aayant-mend / NodeGoat

The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.
https://www.owasp.org/index.php/Projects/OWASP_Node_js_Goat_Project
Apache License 2.0
0 stars 0 forks source link

Update dependency marked to v0.7.0 (master) - autoclosed #120

Closed mend-for-github-com[bot] closed 1 year ago

mend-for-github-com[bot] commented 1 year ago

This PR contains the following updates:

Package Type Update Change
marked (source) dependencies minor 0.3.5 -> 0.7.0

This PR resolves the vulnerabilities described in Issue #57


Version 0.3.5 | Risk Change | Critical | High | Medium | Low | | --- | --- | --- | --- | --- | | N/A | 0 | 4 | 7 | 0 |
Version 0.7.0 | Risk Change | Critical | High | Medium | Low | | --- | --- | --- | --- | --- | | -50% | 0 (--) | 2 (-2 ) | 1 (-6 ) | 0 (--) |
Version 0.8.2 | Risk Change | Critical | High | Medium | Low | | --- | --- | --- | --- | --- | | -50% | 0 (--) | 2 (-2 ) | 1 (-6 ) | 0 (--) |

Mend ensures you have the greatest risk reduction ("Recommended Fix"-highlighted in green) by removing as many vulnerabilities as possible. Click to see how we calculate risk reduction.


Release Notes

markedjs/marked ### [`v0.7.0`](https://togithub.com/markedjs/marked/releases/tag/v0.7.0): 0.7.0 [Compare Source](https://togithub.com/markedjs/marked/compare/v0.6.3...v0.7.0) #### Security - Sanitize `paragraph` and `text` tokens [#​1504](https://togithub.com/markedjs/marked/issues/1504) - Fix ReDOS for links with backticks (issue [#​1493](https://togithub.com/markedjs/marked/issues/1493)) [#​1515](https://togithub.com/markedjs/marked/issues/1515) #### Breaking Changes - Deprecate `sanitize` and `sanitizer` options [#​1504](https://togithub.com/markedjs/marked/issues/1504) - Move `fences` to CommonMark [#​1511](https://togithub.com/markedjs/marked/issues/1511) - Move `tables` to GFM [#​1511](https://togithub.com/markedjs/marked/issues/1511) - Remove `tables` option [#​1511](https://togithub.com/markedjs/marked/issues/1511) - Single backtick in link text needs to be escaped [#​1515](https://togithub.com/markedjs/marked/issues/1515) #### Fixes - Fix parentheses around a link [#​1509](https://togithub.com/markedjs/marked/issues/1509) - Fix headings (issue [#​1510](https://togithub.com/markedjs/marked/issues/1510)) [#​1511](https://togithub.com/markedjs/marked/issues/1511) #### Tests - Run tests with correct options [#​1511](https://togithub.com/markedjs/marked/issues/1511) ### [`v0.6.3`](https://togithub.com/markedjs/marked/releases/tag/v0.6.3): 0.6.3 [Compare Source](https://togithub.com/markedjs/marked/compare/v0.6.2...v0.6.3) #### Fixes - Fix nested blockquotes [#​1464](https://togithub.com/markedjs/marked/issues/1464) - Fix `` issue with mixed content [#​1451](https://togithub.com/markedjs/marked/issues/1451) - revert [#​1464](https://togithub.com/markedjs/marked/issues/1464) [#​1497](https://togithub.com/markedjs/marked/issues/1497) - Fix `breaks: true` [#​1507](https://togithub.com/markedjs/marked/issues/1507) #### Docs - add docs for workers [#​1432](https://togithub.com/markedjs/marked/issues/1432) - Add security policy [#​1492](https://togithub.com/markedjs/marked/issues/1492) - Update supported spec versions [#​1491](https://togithub.com/markedjs/marked/issues/1491) - Update test folder descriptions [#​1506](https://togithub.com/markedjs/marked/issues/1506) #### DevOps - Use latest commit for demo master [#​1457](https://togithub.com/markedjs/marked/issues/1457) - Update tests to commonmark 0.29 [#​1465](https://togithub.com/markedjs/marked/issues/1465) - Update tests to GFM 0.29 [#​1470](https://togithub.com/markedjs/marked/issues/1470) - Fix commonmark spec 57 and 40 (headings) [#​1475](https://togithub.com/markedjs/marked/issues/1475) ### [`v0.6.2`](https://togithub.com/markedjs/marked/releases/tag/v0.6.2): 0.6.2 [Compare Source](https://togithub.com/markedjs/marked/compare/v0.6.1...v0.6.2) #### Security - Link redos [#​1426](https://togithub.com/markedjs/marked/issues/1426) - Text redos [#​1460](https://togithub.com/markedjs/marked/issues/1460) #### Fixes - Links parens [#​1435](https://togithub.com/markedjs/marked/issues/1435) - New line after table with escaped pipe [#​1439](https://togithub.com/markedjs/marked/issues/1439) - List item tables [#​1446](https://togithub.com/markedjs/marked/issues/1446) #### Enhancements - Pass token boolean to the `listitem` function [#​1440](https://togithub.com/markedjs/marked/issues/1440) - Allow html without \n after [#​1438](https://togithub.com/markedjs/marked/issues/1438) #### CLI - Update man page to include `--test` and fix argv parameters [#​1442](https://togithub.com/markedjs/marked/issues/1442) - Add a `--version` flag to print marked version [#​1448](https://togithub.com/markedjs/marked/issues/1448) #### Testing - Normalize marked tests [#​1444](https://togithub.com/markedjs/marked/issues/1444) - Update tests to node 4 syntax [#​1449](https://togithub.com/markedjs/marked/issues/1449) ### [`v0.6.1`](https://togithub.com/markedjs/marked/releases/tag/v0.6.1): 0.6.1 [Compare Source](https://togithub.com/markedjs/marked/compare/v0.6.0...v0.6.1) #### Fixes - Fix parenthesis url redos [#​1414](https://togithub.com/markedjs/marked/issues/1414) #### Docs - Update demo site to use a worker [#​1418](https://togithub.com/markedjs/marked/issues/1418) - Update devDependencies to last stable [#​1409](https://togithub.com/markedjs/marked/issues/1409) - Update documentation about extending Renderer [#​1417](https://togithub.com/markedjs/marked/issues/1417) - Remove `--save` option as it isn't required anymore [#​1422](https://togithub.com/markedjs/marked/issues/1422) - Add snyk badge [#​1420](https://togithub.com/markedjs/marked/issues/1420) ### [`v0.6.0`](https://togithub.com/markedjs/marked/releases/tag/v0.6.0): 0.6.0 [Compare Source](https://togithub.com/markedjs/marked/compare/v0.5.2...v0.6.0) #### Breaking Changes - Drop support for Node v0.10 and old browsers such as Internet Explorer - You should not have any problems if using Node 4+ or a modern browser - Add parameter `slugger` to `Renderer.prototype.heading` method [#​1401](https://togithub.com/markedjs/marked/issues/1401) - You should not have any problems if you do not override this method #### New Features - Add new export `marked.Slugger` [#​1401](https://togithub.com/markedjs/marked/issues/1401) #### Fixes - Fix emphasis followed by a punctuation [#​1383](https://togithub.com/markedjs/marked/issues/1383) - Fix bold around autolink email address [#​1385](https://togithub.com/markedjs/marked/issues/1385) - Make autolinks case insensitive [#​1384](https://togithub.com/markedjs/marked/issues/1384) - Make code fences compliant with Commonmark spec [#​1387](https://togithub.com/markedjs/marked/issues/1387) - Make blockquote paragraph continuation compliant with Commonmark spec [#​1394](https://togithub.com/markedjs/marked/issues/1394) - Make ordered list marker length compliant with Commonmark spec [#​1391](https://togithub.com/markedjs/marked/issues/1391) - Make empty list items compliant with Commonmark spec [#​1395](https://togithub.com/markedjs/marked/issues/1395) - Make tag escaping compliant with Commonmark spec [#​1397](https://togithub.com/markedjs/marked/issues/1397) - Make strong/bold compliant with Commonmark spec [#​1400](https://togithub.com/markedjs/marked/issues/1400) - Fix handling of adjacent lists [#​684](https://togithub.com/markedjs/marked/issues/684) - Add better error handling when token type cannot be found [#​1005](https://togithub.com/markedjs/marked/issues/1005) - Fix duplicate heading id and non-latin characters [#​1401](https://togithub.com/markedjs/marked/issues/1401) #### CLI - Pretty print ENOENT errors on cli [#​1396](https://togithub.com/markedjs/marked/issues/1396) - Update repo url in man [#​1403](https://togithub.com/markedjs/marked/issues/1403) #### Docs - Fix `breaks` option description [#​1381](https://togithub.com/markedjs/marked/issues/1381) - Update docs to include "Since" version [#​1382](https://togithub.com/markedjs/marked/issues/1382) - Add defibrillator badge for [@​mccraveiro](https://togithub.com/mccraveiro) [#​1392](https://togithub.com/markedjs/marked/issues/1392) #### Tests - Remove old test covered by gfm/cm [#​1389](https://togithub.com/markedjs/marked/issues/1389) ### [`v0.5.2`](https://togithub.com/markedjs/marked/releases/tag/v0.5.2): 0.5.2 [Compare Source](https://togithub.com/markedjs/marked/compare/v0.5.1...v0.5.2) #### Bug Fixes - Fix emphasis closing by single \_ (part of left-flanking run) [#​1351](https://togithub.com/markedjs/marked/issues/1351) - Make URL handling consistent between links and images [#​1359](https://togithub.com/markedjs/marked/issues/1359) #### Other - Add missing semicolons, add lint rule [#​1340](https://togithub.com/markedjs/marked/issues/1340) - Make Steven ([@​styfle](https://togithub.com/styfle)) a npm publisher [#​1346](https://togithub.com/markedjs/marked/issues/1346) - Fix typo in docs: re*s*ponsibility [#​1364](https://togithub.com/markedjs/marked/issues/1364) - Add the ability to specify options on the [demo page](https://marked.js.org/demo/) as JSON [#​1357](https://togithub.com/markedjs/marked/issues/1357) - Show red border when JSON options are invalid [#​1360](https://togithub.com/markedjs/marked/issues/1360) - Move license file back to root dir [#​1356](https://togithub.com/markedjs/marked/issues/1356) - Fix builds: remove node v0.10 from travis matrix [#​1366](https://togithub.com/markedjs/marked/issues/1366) - This does not a break compatibility in this release but it will a future release - Add `files` key to package.json to prevent publishing unused files [#​1367](https://togithub.com/markedjs/marked/issues/1367) ### [`v0.5.1`](https://togithub.com/markedjs/marked/releases/tag/v0.5.1): 0.5.1 [Compare Source](https://togithub.com/markedjs/marked/compare/v0.5.0...v0.5.1) #### Security - Fix inline code regex and prevent REDOS [#​1337](https://togithub.com/markedjs/marked/issues/1337) - Use `@markedjs/html-differ` to prevent REDOS [#​1331](https://togithub.com/markedjs/marked/issues/1331) #### Bug Fixes - Fix typographic substitution in (pre|code|kbd|script) blocks when smartypants=true [#​1335](https://togithub.com/markedjs/marked/issues/1335) - Fix auto-linking email address [#​1338](https://togithub.com/markedjs/marked/issues/1338) #### Other - Refactor the `escape()` function to improve performance 10-20% [#​975](https://togithub.com/markedjs/marked/issues/975) - Update copyright in source code [#​1326](https://togithub.com/markedjs/marked/issues/1326) - Update benchmark tests [#​1019](https://togithub.com/markedjs/marked/issues/1019) - Add dependency badges to readme [#​1333](https://togithub.com/markedjs/marked/issues/1333) ### [`v0.5.0`](https://togithub.com/markedjs/marked/releases/tag/v0.5.0): 0.5.0 [Compare Source](https://togithub.com/markedjs/marked/compare/0.4.0...v0.5.0) #### Security - Use rtrim, not unsafe /X+$/ [#​1260](https://togithub.com/markedjs/marked/issues/1260) #### Breaking Changes - Fix GFM empty table cells [#​1262](https://togithub.com/markedjs/marked/issues/1262) - Fix GFM extended auto-linking requiring multiple backpedals [#​1293](https://togithub.com/markedjs/marked/issues/1293) - Fix GFM strikethrough compatibility [#​1258](https://togithub.com/markedjs/marked/issues/1258) - Fix issues link references and prototypes [#​1299](https://togithub.com/markedjs/marked/issues/1299) - Fix hard line break when backslash at EOL [#​1303](https://togithub.com/markedjs/marked/issues/1303) - Fix hyperlinks with parenthesis [#​1305](https://togithub.com/markedjs/marked/issues/1305) - Fix loose lists [#​1304](https://togithub.com/markedjs/marked/issues/1304) - Fix strong and em [#​1315](https://togithub.com/markedjs/marked/issues/1315) #### Docs - Fix typo in USING_ADVANCED.md [#​1276](https://togithub.com/markedjs/marked/issues/1276) - Add pictures to AUTHORS.md [#​1272](https://togithub.com/markedjs/marked/issues/1272) - Change badge to latest version of marked [#​1300](https://togithub.com/markedjs/marked/issues/1300) - Change badges from shields.io to badgen.net [#​1317](https://togithub.com/markedjs/marked/issues/1317) - Use iframe to sandbox generated html [#​1295](https://togithub.com/markedjs/marked/issues/1295) - Add additional links into readme [#​1310](https://togithub.com/markedjs/marked/issues/1310) - Add missing parameters for renderer methods [#​1311](https://togithub.com/markedjs/marked/issues/1311) - Add undocumented option descriptions [#​1312](https://togithub.com/markedjs/marked/issues/1312) - Add navigation sidebar to the docs [#​1316](https://togithub.com/markedjs/marked/issues/1316) #### CI - Change travis clone depth to 3 [#​1270](https://togithub.com/markedjs/marked/issues/1270) ### [`v0.4.0`](https://togithub.com/markedjs/marked/releases/tag/0.4.0) [Compare Source](https://togithub.com/markedjs/marked/compare/v0.3.19...0.4.0) #### Security Fixes - Fix unsafe `heading` regex ([#​1224](https://togithub.com/markedjs/marked/issues/1224)) - Fix unsafe `link` regex ([#​1223](https://togithub.com/markedjs/marked/issues/1223), [#​1227](https://togithub.com/markedjs/marked/issues/1227)) #### New Features - Add [option](https://marked.js.org/#/USING_ADVANCED.md) to disable heading ids ([#​1190](https://togithub.com/markedjs/marked/issues/1190)) - Add support for [GFM Task Lists](https://github.github.com/gfm/#task-list-items-extension-) to comply with the GFM spec ([#​1250](https://togithub.com/markedjs/marked/issues/1250)) #### Breaking Changes - Fix escaping pipes in tables ([#​1239](https://togithub.com/markedjs/marked/issues/1239)) - Fix html output for tables to match GFM spec ([#​1245](https://togithub.com/markedjs/marked/issues/1245)) - Fix many bugs to reach parity with CommonMark spec ([#​1135](https://togithub.com/markedjs/marked/issues/1135)) - Fix new Renderer() so it uses default options ([#​1203](https://togithub.com/markedjs/marked/issues/1203)) - Fix text and paragraph return types ([#​1248](https://togithub.com/markedjs/marked/issues/1248)) ([#​1249](https://togithub.com/markedjs/marked/issues/1249)) - Fix `` less than 3 chars ([#​1181](https://togithub.com/markedjs/marked/issues/1181)) - Fix `
` code blocks so there is no more trailing `\n` ([#​1266](https://togithub.com/markedjs/marked/issues/1266))
-   Fix default langPrefix to follow CommonMark standard `language-` ([#​1265](https://togithub.com/markedjs/marked/issues/1265))

#### CLI Changes

-   Add string argument to CLI ([#​1182](https://togithub.com/markedjs/marked/issues/1182))
-   Change CLI stdio to remove warning ([#​994](https://togithub.com/markedjs/marked/issues/994))

#### Other changes

-   Lint all the things ([#​1185](https://togithub.com/markedjs/marked/issues/1185))
-   Improved testing and DevOps ([#​1160](https://togithub.com/markedjs/marked/issues/1160), [#​1210](https://togithub.com/markedjs/marked/issues/1210), [#​1220](https://togithub.com/markedjs/marked/issues/1220), [#​1228](https://togithub.com/markedjs/marked/issues/1228), [#​1219](https://togithub.com/markedjs/marked/issues/1219), [#​1256](https://togithub.com/markedjs/marked/issues/1256))
-   Update documentation and demos ([#​1196](https://togithub.com/markedjs/marked/issues/1196), [#​1197](https://togithub.com/markedjs/marked/issues/1197), [#​1204](https://togithub.com/markedjs/marked/issues/1204), [#​1207](https://togithub.com/markedjs/marked/issues/1207), [#​1221](https://togithub.com/markedjs/marked/issues/1221), [#​1233](https://togithub.com/markedjs/marked/issues/1233), [#​1217](https://togithub.com/markedjs/marked/issues/1217), [#​1240](https://togithub.com/markedjs/marked/issues/1240), [#​1244](https://togithub.com/markedjs/marked/issues/1244), [#​1253](https://togithub.com/markedjs/marked/issues/1253))

### [`v0.3.19`](https://togithub.com/markedjs/marked/releases/tag/v0.3.19): 0.3.18 minified required new release

[Compare Source](https://togithub.com/markedjs/marked/compare/v0.3.18...v0.3.19)

0.3.18 did not have changes to min.

### [`v0.3.18`](https://togithub.com/markedjs/marked/releases/tag/v0.3.18): Minor fixes and updated docs

[Compare Source](https://togithub.com/markedjs/marked/compare/v0.3.17...v0.3.18)

-   Supported Markdown flavors: CommonMark 0.28 and GitHub Flavored Markdown 0.28
-   Updates to our CI pipeline; we're all green! [#​1098](https://togithub.com/markedjs/marked/issues/1098) with the caveat that there is a test that needs to get sorted (help us out [#​1092](https://togithub.com/markedjs/marked/issues/1092))
-   Start ordered lists using the initial numbers from markdown lists ([#​1144](https://togithub.com/markedjs/marked/issues/1144))
-   Added GitHub Pages site for documentation https://marked.js.org/ ([#​1138](https://togithub.com/markedjs/marked/issues/1138))

### [`v0.3.17`](https://togithub.com/markedjs/marked/releases/tag/v0.3.17): Processes and tools

[Compare Source](https://togithub.com/markedjs/marked/compare/5f765201af4aa021d7adaf5c68b550325b2818db...v0.3.17)

-   The elephant in the room: A security vulnerability was discovered and fixed. Please note, if something breaks due to these changes, it was not our intent, and please let us know by submitting a PR or issue to course correct (the nature of the zero-major release and having security as a number one priority) [#​1083](https://togithub.com/markedjs/marked/issues/1083)
-   The other elephant in the room: We missed publishing a 0.3.16 release to GitHub; so, trying to make up for that a bit.
-   Updates to the project documentation and operations, you should check it out, just start with the README and you should be good.
-   New release PR template available [#​1076](https://togithub.com/markedjs/marked/issues/1076)
-   Updates to default PR and Issue templates [#​1076](https://togithub.com/markedjs/marked/issues/1076)
-   Lint checks + tests + continuous integration using Travis [#​1020](https://togithub.com/markedjs/marked/issues/1020)
-   Updated testing output [#​1085](https://togithub.com/markedjs/marked/issues/1085) & [#​1087](https://togithub.com/markedjs/marked/issues/1087)

### [`v0.3.16`](https://togithub.com/markedjs/marked/compare/0.3.15...5f765201af4aa021d7adaf5c68b550325b2818db)

[Compare Source](https://togithub.com/markedjs/marked/compare/0.3.15...5f765201af4aa021d7adaf5c68b550325b2818db)

### [`v0.3.15`](https://togithub.com/markedjs/marked/releases/tag/0.3.15): Fix capturing parens

[Compare Source](https://togithub.com/markedjs/marked/compare/0.3.14...0.3.15)

Fixes unintended breaking change from v0.3.14

### [`v0.3.14`](https://togithub.com/markedjs/marked/releases/tag/0.3.14): New year, new home

[Compare Source](https://togithub.com/markedjs/marked/compare/343b623eac763b8e0f21ddc6a9d661854fdf7971...0.3.14)

-   Marked has a new home under the MarkedJS org! Other advances soon to come.
-   Updated minifier.
-   Various parser fixes

### [`v0.3.13`](https://togithub.com/markedjs/marked/compare/v0.3.12...343b623eac763b8e0f21ddc6a9d661854fdf7971)

[Compare Source](https://togithub.com/markedjs/marked/compare/v0.3.12...343b623eac763b8e0f21ddc6a9d661854fdf7971)

### [`v0.3.12`](https://togithub.com/markedjs/marked/releases/tag/v0.3.12): New Year, new Marked!

[Compare Source](https://togithub.com/markedjs/marked/compare/0.3.9...v0.3.12)

-   Addresses issue where some users might not have been able to update due to missing `use strict` [#​991](https://togithub.com/markedjs/marked/issues/991)
-   Parser fix [#​977](https://togithub.com/markedjs/marked/issues/977)
-   New way to perform tests with options and running individual tests [#​1002](https://togithub.com/markedjs/marked/issues/1002)
-   Improved test cases
-   Improved links

### [`v0.3.9`](https://togithub.com/markedjs/marked/releases/tag/0.3.9): Merry XSSmas

[Compare Source](https://togithub.com/markedjs/marked/compare/v0.3.7...0.3.9)

We think with this version we have addressed most, if not all, known security vulnerabilities. If you find more, please let us know.

### [`v0.3.7`](https://togithub.com/markedjs/marked/releases/tag/v0.3.7): XSS

[Compare Source](https://togithub.com/markedjs/marked/compare/v0.3.6...v0.3.7)

Should fix XSS issue discovered.

### [`v0.3.6`](https://togithub.com/markedjs/marked/compare/v0.3.5...v0.3.6)

[Compare Source](https://togithub.com/markedjs/marked/compare/v0.3.5...v0.3.6)


  • [ ] If you want to rebase/retry this PR, check this box