search

simonhaenisch / md-to-pdf

Hackable CLI tool for converting Markdown files to PDF using Node.js and headless Chrome.
https://www.npmjs.com/md-to-pdf
MIT License
1.16k stars 110 forks source link

bug: There are a High Vulnerability on marked dependences #112

Closed nternouski closed 2 years ago

nternouski commented 2 years ago

There are a High Vulnerability on marked dependences

npm audit return this:

marked  <4.0.10
Severity: high
Inefficient Regular Expression Complexity in marked - https://github.com/advisories/GHSA-5v2h-r2cx-5xgj
fix available via `npm audit fix --force`
Will install md-to-pdf@1.1.0, which is a breaking change
node_modules/marked
  md-to-pdf  >=2.1.4
  Depends on vulnerable versions of listr
  Depends on vulnerable versions of marked
  node_modules/md-to-pdf

Can someone update de dependences? Thx

simonhaenisch commented 2 years ago

Released as 5.0.2.