Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Current version of marked creates npm audit issue #78

Open
joehuanguf opened this issue Jul 25, 2019 · 11 comments
Open

Current version of marked creates npm audit issue #78

joehuanguf opened this issue Jul 25, 2019 · 11 comments
Labels
dependencies Pull requests that update a dependency file

Comments

@joehuanguf
Copy link

npm is giving me a security issue with the current version of the marked dependency. It recommends that we upgrade to 0.7.0.

Screen Shot 2019-07-25 at 1 27 14 PM
@shilman shilman added the dependencies Pull requests that update a dependency file label Jul 27, 2019
@fabb
Copy link

fabb commented Jul 30, 2019

Related: 2e7f73f

@lukemarsh
Copy link

@fabb I see that marked has been downgraded but the issue has been fixed in the 0.7.0 patch

@fabb
Copy link

fabb commented Aug 2, 2019

Yes. When marked is upgraded, the linked issue with sanitized inline elements will need fixing.

@chriswynn chriswynn mentioned this issue Aug 13, 2019
Merged
@XGHeaven
Copy link

@fabb I found that marked has been downgraded at version 8.0.0. But @storybook/addon-info still use ^7.0.0. It's also not works. 😭

@wmsbill wmsbill mentioned this issue Sep 25, 2019
Closed
@fralewsmi fralewsmi mentioned this issue Dec 17, 2019
Closed
@alexvcasillas alexvcasillas mentioned this issue Feb 4, 2020
Closed
@ranand
Copy link

ranand commented Feb 14, 2020

marked is at 0.8.0 now. is it possible to upgrade marked version in package.json?

@TheresaBeckerLR
Copy link

marked is at 0.8.0 now. is it possible to upgrade marked version in package.json?

Any word on this?

@christianalfoni
Copy link
Collaborator

Hi there!

Version 0.8.0 breaks a lot of tests and needs to be reviewed. I have a bit too much on my plate these days, but will look at it if I get a chance! 😄

@sojeri sojeri mentioned this issue Apr 28, 2020
Closed
@ilias-t
Copy link

ilias-t commented Jun 4, 2020

any update on this?

@patsplat
Copy link
Contributor

patsplat commented Sep 2, 2020

#98 should patch this up. The test failures were b/c of the CI configuration.

This was linked to pull requests Oct 30, 2020
Update version of 'marked' #87
Closed
fix(deps): resolve 1 vulnerability on the package marked #89
Closed
fix(deps): update marked dependency #91
Closed
fix(deps): updated marked version #94
Closed
@jimmyandrade jimmyandrade removed a link to a pull request Oct 30, 2020
Update version of 'marked' #87
Closed
@nikkypyra
Copy link

Could you please update the following package due to vulnerabilities:
marked to 4.0.10 or greater

This will resolve the vulnerability in marked (See CVE).

@kolesnikanton
Copy link
Contributor

I updated the marked version here: #367
Could I ask you @Hypnosphi @ndelangen @jimmyandrade to release a new version with the changes?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone