Skip to content
This repository was archived by the owner on Mar 7, 2022. It is now read-only.

fix(deps): update dependency marked to ^0.7.0 [security] #21

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix(deps): update dependency marked to ^0.7.0 [security] #21

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link

@renovate renovate bot commented Jun 4, 2019
edited
Loading

WhiteSource Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
marked (source) ^0.6.0 -> ^0.7.0 age adoption passing confidence

GitHub Vulnerability Alerts

GHSA-ch52-vgq2-943f

Affected versions of marked are vulnerable to Regular Expression Denial of Service (ReDoS). The _label subrule may significantly degrade parsing performance of malformed input.

Recommendation

Upgrade to version 0.7.0 or later.

Release Notes

markedjs/marked

v0.7.0

Compare Source

Security

Breaking Changes

  • Deprecate sanitize and sanitizer options #​1504
  • Move fences to CommonMark #​1511
  • Move tables to GFM #​1511
  • Remove tables option #​1511
  • Single backtick in link text needs to be escaped #​1515

Fixes

Tests

  • Run tests with correct options #​1511

v0.6.3

Compare Source

Fixes

Docs

DevOps

  • Use latest commit for demo master #​1457
  • Update tests to commonmark 0.29 #​1465
  • Update tests to GFM 0.29 #​1470
  • Fix commonmark spec 57 and 40 (headings) #​1475

v0.6.2

Compare Source

Security

Fixes

Enhancements

  • Pass token boolean to the listitem function #​1440
  • Allow html without \n after #​1438

CLI

  • Update man page to include --test and fix argv parameters #​1442
  • Add a --version flag to print marked version #​1448

Testing

v0.6.1

Compare Source

Fixes
Docs
  • Update demo site to use a worker #​1418
  • Update devDependencies to last stable #​1409
  • Update documentation about extending Renderer #​1417
  • Remove --save option as it isn't required anymore #​1422
  • Add snyk badge #​1420

Configuration

📅 Schedule: "" (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box.

This PR has been generated by WhiteSource Renovate. View repository job log here.

@renovate renovate bot force-pushed the renovate/npm-marked-vulnerability branch from ed7406f to b8c473e Compare July 13, 2019 15:59
@renovate renovate bot force-pushed the renovate/npm-marked-vulnerability branch from b8c473e to ea5b956 Compare October 28, 2020 13:01
@renovate renovate bot changed the title fix(deps): update dependency marked to v0.6.1 [security] fix(deps): update dependency marked to ^0.7.0 [security] Oct 28, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@renovate-bot