Open renovate[bot] opened 2 years ago
This PR contains the following updates:
12.0.6
12.3.2
Special patterns with length > 50K chars can slow down parser significantly.
const md = require('markdown-it')(); md.render(`x ${' '.repeat(150000)} x \nx`);
Upgrade to v12.3.2+
No.
Fix + test sample: https://github.com/markdown-it/markdown-it/commit/ffc49ab46b5b751cd2be0aabb146f2ef84986101
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
12.0.6->12.3.2GitHub Vulnerability Alerts
CVE-2022-21670
Impact
Special patterns with length > 50K chars can slow down parser significantly.
Patches
Upgrade to v12.3.2+
Workarounds
No.
References
Fix + test sample: https://github.com/markdown-it/markdown-it/commit/ffc49ab46b5b751cd2be0aabb146f2ef84986101
Release Notes
markdown-it/markdown-it
### [`v12.3.2`](https://togithub.com/markdown-it/markdown-it/blob/HEAD/CHANGELOG.md#1232---2022-01-08) [Compare Source](https://togithub.com/markdown-it/markdown-it/compare/12.3.1...12.3.2) ##### Security - Fix possible ReDOS in newline rule. Thanks to [@MakeNowJust](https://togithub.com/MakeNowJust). ### [`v12.3.1`](https://togithub.com/markdown-it/markdown-it/blob/HEAD/CHANGELOG.md#1231---2022-01-07) [Compare Source](https://togithub.com/markdown-it/markdown-it/compare/12.3.0...12.3.1) ##### Fixed - Fix corner case when tab prevents paragraph continuation in lists, [#830](https://togithub.com/markdown-it/markdown-it/issues/830). ### [`v12.3.0`](https://togithub.com/markdown-it/markdown-it/blob/HEAD/CHANGELOG.md#1230---2021-12-09) [Compare Source](https://togithub.com/markdown-it/markdown-it/compare/12.2.0...12.3.0) ##### Changed - `StateInline.delimiters[].jump` is removed. ##### Fixed - Fixed quadratic complexity in pathological `***<10k stars>***a***<10k stars>***` case. ### [`v12.2.0`](https://togithub.com/markdown-it/markdown-it/blob/HEAD/CHANGELOG.md#1220---2021-08-02) [Compare Source](https://togithub.com/markdown-it/markdown-it/compare/12.1.0...12.2.0) ##### Added - Ordered lists: add order value to token info. ##### Fixed - Always suffix indented code block with a newline, [#799](https://togithub.com/markdown-it/markdown-it/issues/799). ### [`v12.1.0`](https://togithub.com/markdown-it/markdown-it/blob/HEAD/CHANGELOG.md#1210---2021-07-01) [Compare Source](https://togithub.com/markdown-it/markdown-it/compare/12.0.6...12.1.0) ##### Changed - Updated CM spec compatibility to 0.30.Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.