Vulnerability in markdown-to-jsx

[artola]

Vulnerability in markdown-to-jsx

This package uses markdown-to-jsx ^6.11.4 affected by:

Issue: Cross site scripting in markdown-to-jsx
URL: GHSA-4wx3-54gh-9fr9
Severity: moderate
Vulnerable Versions: <7.4.

See upstream issue: quantizor/markdown-to-jsx#610

Solution upgrade to v7

From the release notes of such package, v7 is a rewrite in TS. I did an upgrade using resolutions and no side-effects were found.
I do propose to bump markdown-to-jsx to the latest ^7.5.0 and proceed if tests are passing.

[imomyer]

Is this being worked on?