Marked dep vulnerable #1011
Description
This issue pertains to the following package(s):
- GraphQL Playground - Electron App
- GraphQL Playground HTML
- GraphQL Playground
- GraphQL Playground Express Middleware
- GraphQL Playground Hapi Middleware
- GraphQL Playground Koa Middleware
- GraphQL Playground Lambda Middleware
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ moderate │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ marked │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=0.6.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ graphql-playground-react │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ graphql-playground-react > marked │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/812 │
└───────────────┴──────────────────────────────────────────────────────────────┘
https://www.npmjs.com/advisories/812/versions
https://github.com/prisma/graphql-playground/blob/77064d549c9eef1dddcb78469d07eb7f6c925df5/packages/graphql-playground-react/package.json#L128
Marked needs upgrade to 0.6.2 and release new version of graphql-playground-react