Security Issue of depend sub library

[WorkAlexGahr]

Dear all,

seems like eslint-mdx": "^1.16.0" uses remark-mdx "1.6.22" uses "remark-parse": "8.0.3" uses "trim": "0.0.1 which has a security issue CVE-2020-7753 high severity
All versions of package trim lower than 0.0.3 are vulnerable to Regular Expression Denial of Service (ReDoS) via trim(). https://nvd.nist.gov/vuln/detail/CVE-2020-7753

Is it possible to somehow get rid of this issue?
Regards
Alex

[ChristianMurphy]

Please see the last four times this question has been asked https://github.com/mdx-js/mdx/issues?q=is%3Aissue+trim+is%3Aclosed+vulnerable

To reiterate:

1. This is not an exploit, it is a potential slow down. remark-parse 9, react-markdown 6, and mdx 2/xdm address this, and provide other performance improvements.
   https://overreacted.io/npm-audit-broken-by-design provides some additional insights into why npm audit and snyk, while useful, can also be broken for packages like react and mdx, flagging non-issues.
2. MDX version 1 cannot be patched (less strict version dependecy for "remark-parse" #1548 (comment))
3. MDX version 2 is available as a release candidate and has the dependency updated, https://github.com/wooorm/xdm also has the fix.