Vulnerability found (due to highlight.js)

[damianobarbati]

Consider updating the highlight.js dependency to prevent the yarn audit from yelling:

yarn audit
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ moderate      │ ReDOS vulnerabities: multiple grammars                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ highlight.js                                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=10.4.1                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ handlebars-helpers                                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ handlebars-helpers > helper-markdown > highlight.js          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1005528                     │
└───────────────┴──────────────────────────────────────────────────────────────┘

[hristoiankov]

This is preventing me from using handlebars-helpers.

[jonathas]

Since this repository is abandoned, I forked and created a new package here with the fix: https://www.npmjs.com/package/helpers-for-handlebars

[damianobarbati]

Thank you @jonathas