Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pidoc/core: Security vulnerability in markdown-it #13

Closed
sbley opened this issue Apr 24, 2024 · 2 comments
Closed

pidoc/core: Security vulnerability in markdown-it #13

sbley opened this issue Apr 24, 2024 · 2 comments
Labels
enhancement New feature or request

Comments

@sbley
Copy link

sbley commented Apr 24, 2024

Black Duck reports a security vulnerability in markdown-it 12.3.2 which is used in our project, matching the version identifier for markdown-it in pidoc/core, ^12.0.6.
It is reported to be fixed with markdown-it 13.0.2.
Could you please update the dependencies accordingly?

pidoc/core 0.18.0
CWE-400, CWE-835
@FlorianRappl
Copy link
Contributor

Sure - consider it done :)

@FlorianRappl FlorianRappl added the enhancement New feature or request label Apr 25, 2024
@sbley
Copy link
Author

sbley commented Apr 25, 2024

With latest pidoc/core 0.18.1 I am getting a type error with flexsearch:

ERROR in ./src/codegen/search.codegen
Module build failed (from ../../parcel-codegen-loader/lib/index.js):
TypeError: FlexSearch is not a constructor
    at createSearch (<projectdir>\node_modules\@pidoc\core\src\tools\search.js:8:17)

Pinning flexsearch to 0.27.1 (as suggested in other posts) did not help.
nextapps-de/flexsearch#341

@FlorianRappl FlorianRappl mentioned this issue Apr 25, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sbley @FlorianRappl