A XSS vulnerability was fixed in the marked library, with no new version yet bumped to npm. What are my options here to update my application with this fix (i.e. applying the fix, without manually adding the updated library code unmanaged by NPM)?
The commit can be found here. https://github.com/chjj/marked/commit/cd2f6f5b7091154c5526e79b5f3bfb4d15995a51
I'd prefer to keep using NPM to retain control over versioning of packages in the project.
- Is there a way to do an NPM install on the (specific) github version including the fix?