ho-man-chan
commented
10 months ago Update [created for issue pressbooks/private#1279]: By updating Mathjax to 3.x or even 4.x, the following vulnerability would be fixed. This may be a breaking change and may require refactoring our implementation.
jsdom <=16.5.3
Severity: moderate
Insufficient Granularity of Access Control in JSDom - https://github.com/advisories/GHSA-f4c9-cqv8-9v98
Depends on vulnerable versions of request
Depends on vulnerable versions of tough-cookie
No fix available
node_modules/mathjax-node/node_modules/jsdom
mathjax-node *
Depends on vulnerable versions of jsdom
node_modules/mathjax-node
request *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
Depends on vulnerable versions of tough-cookie
No fix available
node_modules/request
request-promise-core *
Depends on vulnerable versions of request
node_modules/request-promise-core
request-promise-native >=1.0.0
Depends on vulnerable versions of request
Depends on vulnerable versions of request-promise-core
Depends on vulnerable versions of tough-cookie
node_modules/request-promise-native
tough-cookie <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3
No fix available
node_modules/mathjax-node/node_modules/tough-cookie
node_modules/request-promise-native/node_modules/tough-cookie
node_modules/request/node_modules/tough-cookie
Latest version can be found here: https://github.com/mathjax/MathJax-src/releases (3.2 at time of last edit)