[Snyk] Upgrade marked from 0.3.18 to 0.8.0

[snyk-bot]

Snyk has created this PR to upgrade marked from 0.3.18 to 0.8.0.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 11 versions ahead of your current version.
• The recommended version was released 2 months ago, on 2019-12-12.

The recommended version fixes:

Severity	Issue	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-451540	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-174116	No Known Exploit

Release notes

Package name: marked

• 0.8.0 - 2019-12-12
  

  Breaking changes

  • Remove substitutions #1532
  • Separate source into modules #1563 #1572 #1573 #1575 #1576 #1581

  Fixes

  • Fix relative urls in baseUrl option #1526
  • Loose task list #1535
  • Fix image parentheses #1557
  • remove module field & update devDependencies #1581

  Docs

  • Update examples with es6+ #1521
  • Fix link to USING_PRO.md page #1552
  • Fix typo in USING_ADVANCED.md #1558
  • Node worker threads are stable #1555

  Dev Dependencies

  • Update deps #1516
  • Update eslint #1542
  • Update htmldiffer async matcher #1543
• 0.7.0 - 2019-07-06
  

  Security

  • Sanitize paragraph and text tokens #1504
  • Fix ReDOS for links with backticks (issue #1493) #1515

  Breaking Changes

  • Deprecate sanitize and sanitizer options #1504
  • Move fences to CommonMark #1511
  • Move tables to GFM #1511
  • Remove tables option #1511
  • Single backtick in link text needs to be escaped #1515

  Fixes

  • Fix parentheses around a link #1509
  • Fix headings (issue #1510) #1511

  Tests

  • Run tests with correct options #1511
• 0.6.3 - 2019-06-30
  

  Fixes

  • Fix nested blockquotes #1464
  • Fix <em> issue with mixed content #1451
  • revert #1464 #1497
  • Fix breaks: true #1507

  Docs

  • add docs for workers #1432
  • Add security policy #1492
  • Update supported spec versions #1491
  • Update test folder descriptions #1506

  DevOps

  • Use latest commit for demo master #1457
  • Update tests to commonmark 0.29 #1465
  • Update tests to GFM 0.29 #1470
  • Fix commonmark spec 57 and 40 (headings) #1475
• 0.6.2 - 2019-04-05
  

  Security

  • Link redos #1426
  • Text redos #1460

  Fixes

  • Links parens #1435
  • New line after table with escaped pipe #1439
  • List item tables #1446

  Enhancements

  • Pass token boolean to the listitem function #1440
  • Allow html without \n after #1438

  CLI

  • Update man page to include --test and fix argv parameters #1442
  • Add a --version flag to print marked version #1448

  Testing

  • Normalize marked tests #1444
  • Update tests to node 4 syntax #1449
• 0.6.1 - 2019-02-19
  

  Fixes

  • Fix parenthesis url redos #1414

  Docs

  • Update demo site to use a worker #1418
  • Update devDependencies to last stable #1409
  • Update documentation about extending Renderer #1417
  • Remove --save option as it isn't required anymore #1422
  • Add snyk badge #1420
• 0.6.0 - 2019-01-01
  

  Breaking Changes

  • Drop support for Node v0.10 and old browsers such as Internet Explorer
    • You should not have any problems if using Node 4+ or a modern browser
  • Add parameter slugger to Renderer.prototype.heading method #1401
    • You should not have any problems if you do not override this method

  New Features

  • Add new export marked.Slugger #1401

  Fixes

  • Fix emphasis followed by a punctuation #1383
  • Fix bold around autolink email address #1385
  • Make autolinks case insensitive #1384
  • Make code fences compliant with Commonmark spec #1387
  • Make blockquote paragraph continuation compliant with Commonmark spec #1394
  • Make ordered list marker length compliant with Commonmark spec #1391
  • Make empty list items compliant with Commonmark spec #1395
  • Make tag escaping compliant with Commonmark spec #1397
  • Make strong/bold compliant with Commonmark spec #1400
  • Fix handling of adjacent lists #684
  • Add better error handling when token type cannot be found #1005
  • Fix duplicate heading id and non-latin characters #1401

  CLI

  • Pretty print ENOENT errors on cli #1396
  • Update repo url in man #1403

  Docs

  • Fix breaks option description #1381
  • Update docs to include "Since" version #1382
  • Add defibrillator badge for @mccraveiro #1392

  Tests

  • Remove old test covered by gfm/cm #1389
• 0.5.2 - 2018-11-20
  

  Bug Fixes

  • Fix emphasis closing by single _ (part of left-flanking run) #1351
  • Make URL handling consistent between links and images #1359

  Other

  • Add missing semicolons, add lint rule #1340
  • Make Steven (@styfle) a npm publisher #1346
  • Fix typo in docs: responsibility #1364
  • Add the ability to specify options on the demo page as JSON #1357
    • Show red border when JSON options are invalid #1360
  • Move license file back to root dir #1356
  • Fix builds: remove node v0.10 from travis matrix #1366
    • This does not a break compatibility in this release but it will a future release
  • Add files key to package.json to prevent publishing unused files #1367
• 0.5.1 - 2018-09-26
  

  Security

  • Fix inline code regex and prevent REDOS #1337
  • Use @markedjs/html-differ to prevent REDOS #1331

  Bug Fixes

  • Fix typographic substitution in (pre|code|kbd|script) blocks when smartypants=true #1335
  • Fix auto-linking email address #1338

  Other

  • Refactor the escape() function to improve performance 10-20% #975
  • Update copyright in source code #1326
  • Update benchmark tests #1019
  • Add dependency badges to readme #1333
• 0.5.0 - 2018-08-16
  

  Security

  • Use rtrim, not unsafe /X+$/ #1260

  Breaking Changes

  • Fix GFM empty table cells #1262
  • Fix GFM extended auto-linking requiring multiple backpedals #1293
  • Fix GFM strikethrough compatibility #1258
  • Fix issues link references and prototypes #1299
  • Fix hard line break when backslash at EOL #1303
  • Fix hyperlinks with parenthesis #1305
  • Fix loose lists #1304
  • Fix strong and em #1315

  Docs

  • Fix typo in USING_ADVANCED.md #1276
  • Add pictures to AUTHORS.md #1272
  • Change badge to latest version of marked #1300
  • Change badges from shields.io to badgen.net #1317
  • Use iframe to sandbox generated html #1295
  • Add additional links into readme #1310
  • Add missing parameters for renderer methods #1311
  • Add undocumented option descriptions #1312
  • Add navigation sidebar to the docs #1316

  CI

  • Change travis clone depth to 3 #1270
• 0.4.0 - 2018-05-21
  

  Security Fixes

  • Fix unsafe heading regex (#1224)
  • Fix unsafe link regex (#1223, #1227)

  New Features

  • Add option to disable heading ids (#1190)
  • Add support for GFM Task Lists to comply with the GFM spec (#1250)

  Breaking Changes

  • Fix escaping pipes in tables (#1239)
  • Fix html output for tables to match GFM spec (#1245)
  • Fix many bugs to reach parity with CommonMark spec (#1135)
  • Fix new Renderer() so it uses default options (#1203)
  • Fix text and paragraph return types (#1248) (#1249)
  • Fix <em> less than 3 chars (#1181)
  • Fix <pre> code blocks so there is no more trailing \n (#1266)
  • Fix default langPrefix to follow CommonMark standard language- (#1265)

  CLI Changes

  • Add string argument to CLI (#1182)
  • Change CLI stdio to remove warning (#994)

  Other changes

  • Lint all the things (#1185)
  • Improved testing and DevOps (#1160, #1210, #1220, #1228, #1219, #1256)
  • Update documentation and demos (#1196, #1197, #1204, #1207, #1221, #1233, #1217, #1240, #1244, #1253)
• 0.3.19 - 2018-03-26
• 0.3.18 - 2018-03-22

from marked GitHub release notes

Commit messages

Package name: marked

• 416003b 0.8.0 (#1571)
• 6612ed1 0.8.0
• bef6137 🗜️ build [skip ci]
• c3ac5e1 Merge pull request #1581 from UziTech/module-field
• 45a9c4a Merge pull request #1577 from UziTech/build-user
• 316a6d7 remove module field and update deps
• 6a9c4c3 fix build user
• ed18cd5 🗜️ build [skip ci]
• edf87e3 Remove static properties from helpers (#1575)
• 81d3018 Remove incorrectly used browser field (#1573)
• 2df8c4a Use Babel's loose mode for shorted & more performant code (#1572)
• ef7fa93 fix changing global defaults (#1576)
• 630aaa6 add test
• d55fc10 fix changing global defaults
• 34df290 Remove static properties from helpers
• a21f348 Remove incorrectly used browser field
• e2aadef Use Babel's loose mode for shorted & more performant code
• ef7cde4 🗜️ build [skip ci]
• c3cafff Merge pull request #1563 from UziTech/rollup
• 2571795 build marked.js
• aae38bb remove security scan
• a8730bf update copyright year
• 4736f3e Update copyright year
• 2b531af update engines

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs