search

webmasterish / vuepress-plugin-feed

RSS, Atom, and JSON feeds generator plugin for VuePress 1.x
MIT License
49 stars 14 forks source link

SNYK Security Vulnerablity: ReDoS #9

Open staghouse opened 5 years ago

staghouse commented 5 years ago

Description

snyk package reports vulnerability with remove-markdown dependency

See this issue

Expected Behavior

To not have a security issue

Actual Behavior

Has a security issue

Steps to Reproduce

Run snyk on a vuepress instance using this plugin

Your Environment

Description Value
vuepress-plugin-feed version 0.1.7
node version 12.8.0
npm version 6.10.2
OS OSX 10.14.5
webmasterish commented 5 years ago

Thank you @staghouse for pointing it out.

Will have to wait for remove-markdown dependency to be updated, unless you have a ready solution. Do you?

staghouse commented 5 years ago

Currently no. Sorry