Bump league/commonmark from 0.17.5 to 0.18.3

[dependabot[bot]]

Bumps league/commonmark from 0.17.5 to 0.18.3.

Release notes

*Sourced from [league/commonmark's releases](https://github.com/thephpleague/commonmark/releases).* > ## 0.18.3 > This is a **security update** release. > > ### Changed > > - XML/HTML entities in attributes will no longer be preserved when rendering ([#353](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/353)) > > ### Fixed > > - Fix XSS vulnerability caused by improper preservation of entities when rendering ([#353](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/353)) > > ### Deprecated > > - Deprecated the `$preserveEntites` argument of `Xml::escape()` for removal in the next release ([#353](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/353)) > > ## 0.18.2 > ### Fixed > > - Fixed adjoining `Text` elements not being collapsed after delimiter processing > > ### Deprecated > > - Deprecated the `CommonmarkConverter::VERSION` constant for removal in 1.0.0 > > ## 0.18.1 > This release contains an important **security update** for [CVE-2018-20583](https://nvd.nist.gov/vuln/detail/CVE-2018-20583). > > ### Fixed > > - Fix XSS vulnerability caused by URL normalization not handling/encoding newlines properly ([#337](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/337), CVE-2018-20583) > > ## 0.18.0 > No breaking changes were introduced, but we did add a new interface: `ConverterInterface`. Consider depending on this interface in your code instead of the concrete implementation. (See [#330](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/330)) > > ### Added > > - Added `ConverterInterface` to `Converter` and `CommonMarkConverter` ([#330](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/330)) > - Added `ListItem::getListData()` method ([#329](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/329)) > > ### Changed > > - Links with `target="_blank"` will also get `rel="noopener noreferrer"` by default ([#331](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/331)) > - Implemented several performance optimizations ([#324](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/324))

Changelog

*Sourced from [league/commonmark's changelog](https://github.com/thephpleague/commonmark/blob/master/CHANGELOG-0.x.md).* > ## [0.18.3] - 2019-03-21 > > This is a **security update** release. > > ### Changed > > - XML/HTML entities in attributes will no longer be preserved when rendering ([#353](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/353)) > > ### Fixed > > - Fix XSS vulnerability caused by improper preservation of entities when rendering ([#353](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/353)) > > ### Deprecated > > - Deprecated the `$preserveEntites` argument of `Xml::escape()` for removal in the next release ([#353](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/353)) > > ## [0.18.2] - 2019-03-16 > > ### Fixed > > - Fixed adjoining `Text` elements not being collapsed after delimiter processing > > ### Deprecated > > - Deprecated the `CommonmarkConverter::VERSION` constant for removal in 1.0.0 > > ## [0.18.1] - 2018-12-29 > > This is a **security update** release. > > ### Fixed > > - Fix XSS vulnerability caused by URL normalization not handling/encoding newlines properly ([#337](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/337), CVE-2018-20583) > > ## [0.18.0] - 2018-09-18 > > ### Added > > - Added `ConverterInterface` to `Converter` and `CommonMarkConverter` ([#330](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/330)) > - Added `ListItem::getListData()` method ([#329](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/329)) > > ### Changed > > - Links with `target="_blank"` will also get `rel="noopener noreferrer"` by default ([#331](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/331)) > - Implemented several performance optimizations ([#324](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/324))

Commits

- [`b1ec41c`](https://github.com/thephpleague/commonmark/commit/b1ec41ce15c3bd6f7cbe86a645b3efc78d927446) Release 0.18.3 - [`319d9be`](https://github.com/thephpleague/commonmark/commit/319d9bea83c0d9653da32f2f84cb95e37f4a3e3d) Fix build failures caused by older PHPUnit version - [`950b793`](https://github.com/thephpleague/commonmark/commit/950b7931ec458aa1fe0fecd26ebb609f84cb78d4) Prepare to release 0.18.3 - [`17fc875`](https://github.com/thephpleague/commonmark/commit/17fc875f2f9754c5408b1d7234d19900572f7a6d) Add unit tests for the Xml util class - [`edde218`](https://github.com/thephpleague/commonmark/commit/edde218c179b6503d153035b3801f14a9ada542b) Deprecated the `$preserveEntites` argument of `Xml::escape()` for removal in ... - [`6f16c6e`](https://github.com/thephpleague/commonmark/commit/6f16c6eb893f760d3b4f9a03c94c62653c4ac829) XML/HTML entities in attributes will no longer be preserved when rendering (#... - [`f1453b9`](https://github.com/thephpleague/commonmark/commit/f1453b9fdb516436d79ff17af555f8d6e2321472) Fix XSS vulnerability caused by improper preservation of entities ([#353](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/353)) - [`f7267f2`](https://github.com/thephpleague/commonmark/commit/f7267f2acbf39f6ddcd07aa9f525501838cc5dc9) Improve XSS test suite ([#338](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/338)) - [`1dcb4f6`](https://github.com/thephpleague/commonmark/commit/1dcb4f68ce4d49c4fd663a68cd5407d80c0eeba0) Reformat the LICENSE file; add link from README.md - [`793d709`](https://github.com/thephpleague/commonmark/commit/793d709c52a590c8056b39deb6e4e06a1746dfea) Prepare to release 0.18.2 - Additional commits viewable in [compare view](https://github.com/thephpleague/commonmark/compare/0.17.5...0.18.3)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/art-institute-of-chicago/data-aggregator/network/alerts).