rileylnapier
commented
1 month ago yeah there was an issue with a customer where their app was breaking because they got a newer version. let me poke arond and see what their issue was
Open vojty opened 1 month ago
rileylnapier
commented
1 month ago yeah there was an issue with a customer where their app was breaking because they got a newer version. let me poke arond and see what their issue was
The current version
markdown-to-jsx@7.1.7is affected by Cross-Site Scriptingsee https://security.snyk.io/vuln/SNYK-JS-MARKDOWNTOJSX-6258886 for more details.
How to fix? Upgrade
markdown-to-jsxto version 7.4.0 or higher. I found this commit https://github.com/trycourier/courier-react/commit/e9f89db6a1d75255aeffcce64154d31ca70b198b so it will probably require some extra work and not just a version bump.