dgutride
commented
10 months ago This one is important for us, too - @jessiehuff
Closed Hyperkid123 closed 10 months ago
dgutride
commented
10 months ago This one is important for us, too - @jessiehuff
jschuler
commented
10 months ago If you're still on PF4: https://www.npmjs.com/package/@patternfly/quickstarts/v/2.4.3
If you're on PF5: https://www.npmjs.com/package/@patternfly/quickstarts/v/5.1.0
In either case, showdown is no longer declared a dependency, it continue to remain a peer dependency though.
So in your own project, make sure that showdown is at 2.1.0 or greater.
i.e. https://github.com/opendatahub-io/odh-dashboard/blob/main/frontend/package.json#L75 https://github.com/openshift/console/blob/master/frontend/package.json#L220 Could be updated
https://github.com/advisories/GHSA-p9pc-299p-vxgp
The package
showdownhas an oldyargs-parserdependency with this critical security vulnerability. Can we update the dependencies to remove it?