown() service and the marked nunjucks filter. Take a look through the marked release notes and check if this affects you.

Fixes #280

dpogue commented 5 years ago

marked v0.7.0 has now been released, with another ReDoS fix and a few more breaking changes.

It would be great to see this merged soon, as all of my repos are currently failing npm audit due to this warning.

petebacondarwin commented 5 years ago

Working on it... there is also the shelljs issue.

petebacondarwin commented 5 years ago

Released as 0.28.0

dpogue commented 5 years ago

Thanks! 🙇