Open ramonpetgrave64 opened 6 days ago
fixes https://github.com/slsa-framework/slsa-verifier/security/code-scanning/11
markdown-toc's latest v1.2.0 is still vulnerable via a transitive dependency, but hasn't received updates in a long time.
This PR overrides one of the other transitive dependencies to a non-vulnerable version.
more info here https://github.com/jonschlinkert/markdown-toc/issues/156
make markdown-toc
@laurentsimon @ianlewis @slugclub
fixes https://github.com/slsa-framework/slsa-verifier/security/code-scanning/11
markdown-toc's latest v1.2.0 is still vulnerable via a transitive dependency, but hasn't received updates in a long time.
This PR overrides one of the other transitive dependencies to a non-vulnerable version.
more info here https://github.com/jonschlinkert/markdown-toc/issues/156
Testing process
make markdown-toc
and it did succeed, while also adding a missing header in the README.