search

lucasbelem / nodejs-goof

Super vulnerable todo list application
Apache License 2.0
0 stars 0 forks source link

[Snyk] Upgrade marked from 0.3.5 to 0.8.2 #5

Open lucasbelem opened 10 months ago

lucasbelem commented 10 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade marked from 0.3.5 to 0.8.2.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **23 versions** ahead of your current version. - The recommended version was released **4 years ago**, on 2020-03-22. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- | Regular Expression Denial of Service (ReDoS)
[npm:marked:20170907](https://snyk.io/vuln/npm:marked:20170907) | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | No Known Exploit | Regular Expression Denial of Service (ReDoS)
[npm:marked:20180225](https://snyk.io/vuln/npm:marked:20180225) | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Proof of Concept | Cross-site Scripting (XSS)
[npm:marked:20150520](https://snyk.io/vuln/npm:marked:20150520) | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | No Known Exploit | Cross-site Scripting (XSS)
[npm:marked:20170112](https://snyk.io/vuln/npm:marked:20170112) | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | No Known Exploit | Cross-site Scripting (XSS)
[npm:marked:20170815](https://snyk.io/vuln/npm:marked:20170815) | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | No Known Exploit | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-MARKED-174116](https://snyk.io/vuln/SNYK-JS-MARKED-174116) | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | No Known Exploit | Cross-site Scripting (XSS)
[npm:marked:20170815-1](https://snyk.io/vuln/npm:marked:20170815-1) | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | No Known Exploit | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-MARKED-451540](https://snyk.io/vuln/SNYK-JS-MARKED-451540) | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: marked
  • 0.8.2 - 2020-03-22

    Fixes

    • Add html to TextRenderer for html in headings #1622
    • Remove html tags in heading ids #1622

    Docs

    • Update comment about GitHub breaks #1620
  • 0.8.1 - 2020-03-18

    Fixes

    • Fix marked --help #1588
    • Fix GFM Example 116 code fences #1600
    • Send inline html to renderer #1602 (fixes #1601)
    • Improve docs example for invoking highlight.js #1603
    • Fix block-level elements breaking tables #1598 (fixes #1467)
    • break nptables on block-level structures #1617
  • 0.8.0 - 2019-12-12

    Breaking changes

    Fixes

    • Fix relative urls in baseUrl option #1526
    • Loose task list #1535
    • Fix image parentheses #1557
    • remove module field & update devDependencies #1581

    Docs

    • Update examples with es6+ #1521
    • Fix link to USING_PRO.md page #1552
    • Fix typo in USING_ADVANCED.md #1558
    • Node worker threads are stable #1555

    Dev Dependencies

    • Update deps #1516
    • Update eslint #1542
    • Update htmldiffer async matcher #1543
  • 0.7.0 - 2019-07-06

    Security

    • Sanitize paragraph and text tokens #1504
    • Fix ReDOS for links with backticks (issue #1493) #1515

    Breaking Changes

    • Deprecate sanitize and sanitizer options #1504
    • Move fences to CommonMark #1511
    • Move tables to GFM #1511
    • Remove tables option #1511
    • Single backtick in link text needs to be escaped #1515

    Fixes

    Tests

    • Run tests with correct options #1511
  • 0.6.3 - 2019-06-30

    Fixes

    Docs

    • add docs for workers #1432
    • Add security policy #1492
    • Update supported spec versions #1491
    • Update test folder descriptions #1506

    DevOps

    • Use latest commit for demo master #1457
    • Update tests to commonmark 0.29 #1465
    • Update tests to GFM 0.29 #1470
    • Fix commonmark spec 57 and 40 (headings) #1475
  • 0.6.2 - 2019-04-05
    Read more
  • 0.6.1 - 2019-02-19

    Fixes

    • Fix parenthesis url redos #1414

    Docs

    • Update demo site to use a worker #1418
    • Update devDependencies to last stable #1409
    • Update documentation about extending Renderer #1417
    • Remove --save option as it isn't required anymore #1422
    • Add snyk badge #1420
  • 0.6.0 - 2019-01-01
    Read more
  • 0.5.2 - 2018-11-20
    Read more
  • 0.5.1 - 2018-09-26
    Read more
  • 0.5.0 - 2018-08-16
  • 0.4.0 - 2018-05-21
  • 0.3.19 - 2018-03-26
  • 0.3.18 - 2018-03-22
  • 0.3.17 - 2018-02-27
  • 0.3.16 - 2018-02-20
  • 0.3.15 - 2018-02-19
  • 0.3.14 - 2018-02-16
  • 0.3.13 - 2018-02-16
  • 0.3.12 - 2018-01-09
  • 0.3.9 - 2017-12-23
  • 0.3.7 - 2017-12-01
  • 0.3.6 - 2016-07-30
  • 0.3.5 - 2015-07-31
from marked GitHub release notes
Commit messages
Package name: marked
  • 4af69d3 Merge pull request #1624 from UziTech/release-0.8.2
  • 19f0d4f 0.8.2
  • 38403c0 build
  • d7b05cb update devdeps
  • 17ee15f build [skip ci]
  • 58e9fed Merge pull request #1622 from UziTech/render-html
  • 193a41e simplify tag regex
  • 7330a9c add html test to heading ids
  • f01ba94 add html to TextRenderer
  • cf3d0a0 Merge pull request #1620 from julien-c/patch-1
  • 9f2c0d1 Update docs/USING_ADVANCED.md
  • 885d728 Update docs/USING_ADVANCED.md
  • b8c5541 Merge pull request #1616 from UziTech/release-0.8.1
  • 20d85bd 0.8.1
  • b0928cb build [skip ci]
  • 8d51037 Merge pull request #1617 from UziTech/following-nptable
  • 4e3d20d Remove inaccurate proposition on GitHub
  • c71ac10 Merge pull request #1619 from markedjs/dependabot/npm_and_yarn/acorn-7.1.1
  • 65febe4 Bump acorn from 7.1.0 to 7.1.1
  • 2d8045f test 3 spaces before table rows
  • 431f523 remove unneeded code
  • d8c09c1 add tests
  • cbcda26 copy table rules to nptables
  • 11a035e build [skip ci]
Compare
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/lucasbelem/project/4c226e82-044d-4185-b1d5-3479978e42f6?utm_source=github&utm_medium=referral&page=upgrade-pr) 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/lucasbelem/project/4c226e82-044d-4185-b1d5-3479978e42f6/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/lucasbelem/project/4c226e82-044d-4185-b1d5-3479978e42f6/settings/integration?pkg=marked&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)