SECURITY: High Severity Vulnerability

[nromito]

┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Regular Expression Denial of Service in trim                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ trim                                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=0.0.3                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @readme/markdown                                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @readme/markdown > remark-parse > trim                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1700                            │
└───────────────┴──────────────────────────────────────────────────────────────┘

[StephenFluin]

What's the latest on updating / removing the dependency on the current version of remark-parse, and therefore the old trim?

[kellyjosephprice]

We're still planning on updating remark past v7.0.2, but we still haven't set a timeline yet. We'll hoping to get to it in the next few months, but we're still not clear on how much of a rewrite it'll be.