Release notes
*Sourced from [league/commonmark's releases](https://github.com/thephpleague/commonmark/releases).*
> ## 0.18.3
> This is a **security update** release.
>
> ### Changed
>
> - XML/HTML entities in attributes will no longer be preserved when rendering ([#353](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/353))
>
> ### Fixed
>
> - Fix XSS vulnerability caused by improper preservation of entities when rendering ([#353](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/353))
>
> ### Deprecated
>
> - Deprecated the `$preserveEntites` argument of `Xml::escape()` for removal in the next release ([#353](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/353))
>
> ## 0.18.2
> ### Fixed
>
> - Fixed adjoining `Text` elements not being collapsed after delimiter processing
>
> ### Deprecated
>
> - Deprecated the `CommonmarkConverter::VERSION` constant for removal in 1.0.0
>
> ## 0.18.1
> This release contains an important **security update** for [CVE-2018-20583](https://nvd.nist.gov/vuln/detail/CVE-2018-20583).
>
> ### Fixed
>
> - Fix XSS vulnerability caused by URL normalization not handling/encoding newlines properly ([#337](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/337), CVE-2018-20583)
>
> ## 0.18.0
> No breaking changes were introduced, but we did add a new interface: `ConverterInterface`. Consider depending on this interface in your code instead of the concrete implementation. (See [#330](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/330))
>
> ### Added
>
> - Added `ConverterInterface` to `Converter` and `CommonMarkConverter` ([#330](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/330))
> - Added `ListItem::getListData()` method ([#329](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/329))
>
> ### Changed
>
> - Links with `target="_blank"` will also get `rel="noopener noreferrer"` by default ([#331](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/331))
> - Implemented several performance optimizations ([#324](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/324))
Changelog
*Sourced from [league/commonmark's changelog](https://github.com/thephpleague/commonmark/blob/master/CHANGELOG-0.x.md).*
> ## [0.18.3] - 2019-03-21
>
> This is a **security update** release.
>
> ### Changed
>
> - XML/HTML entities in attributes will no longer be preserved when rendering ([#353](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/353))
>
> ### Fixed
>
> - Fix XSS vulnerability caused by improper preservation of entities when rendering ([#353](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/353))
>
> ### Deprecated
>
> - Deprecated the `$preserveEntites` argument of `Xml::escape()` for removal in the next release ([#353](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/353))
>
> ## [0.18.2] - 2019-03-16
>
> ### Fixed
>
> - Fixed adjoining `Text` elements not being collapsed after delimiter processing
>
> ### Deprecated
>
> - Deprecated the `CommonmarkConverter::VERSION` constant for removal in 1.0.0
>
> ## [0.18.1] - 2018-12-29
>
> This is a **security update** release.
>
> ### Fixed
>
> - Fix XSS vulnerability caused by URL normalization not handling/encoding newlines properly ([#337](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/337), CVE-2018-20583)
>
> ## [0.18.0] - 2018-09-18
>
> ### Added
>
> - Added `ConverterInterface` to `Converter` and `CommonMarkConverter` ([#330](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/330))
> - Added `ListItem::getListData()` method ([#329](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/329))
>
> ### Changed
>
> - Links with `target="_blank"` will also get `rel="noopener noreferrer"` by default ([#331](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/331))
> - Implemented several performance optimizations ([#324](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/324))
Commits
- [`b1ec41c`](https://github.com/thephpleague/commonmark/commit/b1ec41ce15c3bd6f7cbe86a645b3efc78d927446) Release 0.18.3
- [`319d9be`](https://github.com/thephpleague/commonmark/commit/319d9bea83c0d9653da32f2f84cb95e37f4a3e3d) Fix build failures caused by older PHPUnit version
- [`950b793`](https://github.com/thephpleague/commonmark/commit/950b7931ec458aa1fe0fecd26ebb609f84cb78d4) Prepare to release 0.18.3
- [`17fc875`](https://github.com/thephpleague/commonmark/commit/17fc875f2f9754c5408b1d7234d19900572f7a6d) Add unit tests for the Xml util class
- [`edde218`](https://github.com/thephpleague/commonmark/commit/edde218c179b6503d153035b3801f14a9ada542b) Deprecated the `$preserveEntites` argument of `Xml::escape()` for removal in ...
- [`6f16c6e`](https://github.com/thephpleague/commonmark/commit/6f16c6eb893f760d3b4f9a03c94c62653c4ac829) XML/HTML entities in attributes will no longer be preserved when rendering (#...
- [`f1453b9`](https://github.com/thephpleague/commonmark/commit/f1453b9fdb516436d79ff17af555f8d6e2321472) Fix XSS vulnerability caused by improper preservation of entities ([#353](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/353))
- [`f7267f2`](https://github.com/thephpleague/commonmark/commit/f7267f2acbf39f6ddcd07aa9f525501838cc5dc9) Improve XSS test suite ([#338](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/338))
- [`1dcb4f6`](https://github.com/thephpleague/commonmark/commit/1dcb4f68ce4d49c4fd663a68cd5407d80c0eeba0) Reformat the LICENSE file; add link from README.md
- [`793d709`](https://github.com/thephpleague/commonmark/commit/793d709c52a590c8056b39deb6e4e06a1746dfea) Prepare to release 0.18.2
- Additional commits viewable in [compare view](https://github.com/thephpleague/commonmark/compare/0.17.5...0.18.3)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/art-institute-of-chicago/data-aggregator/network/alerts).
Bumps league/commonmark from 0.17.5 to 0.18.3.
Release notes
*Sourced from [league/commonmark's releases](https://github.com/thephpleague/commonmark/releases).* > ## 0.18.3 > This is a **security update** release. > > ### Changed > > - XML/HTML entities in attributes will no longer be preserved when rendering ([#353](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/353)) > > ### Fixed > > - Fix XSS vulnerability caused by improper preservation of entities when rendering ([#353](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/353)) > > ### Deprecated > > - Deprecated the `$preserveEntites` argument of `Xml::escape()` for removal in the next release ([#353](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/353)) > > ## 0.18.2 > ### Fixed > > - Fixed adjoining `Text` elements not being collapsed after delimiter processing > > ### Deprecated > > - Deprecated the `CommonmarkConverter::VERSION` constant for removal in 1.0.0 > > ## 0.18.1 > This release contains an important **security update** for [CVE-2018-20583](https://nvd.nist.gov/vuln/detail/CVE-2018-20583). > > ### Fixed > > - Fix XSS vulnerability caused by URL normalization not handling/encoding newlines properly ([#337](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/337), CVE-2018-20583) > > ## 0.18.0 > No breaking changes were introduced, but we did add a new interface: `ConverterInterface`. Consider depending on this interface in your code instead of the concrete implementation. (See [#330](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/330)) > > ### Added > > - Added `ConverterInterface` to `Converter` and `CommonMarkConverter` ([#330](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/330)) > - Added `ListItem::getListData()` method ([#329](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/329)) > > ### Changed > > - Links with `target="_blank"` will also get `rel="noopener noreferrer"` by default ([#331](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/331)) > - Implemented several performance optimizations ([#324](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/324))Changelog
*Sourced from [league/commonmark's changelog](https://github.com/thephpleague/commonmark/blob/master/CHANGELOG-0.x.md).* > ## [0.18.3] - 2019-03-21 > > This is a **security update** release. > > ### Changed > > - XML/HTML entities in attributes will no longer be preserved when rendering ([#353](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/353)) > > ### Fixed > > - Fix XSS vulnerability caused by improper preservation of entities when rendering ([#353](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/353)) > > ### Deprecated > > - Deprecated the `$preserveEntites` argument of `Xml::escape()` for removal in the next release ([#353](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/353)) > > ## [0.18.2] - 2019-03-16 > > ### Fixed > > - Fixed adjoining `Text` elements not being collapsed after delimiter processing > > ### Deprecated > > - Deprecated the `CommonmarkConverter::VERSION` constant for removal in 1.0.0 > > ## [0.18.1] - 2018-12-29 > > This is a **security update** release. > > ### Fixed > > - Fix XSS vulnerability caused by URL normalization not handling/encoding newlines properly ([#337](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/337), CVE-2018-20583) > > ## [0.18.0] - 2018-09-18 > > ### Added > > - Added `ConverterInterface` to `Converter` and `CommonMarkConverter` ([#330](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/330)) > - Added `ListItem::getListData()` method ([#329](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/329)) > > ### Changed > > - Links with `target="_blank"` will also get `rel="noopener noreferrer"` by default ([#331](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/331)) > - Implemented several performance optimizations ([#324](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/324))Commits
- [`b1ec41c`](https://github.com/thephpleague/commonmark/commit/b1ec41ce15c3bd6f7cbe86a645b3efc78d927446) Release 0.18.3 - [`319d9be`](https://github.com/thephpleague/commonmark/commit/319d9bea83c0d9653da32f2f84cb95e37f4a3e3d) Fix build failures caused by older PHPUnit version - [`950b793`](https://github.com/thephpleague/commonmark/commit/950b7931ec458aa1fe0fecd26ebb609f84cb78d4) Prepare to release 0.18.3 - [`17fc875`](https://github.com/thephpleague/commonmark/commit/17fc875f2f9754c5408b1d7234d19900572f7a6d) Add unit tests for the Xml util class - [`edde218`](https://github.com/thephpleague/commonmark/commit/edde218c179b6503d153035b3801f14a9ada542b) Deprecated the `$preserveEntites` argument of `Xml::escape()` for removal in ... - [`6f16c6e`](https://github.com/thephpleague/commonmark/commit/6f16c6eb893f760d3b4f9a03c94c62653c4ac829) XML/HTML entities in attributes will no longer be preserved when rendering (#... - [`f1453b9`](https://github.com/thephpleague/commonmark/commit/f1453b9fdb516436d79ff17af555f8d6e2321472) Fix XSS vulnerability caused by improper preservation of entities ([#353](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/353)) - [`f7267f2`](https://github.com/thephpleague/commonmark/commit/f7267f2acbf39f6ddcd07aa9f525501838cc5dc9) Improve XSS test suite ([#338](https://github-redirect.dependabot.com/thephpleague/commonmark/issues/338)) - [`1dcb4f6`](https://github.com/thephpleague/commonmark/commit/1dcb4f68ce4d49c4fd663a68cd5407d80c0eeba0) Reformat the LICENSE file; add link from README.md - [`793d709`](https://github.com/thephpleague/commonmark/commit/793d709c52a590c8056b39deb6e4e06a1746dfea) Prepare to release 0.18.2 - Additional commits viewable in [compare view](https://github.com/thephpleague/commonmark/compare/0.17.5...0.18.3)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/art-institute-of-chicago/data-aggregator/network/alerts).