fix: patch marked ReDoS vulnerability (CVE-2022-21681) via Yarn resolution override (#1236)

Copilot · jderochervlk · web-flow · commit db9aec3958c5 · 2026-04-08T11:30:23.000+02:00
* Initial plan * fix: upgrade marked to 4.0.10 via resolutions to fix ReDoS (GHSA-5v2h-r2cx-5xgj) Agent-Logs-Url: https://github.com/rescript-lang/rescript-lang.org/sessions/9eb986e6-cb64-40d5-ac83-ff5bdd72d561 Co-authored-by: jderochervlk <60623931+jderochervlk@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: jderochervlk <60623931+jderochervlk@users.noreply.github.com>
diff --git a/package.json b/package.json
@@ -82,6 +82,9 @@
     "unified": "^11.0.5",
     "vfile-matter": "^5.0.1"
   },
+  "resolutions": {
+    "marked": "4.0.10"
+  },
   "devDependencies": {
     "@prettier/plugin-oxc": "^0.1.3",
     "@react-router/dev": "^7.14.0",
diff --git a/yarn.lock b/yarn.lock
@@ -6635,12 +6635,12 @@ __metadata:
   languageName: node
   linkType: hard
 
-"marked@npm:^0.3.14":
-  version: 0.3.19
-  resolution: "marked@npm:0.3.19"
+"marked@npm:4.0.10":
+  version: 4.0.10
+  resolution: "marked@npm:4.0.10"
   bin:
-    marked: ./bin/marked
-  checksum: 10c0/ee5e268716de56a7543c245268d72e5eb1a66f67022e0392cab9744b3b38768d1db289c173679ff696cdbf1bcd82ff10520cae2296f3293989e07a17f9218705
+    marked: bin/marked.js
+  checksum: 10c0/137660cd1eca54cfcdcec9d9c7dea786fc57ba3663da9043b721aff4c1419fc869d21bc38f6d5907062b82d4ef354f4fcac6605cac5f4f9dc1595a743b856d91
   languageName: node
   linkType: hard
 
