Breaking Change in Dependency Chain for @tryfabric/martian Due to Vulnerable Versions of packages #65
Description
I am encountering a breaking change issue when attempting to update @tryfabric/martian to version 1.2.0. It involves a chain of dependencies, including vulnerable versions of katex, micromark-extension-math, and remark-math.
Below are the details of the issue: npm audit
Will install @tryfabric/[email protected], which is a breaking change
node_modules/katex
micromark-extension-math <=2.0.2
Depends on vulnerable versions of katex
node_modules/micromark-extension-math
remark-math 4.0.0 - 5.0.0
Depends on vulnerable versions of micromark-extension-math
fix available via `npm audit fix --force`
Will install @tryfabric/[email protected], which is a breaking change
node_modules/katex
micromark-extension-math <=2.0.2
Depends on vulnerable versions of katex
node_modules/micromark-extension-math
remark-math 4.0.0 - 5.0.0
Depends on vulnerable versions of micromark-extension-math
Will install @tryfabric/[email protected], which is a breaking change
node_modules/katex
micromark-extension-math <=2.0.2
Depends on vulnerable versions of katex
node_modules/micromark-extension-math
remark-math 4.0.0 - 5.0.0
Depends on vulnerable versions of micromark-extension-math
node_modules/micromark-extension-math
remark-math 4.0.0 - 5.0.0
Depends on vulnerable versions of micromark-extension-math
node_modules/remark-math
@tryfabric/martian >=1.2.4
Depends on vulnerable versions of remark-math
node_modules/@tryfabric/martian
node_modules/remark-math
@tryfabric/martian >=1.2.4
Depends on vulnerable versions of remark-math
node_modules/remark-math
@tryfabric/martian >=1.2.4
node_modules/remark-math
@tryfabric/martian >=1.2.4
Depends on vulnerable versions of remark-math
node_modules/@tryfabric/martian
The issue involves:
micromark-extension-math(<=2.0.2) depending on vulnerable versions ofkatexremark-math(4.0.0 - 5.0.0) depending on vulnerable versions ofmicromark-extension-math- The installation of
@tryfabric/[email protected]results in a breaking change
A potential fix has been suggested via npm audit fix --force, but this could break compatibility. Could you please provide guidance or an updated release to address this issue?
Thank you!