The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.
Mend ensures you have the greatest risk reduction ("Recommended Fix"-highlighted in green) by removing as many vulnerabilities as possible. Click to see how we calculate risk reduction.
Release Notes
markedjs/marked
### [`v0.7.0`](https://togithub.com/markedjs/marked/releases/tag/v0.7.0): 0.7.0
[Compare Source](https://togithub.com/markedjs/marked/compare/v0.6.3...v0.7.0)
#### Security
- Sanitize `paragraph` and `text` tokens [#1504](https://togithub.com/markedjs/marked/issues/1504)
- Fix ReDOS for links with backticks (issue [#1493](https://togithub.com/markedjs/marked/issues/1493)) [#1515](https://togithub.com/markedjs/marked/issues/1515)
#### Breaking Changes
- Deprecate `sanitize` and `sanitizer` options [#1504](https://togithub.com/markedjs/marked/issues/1504)
- Move `fences` to CommonMark [#1511](https://togithub.com/markedjs/marked/issues/1511)
- Move `tables` to GFM [#1511](https://togithub.com/markedjs/marked/issues/1511)
- Remove `tables` option [#1511](https://togithub.com/markedjs/marked/issues/1511)
- Single backtick in link text needs to be escaped [#1515](https://togithub.com/markedjs/marked/issues/1515)
#### Fixes
- Fix parentheses around a link [#1509](https://togithub.com/markedjs/marked/issues/1509)
- Fix headings (issue [#1510](https://togithub.com/markedjs/marked/issues/1510)) [#1511](https://togithub.com/markedjs/marked/issues/1511)
#### Tests
- Run tests with correct options [#1511](https://togithub.com/markedjs/marked/issues/1511)
### [`v0.6.3`](https://togithub.com/markedjs/marked/releases/tag/v0.6.3): 0.6.3
[Compare Source](https://togithub.com/markedjs/marked/compare/v0.6.2...v0.6.3)
#### Fixes
- Fix nested blockquotes [#1464](https://togithub.com/markedjs/marked/issues/1464)
- Fix `` issue with mixed content [#1451](https://togithub.com/markedjs/marked/issues/1451)
- revert [#1464](https://togithub.com/markedjs/marked/issues/1464) [#1497](https://togithub.com/markedjs/marked/issues/1497)
- Fix `breaks: true` [#1507](https://togithub.com/markedjs/marked/issues/1507)
#### Docs
- add docs for workers [#1432](https://togithub.com/markedjs/marked/issues/1432)
- Add security policy [#1492](https://togithub.com/markedjs/marked/issues/1492)
- Update supported spec versions [#1491](https://togithub.com/markedjs/marked/issues/1491)
- Update test folder descriptions [#1506](https://togithub.com/markedjs/marked/issues/1506)
#### DevOps
- Use latest commit for demo master [#1457](https://togithub.com/markedjs/marked/issues/1457)
- Update tests to commonmark 0.29 [#1465](https://togithub.com/markedjs/marked/issues/1465)
- Update tests to GFM 0.29 [#1470](https://togithub.com/markedjs/marked/issues/1470)
- Fix commonmark spec 57 and 40 (headings) [#1475](https://togithub.com/markedjs/marked/issues/1475)
### [`v0.6.2`](https://togithub.com/markedjs/marked/releases/tag/v0.6.2): 0.6.2
[Compare Source](https://togithub.com/markedjs/marked/compare/v0.6.1...v0.6.2)
#### Security
- Link redos [#1426](https://togithub.com/markedjs/marked/issues/1426)
- Text redos [#1460](https://togithub.com/markedjs/marked/issues/1460)
#### Fixes
- Links parens [#1435](https://togithub.com/markedjs/marked/issues/1435)
- New line after table with escaped pipe [#1439](https://togithub.com/markedjs/marked/issues/1439)
- List item tables [#1446](https://togithub.com/markedjs/marked/issues/1446)
#### Enhancements
- Pass token boolean to the `listitem` function [#1440](https://togithub.com/markedjs/marked/issues/1440)
- Allow html without \n after [#1438](https://togithub.com/markedjs/marked/issues/1438)
#### CLI
- Update man page to include `--test` and fix argv parameters [#1442](https://togithub.com/markedjs/marked/issues/1442)
- Add a `--version` flag to print marked version [#1448](https://togithub.com/markedjs/marked/issues/1448)
#### Testing
- Normalize marked tests [#1444](https://togithub.com/markedjs/marked/issues/1444)
- Update tests to node 4 syntax [#1449](https://togithub.com/markedjs/marked/issues/1449)
### [`v0.6.1`](https://togithub.com/markedjs/marked/releases/tag/v0.6.1): 0.6.1
[Compare Source](https://togithub.com/markedjs/marked/compare/v0.6.0...v0.6.1)
#### Fixes
- Fix parenthesis url redos [#1414](https://togithub.com/markedjs/marked/issues/1414)
#### Docs
- Update demo site to use a worker [#1418](https://togithub.com/markedjs/marked/issues/1418)
- Update devDependencies to last stable [#1409](https://togithub.com/markedjs/marked/issues/1409)
- Update documentation about extending Renderer [#1417](https://togithub.com/markedjs/marked/issues/1417)
- Remove `--save` option as it isn't required anymore [#1422](https://togithub.com/markedjs/marked/issues/1422)
- Add snyk badge [#1420](https://togithub.com/markedjs/marked/issues/1420)
### [`v0.6.0`](https://togithub.com/markedjs/marked/releases/tag/v0.6.0): 0.6.0
[Compare Source](https://togithub.com/markedjs/marked/compare/v0.5.2...v0.6.0)
#### Breaking Changes
- Drop support for Node v0.10 and old browsers such as Internet Explorer
- You should not have any problems if using Node 4+ or a modern browser
- Add parameter `slugger` to `Renderer.prototype.heading` method [#1401](https://togithub.com/markedjs/marked/issues/1401)
- You should not have any problems if you do not override this method
#### New Features
- Add new export `marked.Slugger` [#1401](https://togithub.com/markedjs/marked/issues/1401)
#### Fixes
- Fix emphasis followed by a punctuation [#1383](https://togithub.com/markedjs/marked/issues/1383)
- Fix bold around autolink email address [#1385](https://togithub.com/markedjs/marked/issues/1385)
- Make autolinks case insensitive [#1384](https://togithub.com/markedjs/marked/issues/1384)
- Make code fences compliant with Commonmark spec [#1387](https://togithub.com/markedjs/marked/issues/1387)
- Make blockquote paragraph continuation compliant with Commonmark spec [#1394](https://togithub.com/markedjs/marked/issues/1394)
- Make ordered list marker length compliant with Commonmark spec [#1391](https://togithub.com/markedjs/marked/issues/1391)
- Make empty list items compliant with Commonmark spec [#1395](https://togithub.com/markedjs/marked/issues/1395)
- Make tag escaping compliant with Commonmark spec [#1397](https://togithub.com/markedjs/marked/issues/1397)
- Make strong/bold compliant with Commonmark spec [#1400](https://togithub.com/markedjs/marked/issues/1400)
- Fix handling of adjacent lists [#684](https://togithub.com/markedjs/marked/issues/684)
- Add better error handling when token type cannot be found [#1005](https://togithub.com/markedjs/marked/issues/1005)
- Fix duplicate heading id and non-latin characters [#1401](https://togithub.com/markedjs/marked/issues/1401)
#### CLI
- Pretty print ENOENT errors on cli [#1396](https://togithub.com/markedjs/marked/issues/1396)
- Update repo url in man [#1403](https://togithub.com/markedjs/marked/issues/1403)
#### Docs
- Fix `breaks` option description [#1381](https://togithub.com/markedjs/marked/issues/1381)
- Update docs to include "Since" version [#1382](https://togithub.com/markedjs/marked/issues/1382)
- Add defibrillator badge for [@mccraveiro](https://togithub.com/mccraveiro) [#1392](https://togithub.com/markedjs/marked/issues/1392)
#### Tests
- Remove old test covered by gfm/cm [#1389](https://togithub.com/markedjs/marked/issues/1389)
### [`v0.5.2`](https://togithub.com/markedjs/marked/releases/tag/v0.5.2): 0.5.2
[Compare Source](https://togithub.com/markedjs/marked/compare/v0.5.1...v0.5.2)
#### Bug Fixes
- Fix emphasis closing by single \_ (part of left-flanking run) [#1351](https://togithub.com/markedjs/marked/issues/1351)
- Make URL handling consistent between links and images [#1359](https://togithub.com/markedjs/marked/issues/1359)
#### Other
- Add missing semicolons, add lint rule [#1340](https://togithub.com/markedjs/marked/issues/1340)
- Make Steven ([@styfle](https://togithub.com/styfle)) a npm publisher [#1346](https://togithub.com/markedjs/marked/issues/1346)
- Fix typo in docs: re*s*ponsibility [#1364](https://togithub.com/markedjs/marked/issues/1364)
- Add the ability to specify options on the [demo page](https://marked.js.org/demo/) as JSON [#1357](https://togithub.com/markedjs/marked/issues/1357)
- Show red border when JSON options are invalid [#1360](https://togithub.com/markedjs/marked/issues/1360)
- Move license file back to root dir [#1356](https://togithub.com/markedjs/marked/issues/1356)
- Fix builds: remove node v0.10 from travis matrix [#1366](https://togithub.com/markedjs/marked/issues/1366)
- This does not a break compatibility in this release but it will a future release
- Add `files` key to package.json to prevent publishing unused files [#1367](https://togithub.com/markedjs/marked/issues/1367)
### [`v0.5.1`](https://togithub.com/markedjs/marked/releases/tag/v0.5.1): 0.5.1
[Compare Source](https://togithub.com/markedjs/marked/compare/v0.5.0...v0.5.1)
#### Security
- Fix inline code regex and prevent REDOS [#1337](https://togithub.com/markedjs/marked/issues/1337)
- Use `@markedjs/html-differ` to prevent REDOS [#1331](https://togithub.com/markedjs/marked/issues/1331)
#### Bug Fixes
- Fix typographic substitution in (pre|code|kbd|script) blocks when smartypants=true [#1335](https://togithub.com/markedjs/marked/issues/1335)
- Fix auto-linking email address [#1338](https://togithub.com/markedjs/marked/issues/1338)
#### Other
- Refactor the `escape()` function to improve performance 10-20% [#975](https://togithub.com/markedjs/marked/issues/975)
- Update copyright in source code [#1326](https://togithub.com/markedjs/marked/issues/1326)
- Update benchmark tests [#1019](https://togithub.com/markedjs/marked/issues/1019)
- Add dependency badges to readme [#1333](https://togithub.com/markedjs/marked/issues/1333)
### [`v0.5.0`](https://togithub.com/markedjs/marked/releases/tag/v0.5.0): 0.5.0
[Compare Source](https://togithub.com/markedjs/marked/compare/0.4.0...v0.5.0)
#### Security
- Use rtrim, not unsafe /X+$/ [#1260](https://togithub.com/markedjs/marked/issues/1260)
#### Breaking Changes
- Fix GFM empty table cells [#1262](https://togithub.com/markedjs/marked/issues/1262)
- Fix GFM extended auto-linking requiring multiple backpedals [#1293](https://togithub.com/markedjs/marked/issues/1293)
- Fix GFM strikethrough compatibility [#1258](https://togithub.com/markedjs/marked/issues/1258)
- Fix issues link references and prototypes [#1299](https://togithub.com/markedjs/marked/issues/1299)
- Fix hard line break when backslash at EOL [#1303](https://togithub.com/markedjs/marked/issues/1303)
- Fix hyperlinks with parenthesis [#1305](https://togithub.com/markedjs/marked/issues/1305)
- Fix loose lists [#1304](https://togithub.com/markedjs/marked/issues/1304)
- Fix strong and em [#1315](https://togithub.com/markedjs/marked/issues/1315)
#### Docs
- Fix typo in USING_ADVANCED.md [#1276](https://togithub.com/markedjs/marked/issues/1276)
- Add pictures to AUTHORS.md [#1272](https://togithub.com/markedjs/marked/issues/1272)
- Change badge to latest version of marked [#1300](https://togithub.com/markedjs/marked/issues/1300)
- Change badges from shields.io to badgen.net [#1317](https://togithub.com/markedjs/marked/issues/1317)
- Use iframe to sandbox generated html [#1295](https://togithub.com/markedjs/marked/issues/1295)
- Add additional links into readme [#1310](https://togithub.com/markedjs/marked/issues/1310)
- Add missing parameters for renderer methods [#1311](https://togithub.com/markedjs/marked/issues/1311)
- Add undocumented option descriptions [#1312](https://togithub.com/markedjs/marked/issues/1312)
- Add navigation sidebar to the docs [#1316](https://togithub.com/markedjs/marked/issues/1316)
#### CI
- Change travis clone depth to 3 [#1270](https://togithub.com/markedjs/marked/issues/1270)
### [`v0.4.0`](https://togithub.com/markedjs/marked/releases/tag/0.4.0)
[Compare Source](https://togithub.com/markedjs/marked/compare/v0.3.19...0.4.0)
#### Security Fixes
- Fix unsafe `heading` regex ([#1224](https://togithub.com/markedjs/marked/issues/1224))
- Fix unsafe `link` regex ([#1223](https://togithub.com/markedjs/marked/issues/1223), [#1227](https://togithub.com/markedjs/marked/issues/1227))
#### New Features
- Add [option](https://marked.js.org/#/USING_ADVANCED.md) to disable heading ids ([#1190](https://togithub.com/markedjs/marked/issues/1190))
- Add support for [GFM Task Lists](https://github.github.com/gfm/#task-list-items-extension-) to comply with the GFM spec ([#1250](https://togithub.com/markedjs/marked/issues/1250))
#### Breaking Changes
- Fix escaping pipes in tables ([#1239](https://togithub.com/markedjs/marked/issues/1239))
- Fix html output for tables to match GFM spec ([#1245](https://togithub.com/markedjs/marked/issues/1245))
- Fix many bugs to reach parity with CommonMark spec ([#1135](https://togithub.com/markedjs/marked/issues/1135))
- Fix new Renderer() so it uses default options ([#1203](https://togithub.com/markedjs/marked/issues/1203))
- Fix text and paragraph return types ([#1248](https://togithub.com/markedjs/marked/issues/1248)) ([#1249](https://togithub.com/markedjs/marked/issues/1249))
- Fix `` less than 3 chars ([#1181](https://togithub.com/markedjs/marked/issues/1181))
- Fix `
` code blocks so there is no more trailing `\n` ([#1266](https://togithub.com/markedjs/marked/issues/1266))
- Fix default langPrefix to follow CommonMark standard `language-` ([#1265](https://togithub.com/markedjs/marked/issues/1265))
#### CLI Changes
- Add string argument to CLI ([#1182](https://togithub.com/markedjs/marked/issues/1182))
- Change CLI stdio to remove warning ([#994](https://togithub.com/markedjs/marked/issues/994))
#### Other changes
- Lint all the things ([#1185](https://togithub.com/markedjs/marked/issues/1185))
- Improved testing and DevOps ([#1160](https://togithub.com/markedjs/marked/issues/1160), [#1210](https://togithub.com/markedjs/marked/issues/1210), [#1220](https://togithub.com/markedjs/marked/issues/1220), [#1228](https://togithub.com/markedjs/marked/issues/1228), [#1219](https://togithub.com/markedjs/marked/issues/1219), [#1256](https://togithub.com/markedjs/marked/issues/1256))
- Update documentation and demos ([#1196](https://togithub.com/markedjs/marked/issues/1196), [#1197](https://togithub.com/markedjs/marked/issues/1197), [#1204](https://togithub.com/markedjs/marked/issues/1204), [#1207](https://togithub.com/markedjs/marked/issues/1207), [#1221](https://togithub.com/markedjs/marked/issues/1221), [#1233](https://togithub.com/markedjs/marked/issues/1233), [#1217](https://togithub.com/markedjs/marked/issues/1217), [#1240](https://togithub.com/markedjs/marked/issues/1240), [#1244](https://togithub.com/markedjs/marked/issues/1244), [#1253](https://togithub.com/markedjs/marked/issues/1253))
### [`v0.3.19`](https://togithub.com/markedjs/marked/releases/tag/v0.3.19): 0.3.18 minified required new release
[Compare Source](https://togithub.com/markedjs/marked/compare/v0.3.18...v0.3.19)
0.3.18 did not have changes to min.
### [`v0.3.18`](https://togithub.com/markedjs/marked/releases/tag/v0.3.18): Minor fixes and updated docs
[Compare Source](https://togithub.com/markedjs/marked/compare/v0.3.17...v0.3.18)
- Supported Markdown flavors: CommonMark 0.28 and GitHub Flavored Markdown 0.28
- Updates to our CI pipeline; we're all green! [#1098](https://togithub.com/markedjs/marked/issues/1098) with the caveat that there is a test that needs to get sorted (help us out [#1092](https://togithub.com/markedjs/marked/issues/1092))
- Start ordered lists using the initial numbers from markdown lists ([#1144](https://togithub.com/markedjs/marked/issues/1144))
- Added GitHub Pages site for documentation https://marked.js.org/ ([#1138](https://togithub.com/markedjs/marked/issues/1138))
### [`v0.3.17`](https://togithub.com/markedjs/marked/releases/tag/v0.3.17): Processes and tools
[Compare Source](https://togithub.com/markedjs/marked/compare/5f765201af4aa021d7adaf5c68b550325b2818db...v0.3.17)
- The elephant in the room: A security vulnerability was discovered and fixed. Please note, if something breaks due to these changes, it was not our intent, and please let us know by submitting a PR or issue to course correct (the nature of the zero-major release and having security as a number one priority) [#1083](https://togithub.com/markedjs/marked/issues/1083)
- The other elephant in the room: We missed publishing a 0.3.16 release to GitHub; so, trying to make up for that a bit.
- Updates to the project documentation and operations, you should check it out, just start with the README and you should be good.
- New release PR template available [#1076](https://togithub.com/markedjs/marked/issues/1076)
- Updates to default PR and Issue templates [#1076](https://togithub.com/markedjs/marked/issues/1076)
- Lint checks + tests + continuous integration using Travis [#1020](https://togithub.com/markedjs/marked/issues/1020)
- Updated testing output [#1085](https://togithub.com/markedjs/marked/issues/1085) & [#1087](https://togithub.com/markedjs/marked/issues/1087)
### [`v0.3.16`](https://togithub.com/markedjs/marked/compare/0.3.15...5f765201af4aa021d7adaf5c68b550325b2818db)
[Compare Source](https://togithub.com/markedjs/marked/compare/0.3.15...5f765201af4aa021d7adaf5c68b550325b2818db)
### [`v0.3.15`](https://togithub.com/markedjs/marked/releases/tag/0.3.15): Fix capturing parens
[Compare Source](https://togithub.com/markedjs/marked/compare/0.3.14...0.3.15)
Fixes unintended breaking change from v0.3.14
### [`v0.3.14`](https://togithub.com/markedjs/marked/releases/tag/0.3.14): New year, new home
[Compare Source](https://togithub.com/markedjs/marked/compare/343b623eac763b8e0f21ddc6a9d661854fdf7971...0.3.14)
- Marked has a new home under the MarkedJS org! Other advances soon to come.
- Updated minifier.
- Various parser fixes
### [`v0.3.13`](https://togithub.com/markedjs/marked/compare/v0.3.12...343b623eac763b8e0f21ddc6a9d661854fdf7971)
[Compare Source](https://togithub.com/markedjs/marked/compare/v0.3.12...343b623eac763b8e0f21ddc6a9d661854fdf7971)
### [`v0.3.12`](https://togithub.com/markedjs/marked/releases/tag/v0.3.12): New Year, new Marked!
[Compare Source](https://togithub.com/markedjs/marked/compare/0.3.9...v0.3.12)
- Addresses issue where some users might not have been able to update due to missing `use strict` [#991](https://togithub.com/markedjs/marked/issues/991)
- Parser fix [#977](https://togithub.com/markedjs/marked/issues/977)
- New way to perform tests with options and running individual tests [#1002](https://togithub.com/markedjs/marked/issues/1002)
- Improved test cases
- Improved links
### [`v0.3.9`](https://togithub.com/markedjs/marked/releases/tag/0.3.9): Merry XSSmas
[Compare Source](https://togithub.com/markedjs/marked/compare/v0.3.7...0.3.9)
We think with this version we have addressed most, if not all, known security vulnerabilities. If you find more, please let us know.
### [`v0.3.7`](https://togithub.com/markedjs/marked/releases/tag/v0.3.7): XSS
[Compare Source](https://togithub.com/markedjs/marked/compare/v0.3.6...v0.3.7)
Should fix XSS issue discovered.
### [`v0.3.6`](https://togithub.com/markedjs/marked/compare/v0.3.5...v0.3.6)
[Compare Source](https://togithub.com/markedjs/marked/compare/v0.3.5...v0.3.6)
[ ] If you want to rebase/retry this PR, check this box
This PR contains the following updates:
0.3.5
->0.7.0
This PR resolves the vulnerabilities described in Issue #24
Version 0.3.5
| Risk Change | Critical | High | Medium | Low | | --- | --- | --- | --- | --- | | N/A | 0 | 4 | 7 | 0 |Version 0.7.0
| Risk Change | Critical | High | Medium | Low | | --- | --- | --- | --- | --- | | -50% | 0 (--) | 2 (-2 ) | 1 (-6 ) | 0 (--) |Version 0.8.2
| Risk Change | Critical | High | Medium | Low | | --- | --- | --- | --- | --- | | -50% | 0 (--) | 2 (-2 ) | 1 (-6 ) | 0 (--) |Mend ensures you have the greatest risk reduction ("Recommended Fix"-highlighted in green) by removing as many vulnerabilities as possible. Click to see how we calculate risk reduction.
Release Notes
markedjs/marked
### [`v0.7.0`](https://togithub.com/markedjs/marked/releases/tag/v0.7.0): 0.7.0 [Compare Source](https://togithub.com/markedjs/marked/compare/v0.6.3...v0.7.0) #### Security - Sanitize `paragraph` and `text` tokens [#1504](https://togithub.com/markedjs/marked/issues/1504) - Fix ReDOS for links with backticks (issue [#1493](https://togithub.com/markedjs/marked/issues/1493)) [#1515](https://togithub.com/markedjs/marked/issues/1515) #### Breaking Changes - Deprecate `sanitize` and `sanitizer` options [#1504](https://togithub.com/markedjs/marked/issues/1504) - Move `fences` to CommonMark [#1511](https://togithub.com/markedjs/marked/issues/1511) - Move `tables` to GFM [#1511](https://togithub.com/markedjs/marked/issues/1511) - Remove `tables` option [#1511](https://togithub.com/markedjs/marked/issues/1511) - Single backtick in link text needs to be escaped [#1515](https://togithub.com/markedjs/marked/issues/1515) #### Fixes - Fix parentheses around a link [#1509](https://togithub.com/markedjs/marked/issues/1509) - Fix headings (issue [#1510](https://togithub.com/markedjs/marked/issues/1510)) [#1511](https://togithub.com/markedjs/marked/issues/1511) #### Tests - Run tests with correct options [#1511](https://togithub.com/markedjs/marked/issues/1511) ### [`v0.6.3`](https://togithub.com/markedjs/marked/releases/tag/v0.6.3): 0.6.3 [Compare Source](https://togithub.com/markedjs/marked/compare/v0.6.2...v0.6.3) #### Fixes - Fix nested blockquotes [#1464](https://togithub.com/markedjs/marked/issues/1464) - Fix `` issue with mixed content [#1451](https://togithub.com/markedjs/marked/issues/1451) - revert [#1464](https://togithub.com/markedjs/marked/issues/1464) [#1497](https://togithub.com/markedjs/marked/issues/1497) - Fix `breaks: true` [#1507](https://togithub.com/markedjs/marked/issues/1507) #### Docs - add docs for workers [#1432](https://togithub.com/markedjs/marked/issues/1432) - Add security policy [#1492](https://togithub.com/markedjs/marked/issues/1492) - Update supported spec versions [#1491](https://togithub.com/markedjs/marked/issues/1491) - Update test folder descriptions [#1506](https://togithub.com/markedjs/marked/issues/1506) #### DevOps - Use latest commit for demo master [#1457](https://togithub.com/markedjs/marked/issues/1457) - Update tests to commonmark 0.29 [#1465](https://togithub.com/markedjs/marked/issues/1465) - Update tests to GFM 0.29 [#1470](https://togithub.com/markedjs/marked/issues/1470) - Fix commonmark spec 57 and 40 (headings) [#1475](https://togithub.com/markedjs/marked/issues/1475) ### [`v0.6.2`](https://togithub.com/markedjs/marked/releases/tag/v0.6.2): 0.6.2 [Compare Source](https://togithub.com/markedjs/marked/compare/v0.6.1...v0.6.2) #### Security - Link redos [#1426](https://togithub.com/markedjs/marked/issues/1426) - Text redos [#1460](https://togithub.com/markedjs/marked/issues/1460) #### Fixes - Links parens [#1435](https://togithub.com/markedjs/marked/issues/1435) - New line after table with escaped pipe [#1439](https://togithub.com/markedjs/marked/issues/1439) - List item tables [#1446](https://togithub.com/markedjs/marked/issues/1446) #### Enhancements - Pass token boolean to the `listitem` function [#1440](https://togithub.com/markedjs/marked/issues/1440) - Allow html without \n after [#1438](https://togithub.com/markedjs/marked/issues/1438) #### CLI - Update man page to include `--test` and fix argv parameters [#1442](https://togithub.com/markedjs/marked/issues/1442) - Add a `--version` flag to print marked version [#1448](https://togithub.com/markedjs/marked/issues/1448) #### Testing - Normalize marked tests [#1444](https://togithub.com/markedjs/marked/issues/1444) - Update tests to node 4 syntax [#1449](https://togithub.com/markedjs/marked/issues/1449) ### [`v0.6.1`](https://togithub.com/markedjs/marked/releases/tag/v0.6.1): 0.6.1 [Compare Source](https://togithub.com/markedjs/marked/compare/v0.6.0...v0.6.1) #### Fixes - Fix parenthesis url redos [#1414](https://togithub.com/markedjs/marked/issues/1414) #### Docs - Update demo site to use a worker [#1418](https://togithub.com/markedjs/marked/issues/1418) - Update devDependencies to last stable [#1409](https://togithub.com/markedjs/marked/issues/1409) - Update documentation about extending Renderer [#1417](https://togithub.com/markedjs/marked/issues/1417) - Remove `--save` option as it isn't required anymore [#1422](https://togithub.com/markedjs/marked/issues/1422) - Add snyk badge [#1420](https://togithub.com/markedjs/marked/issues/1420) ### [`v0.6.0`](https://togithub.com/markedjs/marked/releases/tag/v0.6.0): 0.6.0 [Compare Source](https://togithub.com/markedjs/marked/compare/v0.5.2...v0.6.0) #### Breaking Changes - Drop support for Node v0.10 and old browsers such as Internet Explorer - You should not have any problems if using Node 4+ or a modern browser - Add parameter `slugger` to `Renderer.prototype.heading` method [#1401](https://togithub.com/markedjs/marked/issues/1401) - You should not have any problems if you do not override this method #### New Features - Add new export `marked.Slugger` [#1401](https://togithub.com/markedjs/marked/issues/1401) #### Fixes - Fix emphasis followed by a punctuation [#1383](https://togithub.com/markedjs/marked/issues/1383) - Fix bold around autolink email address [#1385](https://togithub.com/markedjs/marked/issues/1385) - Make autolinks case insensitive [#1384](https://togithub.com/markedjs/marked/issues/1384) - Make code fences compliant with Commonmark spec [#1387](https://togithub.com/markedjs/marked/issues/1387) - Make blockquote paragraph continuation compliant with Commonmark spec [#1394](https://togithub.com/markedjs/marked/issues/1394) - Make ordered list marker length compliant with Commonmark spec [#1391](https://togithub.com/markedjs/marked/issues/1391) - Make empty list items compliant with Commonmark spec [#1395](https://togithub.com/markedjs/marked/issues/1395) - Make tag escaping compliant with Commonmark spec [#1397](https://togithub.com/markedjs/marked/issues/1397) - Make strong/bold compliant with Commonmark spec [#1400](https://togithub.com/markedjs/marked/issues/1400) - Fix handling of adjacent lists [#684](https://togithub.com/markedjs/marked/issues/684) - Add better error handling when token type cannot be found [#1005](https://togithub.com/markedjs/marked/issues/1005) - Fix duplicate heading id and non-latin characters [#1401](https://togithub.com/markedjs/marked/issues/1401) #### CLI - Pretty print ENOENT errors on cli [#1396](https://togithub.com/markedjs/marked/issues/1396) - Update repo url in man [#1403](https://togithub.com/markedjs/marked/issues/1403) #### Docs - Fix `breaks` option description [#1381](https://togithub.com/markedjs/marked/issues/1381) - Update docs to include "Since" version [#1382](https://togithub.com/markedjs/marked/issues/1382) - Add defibrillator badge for [@mccraveiro](https://togithub.com/mccraveiro) [#1392](https://togithub.com/markedjs/marked/issues/1392) #### Tests - Remove old test covered by gfm/cm [#1389](https://togithub.com/markedjs/marked/issues/1389) ### [`v0.5.2`](https://togithub.com/markedjs/marked/releases/tag/v0.5.2): 0.5.2 [Compare Source](https://togithub.com/markedjs/marked/compare/v0.5.1...v0.5.2) #### Bug Fixes - Fix emphasis closing by single \_ (part of left-flanking run) [#1351](https://togithub.com/markedjs/marked/issues/1351) - Make URL handling consistent between links and images [#1359](https://togithub.com/markedjs/marked/issues/1359) #### Other - Add missing semicolons, add lint rule [#1340](https://togithub.com/markedjs/marked/issues/1340) - Make Steven ([@styfle](https://togithub.com/styfle)) a npm publisher [#1346](https://togithub.com/markedjs/marked/issues/1346) - Fix typo in docs: re*s*ponsibility [#1364](https://togithub.com/markedjs/marked/issues/1364) - Add the ability to specify options on the [demo page](https://marked.js.org/demo/) as JSON [#1357](https://togithub.com/markedjs/marked/issues/1357) - Show red border when JSON options are invalid [#1360](https://togithub.com/markedjs/marked/issues/1360) - Move license file back to root dir [#1356](https://togithub.com/markedjs/marked/issues/1356) - Fix builds: remove node v0.10 from travis matrix [#1366](https://togithub.com/markedjs/marked/issues/1366) - This does not a break compatibility in this release but it will a future release - Add `files` key to package.json to prevent publishing unused files [#1367](https://togithub.com/markedjs/marked/issues/1367) ### [`v0.5.1`](https://togithub.com/markedjs/marked/releases/tag/v0.5.1): 0.5.1 [Compare Source](https://togithub.com/markedjs/marked/compare/v0.5.0...v0.5.1) #### Security - Fix inline code regex and prevent REDOS [#1337](https://togithub.com/markedjs/marked/issues/1337) - Use `@markedjs/html-differ` to prevent REDOS [#1331](https://togithub.com/markedjs/marked/issues/1331) #### Bug Fixes - Fix typographic substitution in (pre|code|kbd|script) blocks when smartypants=true [#1335](https://togithub.com/markedjs/marked/issues/1335) - Fix auto-linking email address [#1338](https://togithub.com/markedjs/marked/issues/1338) #### Other - Refactor the `escape()` function to improve performance 10-20% [#975](https://togithub.com/markedjs/marked/issues/975) - Update copyright in source code [#1326](https://togithub.com/markedjs/marked/issues/1326) - Update benchmark tests [#1019](https://togithub.com/markedjs/marked/issues/1019) - Add dependency badges to readme [#1333](https://togithub.com/markedjs/marked/issues/1333) ### [`v0.5.0`](https://togithub.com/markedjs/marked/releases/tag/v0.5.0): 0.5.0 [Compare Source](https://togithub.com/markedjs/marked/compare/0.4.0...v0.5.0) #### Security - Use rtrim, not unsafe /X+$/ [#1260](https://togithub.com/markedjs/marked/issues/1260) #### Breaking Changes - Fix GFM empty table cells [#1262](https://togithub.com/markedjs/marked/issues/1262) - Fix GFM extended auto-linking requiring multiple backpedals [#1293](https://togithub.com/markedjs/marked/issues/1293) - Fix GFM strikethrough compatibility [#1258](https://togithub.com/markedjs/marked/issues/1258) - Fix issues link references and prototypes [#1299](https://togithub.com/markedjs/marked/issues/1299) - Fix hard line break when backslash at EOL [#1303](https://togithub.com/markedjs/marked/issues/1303) - Fix hyperlinks with parenthesis [#1305](https://togithub.com/markedjs/marked/issues/1305) - Fix loose lists [#1304](https://togithub.com/markedjs/marked/issues/1304) - Fix strong and em [#1315](https://togithub.com/markedjs/marked/issues/1315) #### Docs - Fix typo in USING_ADVANCED.md [#1276](https://togithub.com/markedjs/marked/issues/1276) - Add pictures to AUTHORS.md [#1272](https://togithub.com/markedjs/marked/issues/1272) - Change badge to latest version of marked [#1300](https://togithub.com/markedjs/marked/issues/1300) - Change badges from shields.io to badgen.net [#1317](https://togithub.com/markedjs/marked/issues/1317) - Use iframe to sandbox generated html [#1295](https://togithub.com/markedjs/marked/issues/1295) - Add additional links into readme [#1310](https://togithub.com/markedjs/marked/issues/1310) - Add missing parameters for renderer methods [#1311](https://togithub.com/markedjs/marked/issues/1311) - Add undocumented option descriptions [#1312](https://togithub.com/markedjs/marked/issues/1312) - Add navigation sidebar to the docs [#1316](https://togithub.com/markedjs/marked/issues/1316) #### CI - Change travis clone depth to 3 [#1270](https://togithub.com/markedjs/marked/issues/1270) ### [`v0.4.0`](https://togithub.com/markedjs/marked/releases/tag/0.4.0) [Compare Source](https://togithub.com/markedjs/marked/compare/v0.3.19...0.4.0) #### Security Fixes - Fix unsafe `heading` regex ([#1224](https://togithub.com/markedjs/marked/issues/1224)) - Fix unsafe `link` regex ([#1223](https://togithub.com/markedjs/marked/issues/1223), [#1227](https://togithub.com/markedjs/marked/issues/1227)) #### New Features - Add [option](https://marked.js.org/#/USING_ADVANCED.md) to disable heading ids ([#1190](https://togithub.com/markedjs/marked/issues/1190)) - Add support for [GFM Task Lists](https://github.github.com/gfm/#task-list-items-extension-) to comply with the GFM spec ([#1250](https://togithub.com/markedjs/marked/issues/1250)) #### Breaking Changes - Fix escaping pipes in tables ([#1239](https://togithub.com/markedjs/marked/issues/1239)) - Fix html output for tables to match GFM spec ([#1245](https://togithub.com/markedjs/marked/issues/1245)) - Fix many bugs to reach parity with CommonMark spec ([#1135](https://togithub.com/markedjs/marked/issues/1135)) - Fix new Renderer() so it uses default options ([#1203](https://togithub.com/markedjs/marked/issues/1203)) - Fix text and paragraph return types ([#1248](https://togithub.com/markedjs/marked/issues/1248)) ([#1249](https://togithub.com/markedjs/marked/issues/1249)) - Fix `` less than 3 chars ([#1181](https://togithub.com/markedjs/marked/issues/1181)) - Fix `