@atlaskit/editor-markdown-transformer security vulnerability

Per this issue: [JRACLOUD-77436] Provide a public REST API endpoint to convert between ADF, HTML, Markup and Markdown now that pf-editor-service has been decommissioned - Create and track feature requests for Atlassian products.

This is currently the only way to be able to transform markdown into ADF, which we heavily depend on for API integrations. There is a security vulnerability reported for one of the dependencies:

Risk Level High: node-fetch is vulnerable to Exposure of Sensitive information to an Unauthorized Actor
Package: node-fetch
Patched in: >=2.6.7
Dependency of: @atlaskit/editor-markdown-transformer
Path: @atlaskit/editor-markdown-transformer > @atlaskit/editor-common > @atlaskit/media-card > @atlaskit/editor-shared-styles > styled-components > fbjs > isomorphic-fetch > node-fetch
More info: node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor · CVE-2022-0235 · GitHub Advisory Database · GitHub

Is this something that the team is aware of or planning to update? Would love to help contribute, but I know that may not be possible since it is now closed source.

1 Like