Skip to content

markdown-it is possibly vulnerable to ReDOS in newline rule #1423

New issue
New issue
Closed
#1424
Closed
markdown-it is possibly vulnerable to ReDOS in newline rule#1423
#1424
Assignees
mfranzke
Labels
corefix / refactor 🚧
@mfranzke

Description

@mfranzke
mfranzke
opened on Feb 3, 2022

I am using Pattern Lab Node v5.16.1 on Mac, with Node v12.13.1, using a Node Handlebars Edition.

Expected Behavior

After installation, there shouldn't be any vulnerabilities warnings.

Actual Behavior

The output currently shows some in the output on consuming setups.

There has already been a security fix release by the related dependency markdown-it: https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md#1232---2022-01-08

Steps to Reproduce

Do a regular npm install within an existing installation.

Metadata

Metadata

Assignees

Labels

corefix / refactor 🚧

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions