Security Issue of depend sub library #1864
Answered
by
ChristianMurphy
WorkAlexGahr
asked this question in
Q&A
-
Dear all, seems like eslint-mdx": "^1.16.0" uses remark-mdx "1.6.22" uses "remark-parse": "8.0.3" uses "trim": "0.0.1 which has a security issue CVE-2020-7753 high severity Is it possible to somehow get rid of this issue? |
Beta Was this translation helpful? Give feedback.
Answered by
ChristianMurphy
Dec 17, 2021
Replies: 1 comment
-
Please see the last four times this question has been asked https://github.com/mdx-js/mdx/issues?q=is%3Aissue+trim+is%3Aclosed+vulnerable To reiterate:
|
Beta Was this translation helpful? Give feedback.
0 replies
Answer selected by
ChristianMurphy
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Please see the last four times this question has been asked https://github.com/mdx-js/mdx/issues?q=is%3Aissue+trim+is%3Aclosed+vulnerable
To reiterate:
https://overreacted.io/npm-audit-broken-by-design provides some additional insights into why
npm audit
andsnyk
, while useful, can also be broken for packages like react and mdx, flagging non-issues.