Update dependency marked to v0.7.0 (master) - autoclosed

This PR contains the following updates:

Package	Type	Update	Change
marked (source)	dependencies	minor	`0.3.5` -> `0.7.0`

This PR resolves the vulnerabilities described in Issue #57

Version 0.3.5

| Risk Change

Critical |

High |

Medium |

Low | | --- | --- | --- | --- | --- | | N/A | 0 | 4 | 7 | 0 |

Version 0.7.0

| Risk Change

Critical |

High |

Medium |

Low | | --- | --- | --- | --- | --- | | -50%

| 0 (--) | 2 (-2

) | 1 (-6

) | 0 (--) |

Version 0.8.2

| Risk Change

Critical |

High |

Medium |

Low | | --- | --- | --- | --- | --- | | -50%

| 0 (--) | 2 (-2

) | 1 (-6

) | 0 (--) |

Mend ensures you have the greatest risk reduction ("Recommended Fix"-highlighted in green) by removing as many vulnerabilities as possible. Click to see how we calculate risk reduction.

Release Notes

markedjs/marked

### [`v0.7.0`](https://togithub.com/markedjs/marked/releases/tag/v0.7.0): 0.7.0 [Compare Source](https://togithub.com/markedjs/marked/compare/v0.6.3...v0.7.0) #### Security - Sanitize `paragraph` and `text` tokens [#1504](https://togithub.com/markedjs/marked/issues/1504) - Fix ReDOS for links with backticks (issue [#1493](https://togithub.com/markedjs/marked/issues/1493)) [#1515](https://togithub.com/markedjs/marked/issues/1515) #### Breaking Changes - Deprecate `sanitize` and `sanitizer` options [#1504](https://togithub.com/markedjs/marked/issues/1504) - Move `fences` to CommonMark [#1511](https://togithub.com/markedjs/marked/issues/1511) - Move `tables` to GFM [#1511](https://togithub.com/markedjs/marked/issues/1511) - Remove `tables` option [#1511](https://togithub.com/markedjs/marked/issues/1511) - Single backtick in link text needs to be escaped [#1515](https://togithub.com/markedjs/marked/issues/1515) #### Fixes - Fix parentheses around a link [#1509](https://togithub.com/markedjs/marked/issues/1509) - Fix headings (issue [#1510](https://togithub.com/markedjs/marked/issues/1510)) [#1511](https://togithub.com/markedjs/marked/issues/1511) #### Tests - Run tests with correct options [#1511](https://togithub.com/markedjs/marked/issues/1511) ### [`v0.6.3`](https://togithub.com/markedjs/marked/releases/tag/v0.6.3): 0.6.3 [Compare Source](https://togithub.com/markedjs/marked/compare/v0.6.2...v0.6.3) #### Fixes - Fix nested blockquotes [#1464](https://togithub.com/markedjs/marked/issues/1464) - Fix `` issue with mixed content [#1451](https://togithub.com/markedjs/marked/issues/1451) - revert [#1464](https://togithub.com/markedjs/marked/issues/1464) [#1497](https://togithub.com/markedjs/marked/issues/1497) - Fix `breaks: true` [#1507](https://togithub.com/markedjs/marked/issues/1507) #### Docs - add docs for workers [#1432](https://togithub.com/markedjs/marked/issues/1432) - Add security policy [#1492](https://togithub.com/markedjs/marked/issues/1492) - Update supported spec versions [#1491](https://togithub.com/markedjs/marked/issues/1491) - Update test folder descriptions [#1506](https://togithub.com/markedjs/marked/issues/1506) #### DevOps - Use latest commit for demo master [#1457](https://togithub.com/markedjs/marked/issues/1457) - Update tests to commonmark 0.29 [#1465](https://togithub.com/markedjs/marked/issues/1465) - Update tests to GFM 0.29 [#1470](https://togithub.com/markedjs/marked/issues/1470) - Fix commonmark spec 57 and 40 (headings) [#1475](https://togithub.com/markedjs/marked/issues/1475) ### [`v0.6.2`](https://togithub.com/markedjs/marked/releases/tag/v0.6.2): 0.6.2 [Compare Source](https://togithub.com/markedjs/marked/compare/v0.6.1...v0.6.2) #### Security - Link redos [#1426](https://togithub.com/markedjs/marked/issues/1426) - Text redos [#1460](https://togithub.com/markedjs/marked/issues/1460) #### Fixes - Links parens [#1435](https://togithub.com/markedjs/marked/issues/1435) - New line after table with escaped pipe [#1439](https://togithub.com/markedjs/marked/issues/1439) - List item tables [#1446](https://togithub.com/markedjs/marked/issues/1446) #### Enhancements - Pass token boolean to the `listitem` function [#1440](https://togithub.com/markedjs/marked/issues/1440) - Allow html without \n after [#1438](https://togithub.com/markedjs/marked/issues/1438) #### CLI - Update man page to include `--test` and fix argv parameters [#1442](https://togithub.com/markedjs/marked/issues/1442) - Add a `--version` flag to print marked version [#1448](https://togithub.com/markedjs/marked/issues/1448) #### Testing - Normalize marked tests [#1444](https://togithub.com/markedjs/marked/issues/1444) - Update tests to node 4 syntax [#1449](https://togithub.com/markedjs/marked/issues/1449) ### [`v0.6.1`](https://togithub.com/markedjs/marked/releases/tag/v0.6.1): 0.6.1 [Compare Source](https://togithub.com/markedjs/marked/compare/v0.6.0...v0.6.1) #### Fixes - Fix parenthesis url redos [#1414](https://togithub.com/markedjs/marked/issues/1414) #### Docs - Update demo site to use a worker [#1418](https://togithub.com/markedjs/marked/issues/1418) - Update devDependencies to last stable [#1409](https://togithub.com/markedjs/marked/issues/1409) - Update documentation about extending Renderer [#1417](https://togithub.com/markedjs/marked/issues/1417) - Remove `--save` option as it isn't required anymore [#1422](https://togithub.com/markedjs/marked/issues/1422) - Add snyk badge [#1420](https://togithub.com/markedjs/marked/issues/1420) ### [`v0.6.0`](https://togithub.com/markedjs/marked/releases/tag/v0.6.0): 0.6.0 [Compare Source](https://togithub.com/markedjs/marked/compare/v0.5.2...v0.6.0) #### Breaking Changes - Drop support for Node v0.10 and old browsers such as Internet Explorer - You should not have any problems if using Node 4+ or a modern browser - Add parameter `slugger` to `Renderer.prototype.heading` method [#1401](https://togithub.com/markedjs/marked/issues/1401) - You should not have any problems if you do not override this method #### New Features - Add new export `marked.Slugger` [#1401](https://togithub.com/markedjs/marked/issues/1401) #### Fixes - Fix emphasis followed by a punctuation [#1383](https://togithub.com/markedjs/marked/issues/1383) - Fix bold around autolink email address [#1385](https://togithub.com/markedjs/marked/issues/1385) - Make autolinks case insensitive [#1384](https://togithub.com/markedjs/marked/issues/1384) - Make code fences compliant with Commonmark spec [#1387](https://togithub.com/markedjs/marked/issues/1387) - Make blockquote paragraph continuation compliant with Commonmark spec [#1394](https://togithub.com/markedjs/marked/issues/1394) - Make ordered list marker length compliant with Commonmark spec [#1391](https://togithub.com/markedjs/marked/issues/1391) - Make empty list items compliant with Commonmark spec [#1395](https://togithub.com/markedjs/marked/issues/1395) - Make tag escaping compliant with Commonmark spec [#1397](https://togithub.com/markedjs/marked/issues/1397) - Make strong/bold compliant with Commonmark spec [#1400](https://togithub.com/markedjs/marked/issues/1400) - Fix handling of adjacent lists [#684](https://togithub.com/markedjs/marked/issues/684) - Add better error handling when token type cannot be found [#1005](https://togithub.com/markedjs/marked/issues/1005) - Fix duplicate heading id and non-latin characters [#1401](https://togithub.com/markedjs/marked/issues/1401) #### CLI - Pretty print ENOENT errors on cli [#1396](https://togithub.com/markedjs/marked/issues/1396) - Update repo url in man [#1403](https://togithub.com/markedjs/marked/issues/1403) #### Docs - Fix `breaks` option description [#1381](https://togithub.com/markedjs/marked/issues/1381) - Update docs to include "Since" version [#1382](https://togithub.com/markedjs/marked/issues/1382) - Add defibrillator badge for [@mccraveiro](https://togithub.com/mccraveiro) [#1392](https://togithub.com/markedjs/marked/issues/1392) #### Tests - Remove old test covered by gfm/cm [#1389](https://togithub.com/markedjs/marked/issues/1389) ### [`v0.5.2`](https://togithub.com/markedjs/marked/releases/tag/v0.5.2): 0.5.2 [Compare Source](https://togithub.com/markedjs/marked/compare/v0.5.1...v0.5.2) #### Bug Fixes - Fix emphasis closing by single \_ (part of left-flanking run) [#1351](https://togithub.com/markedjs/marked/issues/1351) - Make URL handling consistent between links and images [#1359](https://togithub.com/markedjs/marked/issues/1359) #### Other - Add missing semicolons, add lint rule [#1340](https://togithub.com/markedjs/marked/issues/1340) - Make Steven ([@styfle](https://togithub.com/styfle)) a npm publisher [#1346](https://togithub.com/markedjs/marked/issues/1346) - Fix typo in docs: re*s*ponsibility [#1364](https://togithub.com/markedjs/marked/issues/1364) - Add the ability to specify options on the [demo page](https://marked.js.org/demo/) as JSON [#1357](https://togithub.com/markedjs/marked/issues/1357) - Show red border when JSON options are invalid [#1360](https://togithub.com/markedjs/marked/issues/1360) - Move license file back to root dir [#1356](https://togithub.com/markedjs/marked/issues/1356) - Fix builds: remove node v0.10 from travis matrix [#1366](https://togithub.com/markedjs/marked/issues/1366) - This does not a break compatibility in this release but it will a future release - Add `files` key to package.json to prevent publishing unused files [#1367](https://togithub.com/markedjs/marked/issues/1367) ### [`v0.5.1`](https://togithub.com/markedjs/marked/releases/tag/v0.5.1): 0.5.1 [Compare Source](https://togithub.com/markedjs/marked/compare/v0.5.0...v0.5.1) #### Security - Fix inline code regex and prevent REDOS [#1337](https://togithub.com/markedjs/marked/issues/1337) - Use `@markedjs/html-differ` to prevent REDOS [#1331](https://togithub.com/markedjs/marked/issues/1331) #### Bug Fixes - Fix typographic substitution in (pre|code|kbd|script) blocks when smartypants=true [#1335](https://togithub.com/markedjs/marked/issues/1335) - Fix auto-linking email address [#1338](https://togithub.com/markedjs/marked/issues/1338) #### Other - Refactor the `escape()` function to improve performance 10-20% [#975](https://togithub.com/markedjs/marked/issues/975) - Update copyright in source code [#1326](https://togithub.com/markedjs/marked/issues/1326) - Update benchmark tests [#1019](https://togithub.com/markedjs/marked/issues/1019) - Add dependency badges to readme [#1333](https://togithub.com/markedjs/marked/issues/1333) ### [`v0.5.0`](https://togithub.com/markedjs/marked/releases/tag/v0.5.0): 0.5.0 [Compare Source](https://togithub.com/markedjs/marked/compare/0.4.0...v0.5.0) #### Security - Use rtrim, not unsafe /X+$/ [#1260](https://togithub.com/markedjs/marked/issues/1260) #### Breaking Changes - Fix GFM empty table cells [#1262](https://togithub.com/markedjs/marked/issues/1262) - Fix GFM extended auto-linking requiring multiple backpedals [#1293](https://togithub.com/markedjs/marked/issues/1293) - Fix GFM strikethrough compatibility [#1258](https://togithub.com/markedjs/marked/issues/1258) - Fix issues link references and prototypes [#1299](https://togithub.com/markedjs/marked/issues/1299) - Fix hard line break when backslash at EOL [#1303](https://togithub.com/markedjs/marked/issues/1303) - Fix hyperlinks with parenthesis [#1305](https://togithub.com/markedjs/marked/issues/1305) - Fix loose lists [#1304](https://togithub.com/markedjs/marked/issues/1304) - Fix strong and em [#1315](https://togithub.com/markedjs/marked/issues/1315) #### Docs - Fix typo in USING_ADVANCED.md [#1276](https://togithub.com/markedjs/marked/issues/1276) - Add pictures to AUTHORS.md [#1272](https://togithub.com/markedjs/marked/issues/1272) - Change badge to latest version of marked [#1300](https://togithub.com/markedjs/marked/issues/1300) - Change badges from shields.io to badgen.net [#1317](https://togithub.com/markedjs/marked/issues/1317) - Use iframe to sandbox generated html [#1295](https://togithub.com/markedjs/marked/issues/1295) - Add additional links into readme [#1310](https://togithub.com/markedjs/marked/issues/1310) - Add missing parameters for renderer methods [#1311](https://togithub.com/markedjs/marked/issues/1311) - Add undocumented option descriptions [#1312](https://togithub.com/markedjs/marked/issues/1312) - Add navigation sidebar to the docs [#1316](https://togithub.com/markedjs/marked/issues/1316) #### CI - Change travis clone depth to 3 [#1270](https://togithub.com/markedjs/marked/issues/1270) ### [`v0.4.0`](https://togithub.com/markedjs/marked/releases/tag/0.4.0) [Compare Source](https://togithub.com/markedjs/marked/compare/v0.3.19...0.4.0) #### Security Fixes - Fix unsafe `heading` regex ([#1224](https://togithub.com/markedjs/marked/issues/1224)) - Fix unsafe `link` regex ([#1223](https://togithub.com/markedjs/marked/issues/1223), [#1227](https://togithub.com/markedjs/marked/issues/1227)) #### New Features - Add [option](https://marked.js.org/#/USING_ADVANCED.md) to disable heading ids ([#1190](https://togithub.com/markedjs/marked/issues/1190)) - Add support for [GFM Task Lists](https://github.github.com/gfm/#task-list-items-extension-) to comply with the GFM spec ([#1250](https://togithub.com/markedjs/marked/issues/1250)) #### Breaking Changes - Fix escaping pipes in tables ([#1239](https://togithub.com/markedjs/marked/issues/1239)) - Fix html output for tables to match GFM spec ([#1245](https://togithub.com/markedjs/marked/issues/1245)) - Fix many bugs to reach parity with CommonMark spec ([#1135](https://togithub.com/markedjs/marked/issues/1135)) - Fix new Renderer() so it uses default options ([#1203](https://togithub.com/markedjs/marked/issues/1203)) - Fix text and paragraph return types ([#1248](https://togithub.com/markedjs/marked/issues/1248)) ([#1249](https://togithub.com/markedjs/marked/issues/1249)) - Fix `` less than 3 chars ([#1181](https://togithub.com/markedjs/marked/issues/1181)) - Fix `
` code blocks so there is no more trailing `\n` ([#1266](https://togithub.com/markedjs/marked/issues/1266)) - Fix default langPrefix to follow CommonMark standard `language-` ([#1265](https://togithub.com/markedjs/marked/issues/1265)) #### CLI Changes - Add string argument to CLI ([#1182](https://togithub.com/markedjs/marked/issues/1182)) - Change CLI stdio to remove warning ([#994](https://togithub.com/markedjs/marked/issues/994)) #### Other changes - Lint all the things ([#1185](https://togithub.com/markedjs/marked/issues/1185)) - Improved testing and DevOps ([#1160](https://togithub.com/markedjs/marked/issues/1160), [#1210](https://togithub.com/markedjs/marked/issues/1210), [#1220](https://togithub.com/markedjs/marked/issues/1220), [#1228](https://togithub.com/markedjs/marked/issues/1228), [#1219](https://togithub.com/markedjs/marked/issues/1219), [#1256](https://togithub.com/markedjs/marked/issues/1256)) - Update documentation and demos ([#1196](https://togithub.com/markedjs/marked/issues/1196), [#1197](https://togithub.com/markedjs/marked/issues/1197), [#1204](https://togithub.com/markedjs/marked/issues/1204), [#1207](https://togithub.com/markedjs/marked/issues/1207), [#1221](https://togithub.com/markedjs/marked/issues/1221), [#1233](https://togithub.com/markedjs/marked/issues/1233), [#1217](https://togithub.com/markedjs/marked/issues/1217), [#1240](https://togithub.com/markedjs/marked/issues/1240), [#1244](https://togithub.com/markedjs/marked/issues/1244), [#1253](https://togithub.com/markedjs/marked/issues/1253)) ### [`v0.3.19`](https://togithub.com/markedjs/marked/releases/tag/v0.3.19): 0.3.18 minified required new release [Compare Source](https://togithub.com/markedjs/marked/compare/v0.3.18...v0.3.19) 0.3.18 did not have changes to min. ### [`v0.3.18`](https://togithub.com/markedjs/marked/releases/tag/v0.3.18): Minor fixes and updated docs [Compare Source](https://togithub.com/markedjs/marked/compare/v0.3.17...v0.3.18) - Supported Markdown flavors: CommonMark 0.28 and GitHub Flavored Markdown 0.28 - Updates to our CI pipeline; we're all green! [#1098](https://togithub.com/markedjs/marked/issues/1098) with the caveat that there is a test that needs to get sorted (help us out [#1092](https://togithub.com/markedjs/marked/issues/1092)) - Start ordered lists using the initial numbers from markdown lists ([#1144](https://togithub.com/markedjs/marked/issues/1144)) - Added GitHub Pages site for documentation https://marked.js.org/ ([#1138](https://togithub.com/markedjs/marked/issues/1138)) ### [`v0.3.17`](https://togithub.com/markedjs/marked/releases/tag/v0.3.17): Processes and tools [Compare Source](https://togithub.com/markedjs/marked/compare/5f765201af4aa021d7adaf5c68b550325b2818db...v0.3.17) - The elephant in the room: A security vulnerability was discovered and fixed. Please note, if something breaks due to these changes, it was not our intent, and please let us know by submitting a PR or issue to course correct (the nature of the zero-major release and having security as a number one priority) [#1083](https://togithub.com/markedjs/marked/issues/1083) - The other elephant in the room: We missed publishing a 0.3.16 release to GitHub; so, trying to make up for that a bit. - Updates to the project documentation and operations, you should check it out, just start with the README and you should be good. - New release PR template available [#1076](https://togithub.com/markedjs/marked/issues/1076) - Updates to default PR and Issue templates [#1076](https://togithub.com/markedjs/marked/issues/1076) - Lint checks + tests + continuous integration using Travis [#1020](https://togithub.com/markedjs/marked/issues/1020) - Updated testing output [#1085](https://togithub.com/markedjs/marked/issues/1085) & [#1087](https://togithub.com/markedjs/marked/issues/1087) ### [`v0.3.16`](https://togithub.com/markedjs/marked/compare/0.3.15...5f765201af4aa021d7adaf5c68b550325b2818db) [Compare Source](https://togithub.com/markedjs/marked/compare/0.3.15...5f765201af4aa021d7adaf5c68b550325b2818db) ### [`v0.3.15`](https://togithub.com/markedjs/marked/releases/tag/0.3.15): Fix capturing parens [Compare Source](https://togithub.com/markedjs/marked/compare/0.3.14...0.3.15) Fixes unintended breaking change from v0.3.14 ### [`v0.3.14`](https://togithub.com/markedjs/marked/releases/tag/0.3.14): New year, new home [Compare Source](https://togithub.com/markedjs/marked/compare/343b623eac763b8e0f21ddc6a9d661854fdf7971...0.3.14) - Marked has a new home under the MarkedJS org! Other advances soon to come. - Updated minifier. - Various parser fixes ### [`v0.3.13`](https://togithub.com/markedjs/marked/compare/v0.3.12...343b623eac763b8e0f21ddc6a9d661854fdf7971) [Compare Source](https://togithub.com/markedjs/marked/compare/v0.3.12...343b623eac763b8e0f21ddc6a9d661854fdf7971) ### [`v0.3.12`](https://togithub.com/markedjs/marked/releases/tag/v0.3.12): New Year, new Marked! [Compare Source](https://togithub.com/markedjs/marked/compare/0.3.9...v0.3.12) - Addresses issue where some users might not have been able to update due to missing `use strict` [#991](https://togithub.com/markedjs/marked/issues/991) - Parser fix [#977](https://togithub.com/markedjs/marked/issues/977) - New way to perform tests with options and running individual tests [#1002](https://togithub.com/markedjs/marked/issues/1002) - Improved test cases - Improved links ### [`v0.3.9`](https://togithub.com/markedjs/marked/releases/tag/0.3.9): Merry XSSmas [Compare Source](https://togithub.com/markedjs/marked/compare/v0.3.7...0.3.9) We think with this version we have addressed most, if not all, known security vulnerabilities. If you find more, please let us know. ### [`v0.3.7`](https://togithub.com/markedjs/marked/releases/tag/v0.3.7): XSS [Compare Source](https://togithub.com/markedjs/marked/compare/v0.3.6...v0.3.7) Should fix XSS issue discovered. ### [`v0.3.6`](https://togithub.com/markedjs/marked/compare/v0.3.5...v0.3.6) [Compare Source](https://togithub.com/markedjs/marked/compare/v0.3.5...v0.3.6)

[ ] If you want to rebase/retry this PR, check this box

aayant-mend / NodeGoat