fix(deps): update dependency markdown-it to v12 [security] - autoclosed

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
markdown-it	`^10.0.0` -> `^12.3.2`

[!WARNING] Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2022-21670

Impact

Special patterns with length > 50K chars can slow down parser significantly.

const md = require('markdown-it')();

md.render(`x ${' '.repeat(150000)} x  \nx`);

Patches

Upgrade to v12.3.2+

Workarounds

No.

References

Fix + test sample: https://github.com/markdown-it/markdown-it/commit/ffc49ab46b5b751cd2be0aabb146f2ef84986101

Release Notes

markdown-it/markdown-it (markdown-it)

### [`v12.3.2`](https://togithub.com/markdown-it/markdown-it/blob/HEAD/CHANGELOG.md#1232---2022-01-08) [Compare Source](https://togithub.com/markdown-it/markdown-it/compare/12.3.1...12.3.2) ##### Security - Fix possible ReDOS in newline rule. Thanks to [@MakeNowJust](https://togithub.com/MakeNowJust). ### [`v12.3.1`](https://togithub.com/markdown-it/markdown-it/blob/HEAD/CHANGELOG.md#1231---2022-01-07) [Compare Source](https://togithub.com/markdown-it/markdown-it/compare/12.3.0...12.3.1) ##### Fixed - Fix corner case when tab prevents paragraph continuation in lists, [#830](https://togithub.com/markdown-it/markdown-it/issues/830). ### [`v12.3.0`](https://togithub.com/markdown-it/markdown-it/blob/HEAD/CHANGELOG.md#1230---2021-12-09) [Compare Source](https://togithub.com/markdown-it/markdown-it/compare/12.2.0...12.3.0) ##### Changed - `StateInline.delimiters[].jump` is removed. ##### Fixed - Fixed quadratic complexity in pathological `***<10k stars>***a***<10k stars>***` case. ### [`v12.2.0`](https://togithub.com/markdown-it/markdown-it/blob/HEAD/CHANGELOG.md#1220---2021-08-02) [Compare Source](https://togithub.com/markdown-it/markdown-it/compare/12.1.0...12.2.0) ##### Added - Ordered lists: add order value to token info. ##### Fixed - Always suffix indented code block with a newline, [#799](https://togithub.com/markdown-it/markdown-it/issues/799). ### [`v12.1.0`](https://togithub.com/markdown-it/markdown-it/blob/HEAD/CHANGELOG.md#1210---2021-07-01) [Compare Source](https://togithub.com/markdown-it/markdown-it/compare/12.0.6...12.1.0) ##### Changed - Updated CM spec compatibility to 0.30. ### [`v12.0.6`](https://togithub.com/markdown-it/markdown-it/blob/HEAD/CHANGELOG.md#1206---2021-04-16) [Compare Source](https://togithub.com/markdown-it/markdown-it/compare/12.0.5...12.0.6) ##### Fixed - Newline in `alt` should be rendered, [#775](https://togithub.com/markdown-it/markdown-it/issues/775). ### [`v12.0.5`](https://togithub.com/markdown-it/markdown-it/blob/HEAD/CHANGELOG.md#1205---2021-04-15) [Compare Source](https://togithub.com/markdown-it/markdown-it/compare/12.0.4...12.0.5) ##### Fixed - HTML block tags with `===` inside are no longer incorrectly interpreted as headers, [#772](https://togithub.com/markdown-it/markdown-it/issues/772). - Fix table/list parsing ambiguity, [#767](https://togithub.com/markdown-it/markdown-it/issues/767). ### [`v12.0.4`](https://togithub.com/markdown-it/markdown-it/blob/HEAD/CHANGELOG.md#1204---2020-12-20) [Compare Source](https://togithub.com/markdown-it/markdown-it/compare/12.0.3...12.0.4) ##### Fixed - Fix crash introduced in `12.0.3` when processing strikethrough (`~~`) and similar plugins, [#742](https://togithub.com/markdown-it/markdown-it/issues/742). - Avoid fenced token mutation, [#745](https://togithub.com/markdown-it/markdown-it/issues/745). ### [`v12.0.3`](https://togithub.com/markdown-it/markdown-it/blob/HEAD/CHANGELOG.md#1203---2020-12-07) [Compare Source](https://togithub.com/markdown-it/markdown-it/compare/12.0.2...12.0.3) ##### Fixed - `[]()` is no longer a valid link. - `[](url (xxx())` is no longer a valid link. - `[](url\ xxx)` is no longer a valid link. - Fix performance issues when parsing links ([#732](https://togithub.com/markdown-it/markdown-it/issues/732), [#734](https://togithub.com/markdown-it/markdown-it/issues/734)), backticks, ([#733](https://togithub.com/markdown-it/markdown-it/issues/733), [#736](https://togithub.com/markdown-it/markdown-it/issues/736)), emphases ([#735](https://togithub.com/markdown-it/markdown-it/issues/735)), and autolinks ([#737](https://togithub.com/markdown-it/markdown-it/issues/737)). - Allow newline in `` in an inline context. - Allow `` html tag to appear in an inline context. ### [`v12.0.2`](https://togithub.com/markdown-it/markdown-it/blob/HEAD/CHANGELOG.md#1202---2020-10-23) [Compare Source](https://togithub.com/markdown-it/markdown-it/compare/12.0.1...12.0.2) ##### Fixed - Three pipes (`|\n|\n|`) are no longer rendered as a table with no columns, [#724](https://togithub.com/markdown-it/markdown-it/issues/724). ### [`v12.0.1`](https://togithub.com/markdown-it/markdown-it/blob/HEAD/CHANGELOG.md#1201---2020-10-19) [Compare Source](https://togithub.com/markdown-it/markdown-it/compare/12.0.0...12.0.1) ##### Fixed - Fix tables inside lists indented with tabs, [#721](https://togithub.com/markdown-it/markdown-it/issues/721). ### [`v12.0.0`](https://togithub.com/markdown-it/markdown-it/blob/HEAD/CHANGELOG.md#1200---2020-10-14) [Compare Source](https://togithub.com/markdown-it/markdown-it/compare/11.0.1...12.0.0) ##### Added - `.gitattributes`, force unix eol under windows, for development. ##### Changed - Added 3rd argument to `highlight(code, lang, attrs)`, [#626](https://togithub.com/markdown-it/markdown-it/issues/626). - Rewrite tables according to latest GFM spec, [#697](https://togithub.com/markdown-it/markdown-it/issues/697). - Use `rollup.js` to browserify sources. - Drop `bower.json` (bower reached EOL). - Deps bump. - Tune `specsplit.js` options. - Drop `Makefile` in favour of npm scrips. ##### Fixed - Fix mappings for table rows (amended fix made in 11.0.1), [#705](https://togithub.com/markdown-it/markdown-it/issues/705). - `%25` is no longer decoded in beautified urls, [#720](https://togithub.com/markdown-it/markdown-it/issues/720). ### [`v11.0.1`](https://togithub.com/markdown-it/markdown-it/blob/HEAD/CHANGELOG.md#1101---2020-09-14) [Compare Source](https://togithub.com/markdown-it/markdown-it/compare/11.0.0...11.0.1) ##### Fixed - Fix blockquote lazy newlines, [#696](https://togithub.com/markdown-it/markdown-it/issues/696). - Fix missed mappings for table rows, [#705](https://togithub.com/markdown-it/markdown-it/issues/705). ### [`v11.0.0`](https://togithub.com/markdown-it/markdown-it/blob/HEAD/CHANGELOG.md#1100---2020-05-20) [Compare Source](https://togithub.com/markdown-it/markdown-it/compare/10.0.0...11.0.0) ##### Changed - Bumped `linkify-it` to 3.0.0, [#661](https://togithub.com/markdown-it/markdown-it/issues/661) + allow unlimited `.` inside links. - Dev deps bump. - Switch to `nyc` for coverage reports. - Partially moved tasks from Makefile to npm scripts. - Automate web update on npm publish. ##### Fixed - Fix em- and en-dashes not being typographed when separated by 1 char, [#624](https://togithub.com/markdown-it/markdown-it/issues/624). - Allow opening quote after another punctuation char in typographer, [#641](https://togithub.com/markdown-it/markdown-it/issues/641). - Assorted wording & typo fixes.

Configuration

📅 Schedule: Branch creation - "" in timezone America/Los_Angeles, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

[ ] If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

neo-one-suite / neo-one