Security vulnerability: typedoc 0.21.9 requires marked 3.0.2

[bennycode]

Hi, can you please patch typedoc 0.21.9 to v0.21.10 and upgrade the marked dependency to v4.0.10 or later? Reason is that marked v3 is impacted by GHSA-rrrm-qjm4-v8hf.

Best, Benny

[Gerrit0]

I do not support minor versions behind the latest (currently 0.22) due to lack of time. If you upgrade to version 0.22.11, marked has been upgraded.

Note that if you are running TypeDoc on your code, then you can only ever be impacted by this vulnerability if you intentionally trigger it.

[bennycode]

I would like to upgrade from v0.21 to v0.22 but v0.22 has breaking changes which make it hard for me. 😥

Being an open source code maintainer myself, I know how time consuming this is and I understand that you won't have the time to do this fix. So I did the fix to support you. 🔧

I executed npm run build_and_test and it showed all green. Here are the changes necessary to make a v0.21.10: https://github.com/TypeStrong/typedoc/compare/v0.21.9...bennycode:patch-0-21-9?expand=1

I can provide you a Git patch file if you like. 🙂

[Gerrit0]

https://www.npmjs.com/package/typedoc/v/0.21.10

[bennycode]

Thank you very much for building v0.21.10. 🙏