Audit shows vulnerabilities to CVE-2021-21306 & CVE-2021-21366

[glitsj16]

OS: Arch Linux nodejs: 15.11.0 npm: 7.6.3

Audit suggests updating/changing dependencies marked and xmldom:

$ /usr/bin/npm audit fix

changed 1 package, and audited 1281 packages in 8s

# npm audit report

marked  1.1.1 - 1.2.9
Severity: moderate
Regular Expression Denial of Service - https://npmjs.com/advisories/1623
fix available via `npm audit fix`
node_modules/marked

xmldom  <0.5.0
Misinterpretation of malicious XML input - https://npmjs.com/advisories/1650
No fix available
node_modules/xmldom
  svg2ttf  *
  Depends on vulnerable versions of xmldom
  node_modules/svg2ttf

3 vulnerabilities (2 low, 1 moderate)

To address issues that do not require attention, run:
  npm audit fix

Some issues need review, and may require choosing
a different dependency.

I'm not sure there's much there can be done to mitigate the above issues, just wanted to share this information.

Regards

[miguelsolorio]

This should be fixed via this PR, please leave a comment so that it can be fixed soon: https://github.com/tancredi/fantasticon/pull/240

[danyball]

There is still a npm warning about xmldom: @miguelsolorio

@xmldom/xmldom  <=0.7.6 || 0.8.0 || 0.9.0-beta.1
Severity: critical