chore(deps): update dependency marked to v0.7.0 [security] #292

renovate · 2020-10-28T05:59:42Z

This PR contains the following updates:

Package	Type	Update	Change
marked (source)	resolutions	minor	`0.6.1` -> `0.7.0`

GitHub Vulnerability Alerts

GHSA-ch52-vgq2-943f

Affected versions of marked are vulnerable to Regular Expression Denial of Service (ReDoS). The _label subrule may significantly degrade parsing performance of malformed input.

Recommendation

Upgrade to version 0.7.0 or later.

Release Notes

markedjs/marked

`v0.7.0`

Compare Source

Security

Sanitize paragraph and text tokens #1504
Fix ReDOS for links with backticks (issue #1493) #1515

Breaking Changes

Deprecate sanitize and sanitizer options #1504
Move fences to CommonMark #1511
Move tables to GFM #1511
Remove tables option #1511
Single backtick in link text needs to be escaped #1515

Fixes

Fix parentheses around a link #1509
Fix headings (issue #1510) #1511

Tests

Run tests with correct options #1511

`v0.6.3`

Compare Source

Fixes

Fix nested blockquotes #1464
Fix <em> issue with mixed content #1451
revert #1464 #1497
Fix breaks: true #1507

Docs

add docs for workers #1432
Add security policy #1492
Update supported spec versions #1491
Update test folder descriptions #1506

DevOps

Use latest commit for demo master #1457
Update tests to commonmark 0.29 #1465
Update tests to GFM 0.29 #1470
Fix commonmark spec 57 and 40 (headings) #1475

`v0.6.2`

Compare Source

Security

Link redos #1426
Text redos #1460

Fixes

Links parens #1435
New line after table with escaped pipe #1439
List item tables #1446

Enhancements

Pass token boolean to the listitem function #1440
Allow html without \n after #1438

CLI

Update man page to include --test and fix argv parameters #1442
Add a --version flag to print marked version #1448

Testing

Normalize marked tests #1444
Update tests to node 4 syntax #1449

Renovate configuration

📅 Schedule: "" (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by WhiteSource Renovate. View repository job log here.

chore(deps): update dependency marked to v0.7.0 [security]

e002e99

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): update dependency marked to v0.7.0 [security] #292

chore(deps): update dependency marked to v0.7.0 [security] #292

Uh oh!

renovate bot commented Oct 28, 2020

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

chore(deps): update dependency marked to v0.7.0 [security] #292

Are you sure you want to change the base?

chore(deps): update dependency marked to v0.7.0 [security] #292

Uh oh!

Conversation

renovate bot commented Oct 28, 2020

GitHub Vulnerability Alerts

GHSA-ch52-vgq2-943f

Recommendation

Release Notes

v0.7.0

Security

Breaking Changes

Fixes

Tests

v0.6.3

Fixes

Docs

DevOps

v0.6.2

Security

Fixes

Enhancements

CLI

Testing

Renovate configuration

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

`v0.7.0`

`v0.6.3`

`v0.6.2`