Hi there. The current version of postcss-markdown includes remark@11.x which has a library called trim as dependency. trim itself has some vulnerabilities.
I went through the Changelog of remark and I think it should be okay to bump this version. Also, all tests are still passing. However, I don't know postcss-markdown enough to evaluate the impact of this change. @gucong3000 @Chersquwn do you think it's safe to bump the version?
Hi there. The current version of
postcss-markdownincludesremark@11.xwhich has a library calledtrimas dependency.trimitself has some vulnerabilities.I went through the Changelog of
remarkand I think it should be okay to bump this version. Also, all tests are still passing. However, I don't knowpostcss-markdownenough to evaluate the impact of this change. @gucong3000 @Chersquwn do you think it's safe to bump the version?