Vulnerability found by Webstorm through Mend.io and NPM

[TheDogHusky]

Hey!

I have no idea if this is a false positive.
I recently had both NPM and Webstorm tell me Showdown version 2.1.0 had a vulnerability.

https://safe.classydev.fr/webstorm64_1_Pbxu_M_Red1-RkTcocasTmHHiOfzplq6mGBOTYmb9uzr.png
Here is the Mend.io link: https://www.mend.io/vulnerability-database/CVE-2024-1899

Thanks in advance!

Adam

[marcellino-ornelas]

Synk is also reporting the same thing 😃

https://security.snyk.io/vuln/SNYK-JS-SHOWDOWN-8685130

Any ETA on a fix? Sync says that a fix was pushed to your default branch but wasn't published yet 🤔

[kapilshinde2]

Same for me. Snyk reported the security issue and we need to migrate to other package (as per management), if there is no fix soon.

[yuvalkarmi]

Adding to this as well. Seeing this in snyk and need to address please.

[D4VID0x2]

Since the last commit to this repo is 3 years ago, I wouldn't get my hopes up.

[JonasDoe]

Well, last year the author said he's planning to maintain it: #1021 (comment)
But yeah, I'm also not that optimistic.