CVE-2020-7608
Hyperkid123 opened this issue · comments
The package showdown
has an old yargs-parser
dependency with this critical security vulnerability. Can we update the dependencies to remove it?
This one is important for us, too - @jessiehuff
If you're still on PF4:
https://www.npmjs.com/package/@patternfly/quickstarts/v/2.4.3
If you're on PF5:
https://www.npmjs.com/package/@patternfly/quickstarts/v/5.1.0
In either case, showdown
is no longer declared a dependency, it continue to remain a peer dependency though.
So in your own project, make sure that showdown
is at 2.1.0 or greater.
i.e.
https://github.com/opendatahub-io/odh-dashboard/blob/main/frontend/package.json#L75
https://github.com/openshift/console/blob/master/frontend/package.json#L220
Could be updated