evilz commented 8 months ago

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **768/1000**
**Why?** Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5 | Infinite loop
[SNYK-JS-MARKDOWNIT-6483324](https://snyk.io/vuln/SNYK-JS-MARKDOWNIT-6483324) | No | Proof of Concept (*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: markdown-it

The new version differs by 10 commits.

e476f78 13.0.2 released
dfd485b Dist rebuild
80a3adc Fix crash in linkify inline rule on malformed input
49ca65b Sync pathological tests with cmark
2b6cac2 Sync pathological tests with cmark
08444a5 Fix typo; minor copy-edits (#879)
940459e fix: remove outdated comments (#891)
1529ff4 Guard against custom rule not incrementing pos
6325878 Multiple refactors
9ff460e Drop a lot of extra code from blockquotes

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/evilz/project/0550f662-0cf5-4a4d-b52e-920b1c9f618d?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/evilz/project/0550f662-0cf5-4a4d-b52e-920b1c9f618d?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"bb2c76ab-d533-489d-891a-8ac70d0b3146","prPublicId":"bb2c76ab-d533-489d-891a-8ac70d0b3146","dependencies":[{"name":"markdown-it","from":"13.0.1","to":"13.0.2"}],"packageManager":"npm","projectPublicId":"0550f662-0cf5-4a4d-b52e-920b1c9f618d","projectUrl":"https://app.snyk.io/org/evilz/project/0550f662-0cf5-4a4d-b52e-920b1c9f618d?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-MARKDOWNIT-6483324"],"upgrade":["SNYK-JS-MARKDOWNIT-6483324"],"isBreakingChange":false,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore"],"priorityScoreList":[768],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Learn about vulnerability in an interactive lesson of Snyk Learn.](https://learn.snyk.io/?loc=fix-pr)

github-actions[bot] commented 8 months ago

Qodana for JS

It seems all right 👌

No new problems were found according to the checks applied

💡 Qodana analysis was run in the pull request mode: only the changed files were checked ☁️ View the detailed Qodana report

Contact Qodana team

Contact us at [qodana-support@jetbrains.com](mailto:qodana-support@jetbrains.com) - Or via our issue tracker: https://jb.gg/qodana-issue - Or share your feedback: https://jb.gg/qodana-discussions

codecov[bot] commented 8 months ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 50.74%. Comparing base (100bb38) to head (1f97926). Report is 9 commits behind head on master.

Additional details and impacted files

```diff @@ Coverage Diff @@ ## master #1268 +/- ## ======================================= Coverage 50.74% 50.74% ======================================= Files 23 23 Lines 668 668 Branches 85 85 ======================================= Hits 339 339 Misses 257 257 Partials 72 72 ``` | [Flag](https://app.codecov.io/gh/evilz/vscode-reveal/pull/1268/flags?src=pr&el=flags&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Vincent+B.) | Coverage Δ | | |---|---|---| | [unittests](https://app.codecov.io/gh/evilz/vscode-reveal/pull/1268/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Vincent+B.) | `50.74% <ø> (ø)` | | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Vincent+B.#carryforward-flags-in-the-pull-request-comment) to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.