Regular Expression Denial of Service in simple-markdown #95 #94 #93 #92
- Explanation - react-native-simple-markdown uses simple-markdown as a dependency. simple-markdown has a regex/cross-site scripting vulnerability that has been fixed but react-native-simple-markdown is not actively maintained therefore has not been updated. The fix is either 1) Fork the react-native-simple-markdown repo and update the dependency. 2) Use patch-package to force the use of a newer version of simple-markdown in the lockfile. 3) Use a different markdown library all together.
- Action items - start by attempting the patch-package to force the newer version of simple-markdown.
Regular Expression Denial of Service in simple-markdown #95 #94 #93 #92