p-kuen
commented
3 months ago Thank you for the information. I just published v2.2.0 where markdown-it was set to v13.0.2.
Closed torbenj closed 3 months ago
p-kuen
commented
3 months ago Thank you for the information. I just published v2.2.0 where markdown-it was set to v13.0.2.
Hello guys,
our Synk scanner noticed that vue-markdown-render uses markdown-it@12.3.2 which has a vulnerability. Upon checking the package.json in this repo I see that an updated version of the dependency is defined. After further research I noticed that our npm mirror has version 2.1.1 of vue-markdown-render cached and after the dependency update the library version of vue-markdown-render wasn't bumped. I suspect that this prevents us from getting the updated dependencies as the mirror doesn't refetch 2.1.1.
Is it possible to release a 2.1.2 version to at least reflect the package.json changes you made a couple of months ago? :)