Bump simple-markdown from 0.4.2 to 0.5.2 in /server

[dependabot[bot]]

Bumps simple-markdown from 0.4.2 to 0.5.2.

Release notes

Sourced from simple-markdown's releases.

0.5.2: Fix exponential backtracking regex vulnerabilities

NOTE: v0.5.3 contains a bugfix on this release's change to inline code. I recommend using 0.5.3 instead

Fixes #71 and several other regex DDOS vulnerabilities.

0.5.0: Allow escaping | pipes in tables

PLEASE DO NOT USE. Use v0.5.1 instead, which fixes a bug that confuses npm, but is otherwise identical.

Fixes #68 and allows pipes to be escaped in tables.

Gets a minor version bump because it's a new feature / significant bug fix that could break existing code.

0.4.4: Fix vbscript xss

Fixes #63 an xss vulnerability in links with vbscript: in their url

Commits

• 01bcc3e v0.5.2: Fix exponential backtracking / ReDoS regexes
• 70586f9 Fence: fix fence exponential backtracks
• acbf1f6 Fence: Add test for code fence exponential backtracking
• 31ca48a Del: Fix del/strikethrough exponential backtracking
• f5311e5 Del: Add test for del/strikethrough exponential backtracking
• f3332cd Heading: Fix exponential backtracking
• f7cda49 Heading: Add test for exponential backtracking in headings
• 89797fe inlineCode: Fix ReDoS & improve escape semantics
• a52c270 Tests: Add exponential backtracking test for inline code
• b9c05c5 v0.5.1: Fix .git folder in published archive
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/cch5ng/fe_interview/network/alerts).