jaebradley / github-portfolio-component

Basic portfolio component for your GitHub projects
https://jaebradley.github.io/github-portfolio-component
MIT License
0 stars 0 forks source link

[Snyk] Security upgrade showdown from 1.8.6 to 2.0.2 #65

Open snyk-bot opened 2 years ago

snyk-bot commented 2 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 469/1000
Why? Has a fix available, CVSS 5.1
Denial of Service (DoS)
npm:mem:20180117
Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: showdown The new version differs by 67 commits.
  • b3dd26a chore: release 2.0.2
  • 3871765 fix(cli): cli now works properly
  • 612dad0 chore: build v 2.0.1
  • a3dec7f fix: fix cli not working due to missing src dir in npm package
  • 3f8ca4e Revert "fix: reduce npm package size "
  • 32a1aaa chore(build): version 2.0.0
  • 97a7696 doc(security): add a security policy
  • e5f419b build: prep and create a 2.0.0-alpha release
  • 366ef28 fix(extension-registering) removeExtension implementation
  • 6ea6bbf Including QCObjects in "Who uses Showdown"-README (#744)
  • a931cc2 docs: clear ambiguity about CDN usage
  • 62636d0 feature(ellipsis): Add option to disable ellipsis
  • b432da1 fix reference link impostors
  • b03e34a rename test files to match convention
  • 525b65f preserve spaces between inline elements
  • 33f2f9c Update README.md
  • b3310a1 docs: update README.md (#652)
  • f54395f Escaped the <br> in README.md (#645)
  • 55314da chore: add vue-showdown (#630)
  • 35730b7 fix: reduce npm package size
  • 25c4420 fix: allow escaping of colons
  • e3ddcaf chore(license): update liscense to MIT
  • 9828a82 chore(deps): make dependecies consistent with ^ operator
  • 434eaff chore(deps): update all dependecies to the latest; make eslint work
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.