search

onokatio / blog.katio.net

my blog script
1 stars 1 forks source link

[Snyk] Upgrade marked from 0.7.0 to 4.3.0 #162

Open snyk-bot opened 1 year ago

snyk-bot commented 1 year ago

Snyk has created this PR to upgrade marked from 0.7.0 to 4.3.0.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-2342073		 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-2342082		 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-584281		 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: marked
  • 4.3.0 - 2023-03-22

    4.3.0 (2023-03-22)

    Bug Fixes

    Features

  • 4.2.12 - 2023-01-14

    4.2.12 (2023-01-14)

    Sorry for all of the quick releases. We were testing out different ways to build the files for releases. v4.2.5 - v4.2.12 have no changes to how marked works. The only addition is the version number in the comment in the build files.

    Bug Fixes

    • revert to build script in ci (d2ab474)
  • 4.2.11 - 2023-01-14

    4.2.11 (2023-01-14)

    Bug Fixes

  • 4.2.10 - 2023-01-14

    4.2.10 (2023-01-14)

    Bug Fixes

  • 4.2.9 - 2023-01-14

    4.2.9 (2023-01-14)

    Bug Fixes

  • 4.2.8 - 2023-01-14

    4.2.8 (2023-01-14)

    Bug Fixes

    • build in postversion for build file version (60c3b7f)
  • 4.2.7 - 2023-01-14

    4.2.7 (2023-01-14)

    Bug Fixes

  • 4.2.6 - 2023-01-14

    4.2.6 (2023-01-14)

    Bug Fixes

    • add version to build files (79b8c0b)
  • 4.2.5 - 2022-12-23

    4.2.5 (2022-12-23)

    Bug Fixes

    • fix paragraph continuation after block element (#2686) (1bbda68)
    • fix tabs at beginning of list items (#2679) (e692634)
  • 4.2.4 - 2022-12-07

    4.2.4 (2022-12-07)

    Bug Fixes

  • 4.2.3 - 2022-11-20
  • 4.2.2 - 2022-11-05
  • 4.2.1 - 2022-11-02
  • 4.2.0 - 2022-10-31
  • 4.1.1 - 2022-10-01
  • 4.1.0 - 2022-08-30
  • 4.0.19 - 2022-08-21
  • 4.0.18 - 2022-07-11
  • 4.0.17 - 2022-06-13
  • 4.0.16 - 2022-05-17
  • 4.0.15 - 2022-05-02
  • 4.0.14 - 2022-04-11
  • 4.0.13 - 2022-04-08
  • 4.0.12 - 2022-01-27
  • 4.0.11 - 2022-01-26
  • 4.0.10 - 2022-01-13
  • 4.0.9 - 2022-01-06
  • 4.0.8 - 2021-12-19
  • 4.0.7 - 2021-12-09
  • 4.0.6 - 2021-12-02
  • 4.0.5 - 2021-11-25
  • 4.0.4 - 2021-11-19
  • 4.0.3 - 2021-11-13
  • 4.0.2 - 2021-11-12
  • 4.0.1 - 2021-11-11
  • 4.0.0 - 2021-11-02
  • 3.0.8 - 2021-10-24
  • 3.0.7 - 2021-10-07
  • 3.0.6 - 2021-10-06
  • 3.0.5 - 2021-10-06
  • 3.0.4 - 2021-09-14
  • 3.0.3 - 2021-09-08
  • 3.0.2 - 2021-08-25
  • 3.0.1 - 2021-08-23
  • 3.0.0 - 2021-08-16
  • 2.1.3 - 2021-06-25
  • 2.1.2 - 2021-06-22
  • 2.1.1 - 2021-06-16
  • 2.1.0 - 2021-06-15
  • 2.0.7 - 2021-06-01
  • 2.0.6 - 2021-05-27
  • 2.0.5 - 2021-05-21
  • 2.0.4 - 2021-05-20
  • 2.0.3 - 2021-04-11
  • 2.0.2 - 2021-04-10
  • 2.0.1 - 2021-02-27
  • 2.0.0 - 2021-02-07
  • 1.2.9 - 2021-02-03
  • 1.2.8 - 2021-01-26
  • 1.2.7 - 2020-12-15
  • 1.2.6 - 2020-12-10
  • 1.2.5 - 2020-11-19
  • 1.2.4 - 2020-11-15
  • 1.2.3 - 2020-11-04
  • 1.2.2 - 2020-10-21
  • 1.2.1 - 2020-10-21
  • 1.2.0 - 2020-09-28
  • 1.1.2 - 2020-10-21
  • 1.1.1 - 2020-07-14
  • 1.1.0 - 2020-05-16
  • 1.0.0 - 2020-04-21
  • 0.8.2 - 2020-03-22
  • 0.8.1 - 2020-03-18
  • 0.8.0 - 2019-12-12
  • 0.7.0 - 2019-07-06
from marked GitHub release notes
Commit messages
Package name: marked
  • d65cf63 chore(release): 4.3.0 [skip ci]
  • 28f4342 🗜️ build v4.3.0 [skip ci]
  • 9b452bc feat: add preprocess and postprocess hooks (#2730)
  • 042dcc5 fix: always return promise if async (#2728)
  • 3acbb7f fix: fenced code doesn't need a trailing newline (#2756)
  • d1f1319 chore(deps-dev): Bump rollup from 3.19.1 to 3.20.0 (#2760)
  • 0ced8a5 chore(deps-dev): Bump jasmine from 4.5.0 to 4.6.0 (#2758)
  • a5bbe19 chore(deps-dev): Bump @ babel/core from 7.21.0 to 7.21.3 (#2761)
  • 00f6e2a chore(deps-dev): Bump semantic-release from 20.1.1 to 20.1.3 (#2759)
  • 8c7bca8 chore(deps-dev): Bump node-fetch from 3.3.0 to 3.3.1 (#2754)
  • e086dac chore(deps-dev): Bump eslint from 8.35.0 to 8.36.0 (#2753)
  • c98dbcf chore(deps-dev): Bump rollup from 3.18.0 to 3.19.1 (#2752)
  • 6164fb6 docs: Explain how to get an instance of `Slugger` (#2750)
  • f12568e chore(deps-dev): Bump semantic-release from 20.1.0 to 20.1.1 (#2749)
  • c571cd8 chore(deps-dev): Bump rollup from 3.17.3 to 3.18.0 (#2748)
  • 75f66c8 chore(deps-dev): Bump eslint from 8.34.0 to 8.35.0 (#2743)
  • 5084f9d chore(deps-dev): Bump rollup from 3.17.2 to 3.17.3 (#2742)
  • 6962b8a chore(deps-dev): Bump @ babel/core from 7.20.12 to 7.21.0 (#2738)
  • 2b61d8d chore(deps-dev): Bump rollup from 3.15.0 to 3.17.2 (#2739)
  • 3736b6f chore(deps-dev): Bump rollup from 3.14.0 to 3.15.0 (#2732)
  • 248a097 chore(deps-dev): Bump eslint from 8.33.0 to 8.34.0 (#2731)
  • e1a502f chore(deps-dev): Bump rollup from 3.12.0 to 3.14.0 (#2729)
  • 79239e4 chore(deps-dev): Bump semantic-release from 20.0.3 to 20.1.0 (#2724)
  • 97f7243 chore(deps-dev): Bump rollup from 3.10.1 to 3.12.0 (#2725)
Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

cloudflare-workers-and-pages[bot] commented 1 year ago

Deploying with  Cloudflare Pages  Cloudflare Pages

Latest commit: 9f926fa
Status:🚫  Build failed.

View logs

what-the-diff[bot] commented 1 year ago

PR Summary