Security Vulnerability

[chirag-rakholiya]

Security Vulnerability found in one of the Dependency library named markdown-it@10.0.0 .
More details - opensearch-project/OpenSearch-Dashboards#1135

As a user of the react-native-markdown-display , there is still dependency version of markdown-it has 10.0.0 which cause the security issue while using the latest version of the react-native-display and even old version having same issue.

please upgrade the markdown-it to 12.3.2 so we can feel free to use react-native-markdown-display without any security concern.

markdown-it is a Markdown parser. Prior to version 1.3.2, special patterns with length greater than 50 thousand characters could slow down the parser significantly. Users should upgrade to version 12.3.2 to receive a patch. There are no known workarounds aside from upgrading.

[robsonbbs]

I didn't test it yet, but a workaround would be to use resolutions into your package.json:

"resolutions": {
    "markdown-it": "12.3.2"
  },

[paulosborne]

I didn't test it yet

warning Resolution field "markdown-it@12.3.2" is incompatible with requested version "markdown-it@^10.0.0"