Update markdown-it-py to 2.2.0 to remove Denial of Service vulnerability warnings

executablebooks / rst-to-myst

Convert ReStructuredText to MyST Markdown

https://rst-to-myst.readthedocs.io

MIT License

59 stars 10 forks source link

Update markdown-it-py to 2.2.0 to remove Denial of Service vulnerability warnings #62

Closed wongjoel closed 1 year ago

wongjoel commented 1 year ago

Context

Dependabot is flagging (https://github.com/advisories/GHSA-vrjv-mxr7-vjf8) and (https://github.com/advisories/GHSA-jrwr-5x3p-hvc3) as vulnerabilities, but is unable to provide a resolution, as it requires markdown-it-py to be at version 2.2.0 or greater, while this project has "markdown-it-py~=1.0" in pyproject.toml

Proposal

Update markdown-it-py version to 2.2.0, assuming there are no breaking API changes.

Tasks and updates

No response

welcome[bot] commented 1 year ago

Thanks for opening your first issue here! Engagement like this is essential for open source projects! :hugs:
If you haven't done so already, check out EBP's Code of Conduct. Also, please try to follow the issue template as it helps other community members to contribute more effectively.
If your issue is a feature request, others may react to it, to raise its prominence (see Feature Voting).
Welcome to the EBP community! :tada: