From be5858aafe4cb0258ea5ed8bfbd44177792c0518 Mon Sep 17 00:00:00 2001 From: kolaente Date: Tue, 16 Jun 2026 08:31:46 +0200 Subject: [PATCH] fix(deps): force markdown-it >=14.2.0 to fix ReDoS advisory Resolves the markdown-it <=14.1.1 advisory. Transitive; pinned via pnpm override. Dependabot alert #266 (frontend). --- frontend/package.json | 3 ++- frontend/pnpm-lock.yaml | 35 ++++++++++++++++++----------------- 2 files changed, 20 insertions(+), 18 deletions(-) diff --git a/frontend/package.json b/frontend/package.json index fce48f874..bfcd786e5 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -178,7 +178,8 @@ "postcss": ">=8.5.10", "tmp": ">=0.2.7", "esbuild": ">=0.28.1", - "form-data": ">=4.0.6" + "form-data": ">=4.0.6", + "markdown-it": ">=14.2.0" } } } diff --git a/frontend/pnpm-lock.yaml b/frontend/pnpm-lock.yaml index 25fd9b891..94aea2a04 100644 --- a/frontend/pnpm-lock.yaml +++ b/frontend/pnpm-lock.yaml @@ -15,6 +15,7 @@ overrides: tmp: '>=0.2.7' esbuild: '>=0.28.1' form-data: '>=4.0.6' + markdown-it: '>=14.2.0' importers: @@ -4673,8 +4674,8 @@ packages: lines-and-columns@1.2.4: resolution: {integrity: sha512-7ylylesZQ/PV29jhEDl3Ufjo6ZX7gCqJr5F7PKrqc93v7fzSymt1BpwEU8nAUXs8qzzvqhbjhK5QZg6Mt/HkBg==} - linkify-it@5.0.0: - resolution: {integrity: sha512-5aHCbzQRADcdP+ATqnDuhhJ/MRIqDkZX5pyjFHRRysS8vZ5AbqGEoFIb6pYHPZ+L/OC2Lc+xT8uHVVR5CAK/wQ==} + linkify-it@5.0.1: + resolution: {integrity: sha512-wVoTjP4Q6R0NW5hiZkVJaFZPWgtXfoGF+6LucL3/FtiNjmcHhYjEr5f1Kqjirc1nBW07J/ZuRFumqr2oqccEWg==} linkifyjs@4.3.2: resolution: {integrity: sha512-NT1CJtq3hHIreOianA8aSXn6Cw0JzYOuDQbOrSPe7gqFnCpKP++MQe3ODgO3oh2GJFORkAAdqredOa60z63GbA==} @@ -4742,19 +4743,19 @@ packages: resolution: {integrity: sha512-sa2ErMQ6kKOA4l31gLGYliFQrMKkqSO0ZJgGhDHKijPf0pNFM9vghjAh3gn26pS4JDRs7Iwa9S36gxm3vgZTzg==} peerDependencies: '@types/markdown-it': '*' - markdown-it: '*' + markdown-it: '>=14.2.0' markdown-it-attrs@4.3.1: resolution: {integrity: sha512-/ko6cba+H6gdZ0DOw7BbNMZtfuJTRp9g/IrGIuz8lYc/EfnmWRpaR3CFPnNbVz0LDvF8Gf1hFGPqrQqq7De0rg==} engines: {node: '>=6'} peerDependencies: - markdown-it: '>= 9.0.0' + markdown-it: '>=14.2.0' markdown-it-emoji@3.0.0: resolution: {integrity: sha512-+rUD93bXHubA4arpEZO3q80so0qgoFJEKRkRbjKX8RTdca89v2kfyF+xR3i2sQTwql9tpPZPOQN5B+PunspXRg==} - markdown-it@14.1.1: - resolution: {integrity: sha512-BuU2qnTti9YKgK5N+IeMubp14ZUKUUw7yeJbkjtosvHiP0AZ5c8IAgEMk79D0eC8F23r4Ac/q8cAIFdm2FtyoA==} + markdown-it@14.2.0: + resolution: {integrity: sha512-1TGiQiJVRQ3NPmZH6sx5Cfnmg6GQm9jvC1ch4TK511NjSJvjzKLzn5pPfZRNZkRPZP0HqCioSndqH8v2nRaWVQ==} hasBin: true marked@17.0.1: @@ -11051,9 +11052,9 @@ snapshots: gray-matter: 4.0.3 jiti: 2.6.1 jsdom: 27.4.0 - markdown-it: 14.1.1 - markdown-it-anchor: 9.2.0(@types/markdown-it@14.1.2)(markdown-it@14.1.1) - markdown-it-attrs: 4.3.1(markdown-it@14.1.1) + markdown-it: 14.2.0 + markdown-it-anchor: 9.2.0(@types/markdown-it@14.1.2)(markdown-it@14.2.0) + markdown-it-attrs: 4.3.1(markdown-it@14.2.0) markdown-it-emoji: 3.0.0 micromatch: 4.0.8 mrmime: 2.0.0 @@ -11561,7 +11562,7 @@ snapshots: lines-and-columns@1.2.4: {} - linkify-it@5.0.0: + linkify-it@5.0.1: dependencies: uc.micro: 2.1.0 @@ -11618,22 +11619,22 @@ snapshots: map-obj@4.3.0: {} - markdown-it-anchor@9.2.0(@types/markdown-it@14.1.2)(markdown-it@14.1.1): + markdown-it-anchor@9.2.0(@types/markdown-it@14.1.2)(markdown-it@14.2.0): dependencies: '@types/markdown-it': 14.1.2 - markdown-it: 14.1.1 + markdown-it: 14.2.0 - markdown-it-attrs@4.3.1(markdown-it@14.1.1): + markdown-it-attrs@4.3.1(markdown-it@14.2.0): dependencies: - markdown-it: 14.1.1 + markdown-it: 14.2.0 markdown-it-emoji@3.0.0: {} - markdown-it@14.1.1: + markdown-it@14.2.0: dependencies: argparse: 2.0.1 entities: 4.5.0 - linkify-it: 5.0.0 + linkify-it: 5.0.1 mdurl: 2.0.0 punycode.js: 2.3.1 uc.micro: 2.1.0 @@ -12311,7 +12312,7 @@ snapshots: prosemirror-markdown@1.13.1: dependencies: '@types/markdown-it': 14.1.2 - markdown-it: 14.1.1 + markdown-it: 14.2.0 prosemirror-model: 1.25.0 prosemirror-menu@1.2.4: