robsonbbs
commented
2 years ago I didn't test it yet, but a workaround would be to use resolutions into your package.json:
"resolutions": {
"markdown-it": "12.3.2"
},Closed chirag-rakholiya closed 9 months ago
robsonbbs
commented
2 years ago I didn't test it yet, but a workaround would be to use resolutions into your package.json:
"resolutions": {
"markdown-it": "12.3.2"
},
paulosborne
commented
1 year ago I didn't test it yet
warning Resolution field "markdown-it@12.3.2" is incompatible with requested version "markdown-it@^10.0.0"
Security Vulnerability found in one of the Dependency library named markdown-it@10.0.0 . More details - https://github.com/opensearch-project/OpenSearch-Dashboards/issues/1135
As a user of the react-native-markdown-display , there is still dependency version of markdown-it has 10.0.0 which cause the security issue while using the latest version of the react-native-display and even old version having same issue.
please upgrade the markdown-it to 12.3.2 so we can feel free to use react-native-markdown-display without any security concern.
markdown-it is a Markdown parser. Prior to version 1.3.2, special patterns with length greater than 50 thousand characters could slow down the parser significantly. Users should upgrade to version 12.3.2 to receive a patch. There are no known workarounds aside from upgrading.