tuchk4 / storybook-readme

React Storybook addon to render README files in github style

Vulnerability in dependency `marked`

sareh opened this issue 5 years ago · comments

Sareh commented 5 years ago

There is a vulnerability in the dependency marked that is used in this package: https://github.com/tuchk4/storybook-readme/blob/master/packages/storybook-readme/package.json

https://www.npmjs.com/advisories/1076/versions.
It is fixed in version 0.7.0

Valerii Sorokobatko commented 5 years ago

will publish today later

Sareh commented 5 years ago

Thank you, @tuchk4.

Daniel Testa commented 5 years ago

Looks good in 5.0.8 - thanks @tuchk4!

Valerii Sorokobatko commented 5 years ago

@sareh @dtesta released in 5.0.8

@sareh thanks for PR :)

gbluv commented 4 years ago

We are trying to use version 6.0.28 and seeing this vulnerability https://snyk.io/vuln/SNYK-JS-TRIM-1017038