search

jdiegodcp / ramlfications

Python parser for RAML
https://ramlfications.readthedocs.org
Apache License 2.0
234 stars 50 forks source link

upgrade markdown dependency due to CVE-2018-5773 #156

Closed mattnworb closed 5 years ago

mattnworb commented 5 years ago

this was an automated suggestion made by Github's dependency tool

mattnworb commented 5 years ago

https://nvd.nist.gov/vuln/detail/CVE-2018-5773 https://github.com/trentm/python-markdown2/issues/285

econchick commented 5 years ago

The syntax for soft pinning is => not ~>

econchick commented 5 years ago

also, thank you for this :D

mattnworb commented 5 years ago

oh weird, I literally copy and pasted that from Github's recommendation. I don't get why they didn't go as far as to auto-generate the PR for me.

image

OmgImAlexis commented 5 years ago

This is still an issue as per https://github.com/trentm/python-markdown2/issues/285#issuecomment-427651533