[Security]: mdast-util-to-hast has unsanitized class attribute

[onissen]

Link zum Dependbot Alert

https://github.com/ncs-northware/northware/security/dependabot/39

Schweregrad

Moderate

Betroffenes Package

storybooks sub-sub-dependencies

Abhängigkeiten (npm list )

northware@ /workspaces/northware
└─┬ ultracite@6.4.0 -> ./node_modules/.pnpm/ultracite@6.4.0_typescript@5.9.3/node_modules/ultracite
  └─┬ @trpc/server@11.8.0 -> ./node_modules/.pnpm/@trpc+server@11.8.0_typescript@5.9.3/node_modules/@trpc/server
    └─┬ next@16.0.10 invalid: "^15.3.1" from node_modules/.pnpm/@trpc+server@11.8.0_typescript@5.9.3/node_modules/@trpc/server -> ./node_modules/.pnpm/next@16.0.10_@babel+core@7.28.0_react-dom@19.2.3_react@19.2.3__react@19.2.3/node_modules/next
      └─┬ storybook@10.1.8 invalid: "8.6.0" from node_modules/.pnpm/next@16.0.10_@babel+core@7.28.0_react-dom@19.2.3_react@19.2.3__react@19.2.3/node_modules/next -> ./node_modules/.pnpm/storybook@10.1.8_@testing-library+dom@10.4.0_prettier@2.8.8_react-dom@19.2.3_react@19.2.3__react@19.2.3/node_modules/storybook
        └─┬ @storybook/icons@2.0.1 -> ./node_modules/.pnpm/@storybook+icons@2.0.1_react-dom@19.2.3_react@19.2.3__react@19.2.3/node_modules/@storybook/icons
          └─┬ @storybook/addon-docs@10.1.8 -> ./node_modules/.pnpm/@storybook+addon-docs@10.1.8_@types+react@19.2.7_esbuild@0.27.1_rollup@4.44.2_storybook_e8b6a2b6cc422aba0b55c895a7f67dfa/node_modules/@storybook/addon-docs
            ├─┬ @mdx-js/mdx@3.1.1 -> ./node_modules/.pnpm/@mdx-js+mdx@3.1.1/node_modules/@mdx-js/mdx
            │ ├─┬ hast-util-to-jsx-runtime@2.3.6 -> ./node_modules/.pnpm/hast-util-to-jsx-runtime@2.3.6/node_modules/hast-util-to-jsx-runtime
            │ │ ├─┬ mdast-util-mdx-expression@2.0.1 -> ./node_modules/.pnpm/mdast-util-mdx-expression@2.0.1/node_modules/mdast-util-mdx-expression
            │ │ │ └─┬ mdast-util-from-markdown@2.0.2 -> ./node_modules/.pnpm/mdast-util-from-markdown@2.0.2/node_modules/mdast-util-from-markdown
            │ │ │   └── mdast-util-to-hast@13.2.0 deduped -> ./node_modules/.pnpm/mdast-util-to-hast@13.2.0/node_modules/mdast-util-to-hast
            │ │ ├─┬ mdast-util-mdx-jsx@3.2.0 -> ./node_modules/.pnpm/mdast-util-mdx-jsx@3.2.0/node_modules/mdast-util-mdx-jsx
            │ │ │ └─┬ mdast-util-from-markdown@2.0.2 -> ./node_modules/.pnpm/mdast-util-from-markdown@2.0.2/node_modules/mdast-util-from-markdown
            │ │ │   └── mdast-util-to-hast@13.2.0 deduped -> ./node_modules/.pnpm/mdast-util-to-hast@13.2.0/node_modules/mdast-util-to-hast
            │ │ └─┬ mdast-util-mdxjs-esm@2.0.1 -> ./node_modules/.pnpm/mdast-util-mdxjs-esm@2.0.1/node_modules/mdast-util-mdxjs-esm
            │ │   └─┬ mdast-util-from-markdown@2.0.2 -> ./node_modules/.pnpm/mdast-util-from-markdown@2.0.2/node_modules/mdast-util-from-markdown
            │ │     └── mdast-util-to-hast@13.2.0 deduped -> ./node_modules/.pnpm/mdast-util-to-hast@13.2.0/node_modules/mdast-util-to-hast
            │ ├─┬ rehype-recma@1.0.0 -> ./node_modules/.pnpm/rehype-recma@1.0.0/node_modules/rehype-recma
            │ │ └─┬ hast-util-to-estree@3.1.3 -> ./node_modules/.pnpm/hast-util-to-estree@3.1.3/node_modules/hast-util-to-estree
            │ │   └── mdast-util-to-hast@13.2.0 deduped -> ./node_modules/.pnpm/mdast-util-to-hast@13.2.0/node_modules/mdast-util-to-hast
            │ ├─┬ remark-mdx@3.1.1 -> ./node_modules/.pnpm/remark-mdx@3.1.1/node_modules/remark-mdx
            │ │ └─┬ mdast-util-mdx@3.0.0 -> ./node_modules/.pnpm/mdast-util-mdx@3.0.0/node_modules/mdast-util-mdx
            │ │   └─┬ mdast-util-from-markdown@2.0.2 -> ./node_modules/.pnpm/mdast-util-from-markdown@2.0.2/node_modules/mdast-util-from-markdown
            │ │     └── mdast-util-to-hast@13.2.0 deduped -> ./node_modules/.pnpm/mdast-util-to-hast@13.2.0/node_modules/mdast-util-to-hast
            │ ├─┬ remark-parse@11.0.0 -> ./node_modules/.pnpm/remark-parse@11.0.0/node_modules/remark-parse
            │ │ └─┬ mdast-util-from-markdown@2.0.2 -> ./node_modules/.pnpm/mdast-util-from-markdown@2.0.2/node_modules/mdast-util-from-markdown
            │ │   └── mdast-util-to-hast@13.2.0 deduped -> ./node_modules/.pnpm/mdast-util-to-hast@13.2.0/node_modules/mdast-util-to-hast
            │ ├─┬ remark-rehype@11.1.2 -> ./node_modules/.pnpm/remark-rehype@11.1.2/node_modules/remark-rehype
            │ │ └── mdast-util-to-hast@13.2.0 -> ./node_modules/.pnpm/mdast-util-to-hast@13.2.0/node_modules/mdast-util-to-hast
            │ └─┬ unist-util-visit@5.0.0 -> ./node_modules/.pnpm/unist-util-visit@5.0.0/node_modules/unist-util-visit
            │   └─┬ mdast-util-from-markdown@2.0.2 invalid: "^1.0.0" from node_modules/.pnpm/unist-util-visit@5.0.0/node_modules/unist-util-visit -> ./node_modules/.pnpm/mdast-util-from-markdown@2.0.2/node_modules/mdast-util-from-markdown
            │     └── mdast-util-to-hast@13.2.0 deduped -> ./node_modules/.pnpm/mdast-util-to-hast@13.2.0/node_modules/mdast-util-to-hast
            └─┬ github-slugger@2.0.0 -> ./node_modules/.pnpm/github-slugger@2.0.0/node_modules/github-slugger
              └─┬ mdast-util-gfm@3.1.0 invalid: "^2.0.0" from node_modules/.pnpm/github-slugger@2.0.0/node_modules/github-slugger, "^2.0.0" from node_modules/.pnpm/unist-util-visit@5.0.0/node_modules/unist-util-visit -> ./node_modules/.pnpm/mdast-util-gfm@3.1.0/node_modules/mdast-util-gfm
                ├─┬ hast-util-to-html@9.0.5 -> ./node_modules/.pnpm/hast-util-to-html@9.0.5/node_modules/hast-util-to-html
                │ └── mdast-util-to-hast@13.2.0 -> ./node_modules/.pnpm/mdast-util-to-hast@13.2.0/node_modules/mdast-util-to-hast
                ├─┬ mdast-util-from-markdown@2.0.2 -> ./node_modules/.pnpm/mdast-util-from-markdown@2.0.2/node_modules/mdast-util-from-markdown
                │ └── mdast-util-to-hast@13.2.0 deduped -> ./node_modules/.pnpm/mdast-util-to-hast@13.2.0/node_modules/mdast-util-to-hast
                ├─┬ mdast-util-gfm-autolink-literal@2.0.1 -> ./node_modules/.pnpm/mdast-util-gfm-autolink-literal@2.0.1/node_modules/mdast-util-gfm-autolink-literal
                │ └── mdast-util-to-hast@13.2.0 deduped -> ./node_modules/.pnpm/mdast-util-to-hast@13.2.0/node_modules/mdast-util-to-hast
                ├─┬ mdast-util-gfm-footnote@2.1.0 -> ./node_modules/.pnpm/mdast-util-gfm-footnote@2.1.0/node_modules/mdast-util-gfm-footnote
                │ └─┬ mdast-util-from-markdown@2.0.2 -> ./node_modules/.pnpm/mdast-util-from-markdown@2.0.2/node_modules/mdast-util-from-markdown
                │   └── mdast-util-to-hast@13.2.0 deduped -> ./node_modules/.pnpm/mdast-util-to-hast@13.2.0/node_modules/mdast-util-to-hast
                ├─┬ mdast-util-gfm-strikethrough@2.0.0 -> ./node_modules/.pnpm/mdast-util-gfm-strikethrough@2.0.0/node_modules/mdast-util-gfm-strikethrough
                │ └─┬ mdast-util-from-markdown@2.0.2 -> ./node_modules/.pnpm/mdast-util-from-markdown@2.0.2/node_modules/mdast-util-from-markdown
                │   └── mdast-util-to-hast@13.2.0 deduped -> ./node_modules/.pnpm/mdast-util-to-hast@13.2.0/node_modules/mdast-util-to-hast
                ├─┬ mdast-util-gfm-table@2.0.0 -> ./node_modules/.pnpm/mdast-util-gfm-table@2.0.0/node_modules/mdast-util-gfm-table
                │ └─┬ mdast-util-from-markdown@2.0.2 -> ./node_modules/.pnpm/mdast-util-from-markdown@2.0.2/node_modules/mdast-util-from-markdown
                │   └── mdast-util-to-hast@13.2.0 deduped -> ./node_modules/.pnpm/mdast-util-to-hast@13.2.0/node_modules/mdast-util-to-hast
                ├─┬ mdast-util-gfm-task-list-item@2.0.0 -> ./node_modules/.pnpm/mdast-util-gfm-task-list-item@2.0.0/node_modules/mdast-util-gfm-task-list-item
                │ └─┬ mdast-util-from-markdown@2.0.2 -> ./node_modules/.pnpm/mdast-util-from-markdown@2.0.2/node_modules/mdast-util-from-markdown
                │   └── mdast-util-to-hast@13.2.0 deduped -> ./node_modules/.pnpm/mdast-util-to-hast@13.2.0/node_modules/mdast-util-to-hast
                └── mdast-util-to-hast@13.2.0 -> ./node_modules/.pnpm/mdast-util-to-hast@13.2.0/node_modules/mdast-util-to-hast

Beschreibung

No response