@iamacup @miallo @RonRadtke kindly merge so that the Synk Vulnerability can be resolved:
https://security.snyk.io/vuln/SNYK-JS-MARKDOWNIT-6483324?_gl=1%2a1l4vawo%2a_ga%2aMTkzNjU3NTQyNC4xNjg3MzYxMzIx%2a_ga_X9SH3KP7B4%2aMTcxMTQ3MTc1OS42Ni4xLjE3MTE0NzE3NzUuMC4wLjA.

@iamacup Can we please fix this security vulmn for the community?

@mthahzan there is an update to the @types/markdown-it also. Currently it is at 14.0.1 which you haven't included in this PR.

@david-gettins thanks! PR Updated.

Also, I noticed latest version of markdown-it is 14.1.0 now. Didn't have the time to test it out to see if works or not. If someone can verify, I can bump the version of that as well.

Any plans when this will be merged?

This vulnerability is still there. Kindly this merged other we'll have to migrate to a different library.

If like myself you would like a temporary workaround for the audit issues you can use force-resolutions to force the fixed version of markdown-it. Just beware there may be compatibility issues, but I haven't come across any yet.

Of course, you can always look for an alternative library. If you find one, please let us all know. I would prefer not to use the forced resolution.

@iamacup ping

Is there any update on this?? @iamacup

@javigutierrezfer i use bun and fixed it by setting the patch version in overrides

"overrides": {
"markdown-it": "14.0.0",
}

Didn't notice any issues.

I'm also getting this some upstream issues with markdown-it. Updating this dep might be helpful
markdown-it/markdown-it#958 (See linked issue inside, refering to the release of entities and update of that dependency)

@iamacup ping