From 89b8d5856e5f129ace3ed756f0da0f21bf1612c5 Mon Sep 17 00:00:00 2001
From: Jon R <jonathan.roesner@yahoo.com>
Date: Fri, 14 Jan 2022 18:18:42 +0100
Subject: [PATCH] [examples] Update remark dependency for blog-starter (#33313)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Upgrade remark-html dependency to resolve the critical vulnerability.

Newer versions like 15.0.1 do not work with this example but version 13.0.2 fixes the security issue and still works.
```
                       === npm audit security report ===

# Run  npm install remark-html@15.0.1  to resolve 1 vulnerability
SEMVER WARNING: Recommended action is a potentially breaking change
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Critical      │ Unsafe defaults in `remark-html`                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ remark-html                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ remark-html                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ remark-html                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://github.com/advisories/GHSA-9q5w-79cv-947m            │
└───────────────┴──────────────────────────────────────────────────────────────┘
```
<!--
Thanks for opening a PR! Your contribution is much appreciated.
In order to make sure your PR is handled as smoothly as possible we request that you follow the checklist sections below.
Choose the right checklist for the change that you're making:
-->

## Bug

- [ ] Related issues linked using `fixes #number`
- [ ] Integration tests added
- [ ] Errors have helpful link attached, see `contributing.md`

## Feature

- [ ] Implements an existing feature request or RFC. Make sure the feature request has been accepted for implementation before opening a PR.
- [ ] Related issues linked using `fixes #number`
- [ ] Integration tests added
- [ ] Documentation added
- [ ] Telemetry added. In case of a feature if it's used or not.
- [ ] Errors have helpful link attached, see `contributing.md`

## Documentation / Examples

- [ ] Make sure the linting passes by running `yarn lint`
---
 examples/blog-starter/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/examples/blog-starter/package.json b/examples/blog-starter/package.json
index 1e6a6ae24c82c..fed5332dfbe15 100644
--- a/examples/blog-starter/package.json
+++ b/examples/blog-starter/package.json
@@ -13,7 +13,7 @@
     "react": "^17.0.2",
     "react-dom": "^17.0.2",
     "remark": "13.0.0",
-    "remark-html": "13.0.1"
+    "remark-html": "13.0.2"
   },
   "devDependencies": {
     "autoprefixer": "^10.4.0",