Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security: update package use of marked library #202

Open
camsjams opened this issue Apr 21, 2020 · 1 comment
Open

Security: update package use of marked library #202

camsjams opened this issue Apr 21, 2020 · 1 comment

Comments

@camsjams
Copy link

camsjams commented Apr 21, 2020
edited
Loading

There is an advisory for the npm package marked that can be solved by upgrading to the latest version (currently at v1.0.0).

By upgrading, this issue should be fixed:

Regular Expression Denial of Service

This was also reported in #194 in August.

Temporary Fix

A quick fix for users of this repo is to modify their package-lock.json file to use the latest version of marked:

   "marked": {
      "version": "0.7.0",
      "resolved": "https://registry.npmjs.org/marked/-/marked-0.7.0.tgz",
      "integrity": "sha512-c+yYdCZJQrsRjTPhUx7VKkApw9bwDkNbHUKo1ovgcfDjb2kc8rLuRbIFyXL5WOEUwzSSKo3IXpph2K6DqB/KZg=="
     }
@camsjams camsjams mentioned this issue Apr 21, 2020
Closed
@camsjams
Copy link
Author

Fixed by #203

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Security: Update version of marked to minimum fixed camsjams/textract
1 participant
@camsjams