Skip to content

[Snyk] Upgrade marked from 2.1.3 to 4.0.19 #13

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade marked from 2.1.3 to 4.0.19 #13

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link
Contributor

Snyk has created this PR to upgrade marked from 2.1.3 to 4.0.19.

merge advice
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

  • The recommended version is 29 versions ahead of your current version.
  • The recommended version was released a month ago, on 2022-08-21.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-2342082		 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-2342073		 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: marked
  • 4.0.19 - 2022-08-21

    4.0.19 (2022-08-21)

    Bug Fixes

    • make second parameter optional on lexer.inline (#2552) (f1a9608)
  • 4.0.18 - 2022-07-11

    4.0.18 (2022-07-11)

    Bug Fixes

  • 4.0.17 - 2022-06-13

    4.0.17 (2022-06-13)

    Bug Fixes

    • Code and heading after list without blank line (#2483) (15f3f15)
  • 4.0.16 - 2022-05-17

    4.0.16 (2022-05-17)

    Bug Fixes

  • 4.0.15 - 2022-05-02

    4.0.15 (2022-05-02)

    Bug Fixes

  • 4.0.14 - 2022-04-11

    4.0.14 (2022-04-11)

    Bug Fixes

  • 4.0.13 - 2022-04-08

    4.0.13 (2022-04-08)

    Bug Fixes

    • allow emStrong regex to consume more characters at once (#2433) (35583c3)
  • 4.0.12 - 2022-01-27

    4.0.12 (2022-01-27)

    Bug Fixes

  • 4.0.11 - 2022-01-26

    4.0.11 (2022-01-26)

    Bug Fixes

  • 4.0.10 - 2022-01-13

    4.0.10 (2022-01-13)

    Bug Fixes

    • security: fix redos vulnerabilities (8f80657)
  • 4.0.9 - 2022-01-06
  • 4.0.8 - 2021-12-19
  • 4.0.7 - 2021-12-09
  • 4.0.6 - 2021-12-02
  • 4.0.5 - 2021-11-25
  • 4.0.4 - 2021-11-19
  • 4.0.3 - 2021-11-13
  • 4.0.2 - 2021-11-12
  • 4.0.1 - 2021-11-11
  • 4.0.0 - 2021-11-02
  • 3.0.8 - 2021-10-24
  • 3.0.7 - 2021-10-07
  • 3.0.6 - 2021-10-06
  • 3.0.5 - 2021-10-06
  • 3.0.4 - 2021-09-14
  • 3.0.3 - 2021-09-08
  • 3.0.2 - 2021-08-25
  • 3.0.1 - 2021-08-23
  • 3.0.0 - 2021-08-16
  • 2.1.3 - 2021-06-25
from marked GitHub release notes
Commit messages
Package name: marked
  • 95f37bd chore(release): 4.0.19 [skip ci]
  • a8bd390 🗜️ build [skip ci]
  • f1a9608 fix: make second parameter optional on lexer.inline (#2552)
  • eb35814 docs: Add new Users : rtnF md (#2557)
  • f307df7 chore(deps-dev): Bump rollup from 2.77.2 to 2.78.0 (#2554)
  • a7eab85 chore(deps-dev): Bump eslint from 8.21.0 to 8.22.0 (#2555)
  • 9e7512b chore(deps-dev): Bump @ babel/core from 7.18.9 to 7.18.10 (#2548)
  • 2253ccb chore(deps-dev): Bump @ rollup/plugin-commonjs from 22.0.1 to 22.0.2 (#2549)
  • a6d4b79 chore(deps-dev): Bump @ babel/preset-env from 7.18.9 to 7.18.10 (#2550)
  • 0aca8d3 chore(deps-dev): Bump node-fetch from 3.2.9 to 3.2.10 (#2544)
  • 5527be4 chore(deps-dev): Bump rollup from 2.77.0 to 2.77.2 (#2545)
  • f37a8e3 chore(deps-dev): Bump eslint from 8.20.0 to 8.21.0 (#2546)
  • 0aea961 chore(deps-dev): Bump node-fetch from 3.2.8 to 3.2.9 (#2540)
  • 4a5d72c chore(deps-dev): Bump jasmine from 4.2.1 to 4.3.0 (#2541)
  • a5a45a6 chore(deps-dev): Bump uglify-js from 3.16.2 to 3.16.3 (#2542)
  • 0c35ae4 chore(deps-dev): Bump node-fetch from 3.2.6 to 3.2.8 (#2539)
  • 3aa6397 chore(deps-dev): Bump @ babel/core from 7.18.6 to 7.18.9 (#2538)
  • 6424ecd chore(deps-dev): Bump highlight.js from 11.5.1 to 11.6.0 (#2537)
  • 2076813 chore(deps-dev): Bump @ babel/preset-env from 7.18.6 to 7.18.9 (#2536)
  • 1ea078a chore(deps-dev): Bump rollup from 2.76.0 to 2.77.0 (#2535)
  • 0755e2c chore(deps-dev): Bump eslint from 8.19.0 to 8.20.0 (#2534)
  • 459085b chore(release): 4.0.18 [skip ci]
  • 9fb5721 🗜️ build [skip ci]
  • 01c98d1 fix: fix heading in list item (#2520)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@snyk-bot snyk-bot requested a review from a team as a code owner September 17, 2022 06:01
@snyk-bot snyk-bot requested a review from a team September 17, 2022 06:01
@cs-raj cs-raj force-pushed the snyk-upgrade-ffd665fc870841ea9a9fba55838b0d32 branch from 4500246 to 8417bc6 Compare October 18, 2024 10:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot