dietercastel
commented
5 years ago This should be solvable by just upgrading the current dependency marked (and maybe marked-terminal?) to their latest version: https://github.com/santinic/how2/search?q=marked&unscoped_q=marked
Version 0.6.1 that is: https://www.npmjs.com/package/marked
I don't think the vulnerability has a big impact on this project since it's not rendered in browser and only on the client. But it's neat to have the latest features of marked anyway. Should we write some additional test first before upgrading that might be useful for the future anyway.
Hi there,
We noticed that your repo has a high severity vulnerability:
Here is the test report for this repo. If you’d like to fix this vulnerability, Snyk lets you generate a pull request that recommends the best upgrade path - there’s a link to fix this vulnerability on the test report.
Stay secure :-) Snyk Community