GSA / code-gov-api

API powering the code.gov source code harvester
http://code.gov
Other
53 stars 28 forks source link

[Snyk] Security upgrade marked from 0.7.0 to 1.1.1 #343

Closed snyk-bot closed 4 years ago

snyk-bot commented 4 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
medium severity Regular Expression Denial of Service (ReDoS )
SNYK-JS-MARKED-584281
Yes No Known Exploit
Commit messages
Package name: marked The new version differs by 250 commits.
  • 1ad8e69 Merge pull request #1731 from UziTech/release-1.1.1
  • 7e17526 1.1.1
  • 7fbee6e Merge pull request #1730 from UziTech/update-deps
  • 6f7522f Merge pull request #1729 from UziTech/quick-ref
  • f8024eb remove ending slash
  • 524ae66 remove ending slash
  • 0d6e056 build
  • 04ac593 update dev deps
  • f36f676 🗜️ build [skip ci]
  • dddf9ae Merge pull request #1686 from calculuschild/EmphasisFixes
  • 6b729ed Merge branch 'EmphasisFixes' of https://github.com/calculuschild/marked into EmphasisFixes
  • e27e6f9 Sorted strong and em into sub-objects
  • a761316 Merge pull request #1726 from UziTech/show-rules
  • f8193ed add npm run rules
  • ad720c1 Make emEnd const
  • 1fb141d Make strEnd const
  • 226bbe7 Lint
  • cc778ad Removed redundancy in "startEM" check
  • 211b9f9 Removed Lookbehinds
  • 982b57e Merge pull request #1720 from vassudanagunta/docs-patch-1
  • 2a847e6 clarify level of support for Markdown flavors
  • bd4f8c4 Fix unrestricted "any character" for REDOS
  • 4e7902e Gaaaah lint
  • 4db32dc Links are masked only once per inline string
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic