-
Notifications
You must be signed in to change notification settings - Fork 58
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update dependency containing moderate security flaw #126
Conversation
Follows discussion started on this issue starting at #122 (comment) |
This comment has been minimized.
This comment has been minimized.
Continuing from the discussion on the unrelated issue... Sorry 🤦♂ ... I didn't remember that the caret works differently below version 1. I'll try and get round to checking this against some real content and doing a release. |
Works fine on our content. AppVeyor problem is something with latest Node 12; ignoring. |
Wait until markedjs/marked#1456 fix is released (it was merged yesterday) before doing a release. There have been many breaking changes (although they are fixes) to Anyone who uses this library to process content that's outside their own control and is concerned about the vulnerability, should be able to use |
@robatwilliams I see this has been merged to master, yet no release was made in the last 6 months. The latest release ( Can you please push the latest master to npm, so we can update our packages and solve the vulnerability once and for all? |
I'm afraid I don't use this anymore. See my previous comment regarding 4 years' worth of |
I see. Did the tests fail for this branch? If not, there's not much risk releasing. Still, you could simply release a major version
At least that way we have a choice. What do you think? |
I can publish 2.0.0-beta.0 if @lukeapage can give me publishing rights please. |
reported at https://www.npmjs.com/advisories/812