VULN UPGRADE: marked (major → 17.0.1)

[campaigner-prod]

Summary: High-severity security update — 1 package upgraded (MAJOR changes included)

Manifests changed:

• . (npm)

Updates

Package	From	To	Type	Vulnerabilities Fixed
marked	1.2.9	17.0.1	major	4 HIGH, 2 MODERATE

---

Warning

Major Version Upgrade

This update includes major version changes that may contain breaking changes. Please:

• Review the changelog/release notes for breaking changes
• Test thoroughly in a staging environment
• Update any code that depends on changed APIs
• Ensure all tests pass before merging

Security Details

🚨 Critical & High Severity (4 fixed)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
marked	GHSA-rrrm-qjm4-v8hf	HIGH	Inefficient Regular Expression Complexity in marked	1.2.9	4.0.10
marked	CVE-2022-21680	HIGH	Cubic catastrophic backtracking (ReDoS) in marked	1.2.9	-
marked	GHSA-5v2h-r2cx-5xgj	HIGH	Inefficient Regular Expression Complexity in marked	1.2.9	4.0.10
marked	CVE-2022-21681	HIGH	Exponential catastrophic backtracking (ReDoS) in marked	1.2.9	-

ℹ️ Other Vulnerabilities (2)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
marked	GHSA-4r62-v4vq-hr96	MODERATE	Regular Expression Denial of Service (REDoS) in Marked	1.2.9	2.0.0
marked	CVE-2021-21306	MODERATE	-	1.2.9	-

---

Review Checklist

Extra review is recommended for this update:

• Review changes for compatibility with your code
• Check release notes for breaking changes
• Run integration tests to verify service behavior
• Test in staging environment before production
• Monitor key metrics after deployment

---

Update Mode: Vulnerability Remediation (High)

🤖 Generated by DataDog Automated Dependency Management System