You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We have an audit right now and we need to resolve the issue of Event Catalog using an old version of "trim" through one of its dependencys
"Regular Expression Denial of Service in trim"
trim <0.0.3
Severity: high
Regular Expression Denial of Service in trim - GHSA-w5p7-h5w8-2hfq
fix available via npm audit fix
node_modules/trim
remark-parse <=8.0.3
Depends on vulnerable versions of trim
node_modules/@mdx-js/mdx/node_modules/remark-parse
node_modules/remark-mdx/node_modules/remark-parse
@mdx-js/mdx <=1.6.22
Depends on vulnerable versions of remark-mdx
Depends on vulnerable versions of remark-parse
node_modules/@mdx-js/mdx
next-mdx-remote <=3.0.8
Depends on vulnerable versions of @mdx-js/mdx
node_modules/next-mdx-remote
remark-mdx <=1.6.22
Depends on vulnerable versions of remark-parse
node_modules/remark-mdx
"npm autit fix" didnt fix it
It would seem that @mdx-js/react and next-mdx-remote needs to be updated to use a newer version of trim
Steps to reproduce
run "npm audit" to see the issue
Expected behavior
No vulnerabilities :)
Actual behavior
The repo uses an old version of the "trim" package which exposes it to vulnerabilities.
Your environment
EventCatalog version used: 1.2.5
Environment name and version (e.g. Chrome 89, Node.js 16.4): Node 20
Operating system and version (e.g. Ubuntu 20.04.2 LTS): MacOS
The text was updated successfully, but these errors were encountered:
Have you read the Contributing Guidelines on issues?
Description
We have an audit right now and we need to resolve the issue of Event Catalog using an old version of "trim" through one of its dependencys
"Regular Expression Denial of Service in trim"
trim <0.0.3
Severity: high
Regular Expression Denial of Service in trim - GHSA-w5p7-h5w8-2hfq
fix available via npm audit fix
node_modules/trim
remark-parse <=8.0.3
Depends on vulnerable versions of trim
node_modules/@mdx-js/mdx/node_modules/remark-parse
node_modules/remark-mdx/node_modules/remark-parse
@mdx-js/mdx <=1.6.22
Depends on vulnerable versions of remark-mdx
Depends on vulnerable versions of remark-parse
node_modules/@mdx-js/mdx
next-mdx-remote <=3.0.8
Depends on vulnerable versions of @mdx-js/mdx
node_modules/next-mdx-remote
remark-mdx <=1.6.22
Depends on vulnerable versions of remark-parse
node_modules/remark-mdx
"npm autit fix" didnt fix it
It would seem that @mdx-js/react and next-mdx-remote needs to be updated to use a newer version of trim
Steps to reproduce
run "npm audit" to see the issue
Expected behavior
No vulnerabilities :)
Actual behavior
The repo uses an old version of the "trim" package which exposes it to vulnerabilities.
Your environment
The text was updated successfully, but these errors were encountered: