Closed 01taylop closed 2 years ago
1.16.0
No response
The dependency trim has a "high severity" vulnerability being flagged in GitHub's Dependabot alerts.
trim
The eslint-mdx package is using trim via remark-parse ^8.0.3 in packages/eslint-mdx/package.json.
eslint-mdx
remark-parse ^8.0.3
Since version 9.0.0, remark-parse has not used the trim dependency (commit).
remark-parse
Using the latest version of eslint-plugin-mdx should not cause a Dependabot alert.
eslint-plugin-mdx
Using the latest version of eslint-plugin-mdx causes a Dependabot alert.
Node v16
npm v6
macOS
webpack
duplicate of #312
JounQin
commented
2 years ago JounQin
commented
2 years ago
Initial checklist
Affected packages and versions
1.16.0
Link to runnable example
No response
Steps to reproduce
The dependency
trimhas a "high severity" vulnerability being flagged in GitHub's Dependabot alerts.The
eslint-mdxpackage is usingtrimviaremark-parse ^8.0.3in packages/eslint-mdx/package.json.Since version 9.0.0,
remark-parsehas not used thetrimdependency (commit).Expected behavior
Using the latest version of
eslint-plugin-mdxshould not cause a Dependabot alert.Actual behavior
Using the latest version of
eslint-plugin-mdxcauses a Dependabot alert.Runtime
Node v16
Package manager
npm v6
OS
macOS
Build and bundle tools
webpack