Open renovate[bot] opened 3 years ago
CLAassistant
commented
3 years ago
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.
renovate[bot]
commented
1 year ago Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.
You can manually request rebase by checking the rebase/retry box above.
⚠️ Warning: custom changes will be lost.
This PR contains the following updates:
==2.3.8->==2.4.0GitHub Vulnerability Alerts
CVE-2020-11888
python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds. For example, an attack might use elementname@ or elementname- with an onclick attribute.
CVE-2021-26813
markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time.
Release Notes
trentm/python-markdown2
### [`v2.4.0`](https://togithub.com/trentm/python-markdown2/blob/HEAD/CHANGES.md#python-markdown2-240) [Compare Source](https://togithub.com/trentm/python-markdown2/compare/2.3.10...2.4.0) - \[pull [#377](https://togithub.com/trentm/python-markdown2/issues/377)] Fixed bug breaking strings elements in metadata lists - \[pull [#380](https://togithub.com/trentm/python-markdown2/issues/380)] When rendering fenced code blocks, also add the `language-LANG` class - \[pull [#387](https://togithub.com/trentm/python-markdown2/issues/387)] Regex DoS fixes ### [`v2.3.10`](https://togithub.com/trentm/python-markdown2/blob/HEAD/CHANGES.md#python-markdown2-2310) [Compare Source](https://togithub.com/trentm/python-markdown2/compare/2.3.9...2.3.10) - \[pull [#356](https://togithub.com/trentm/python-markdown2/issues/356)] Don't merge sequential quotes into a single blockquote - \[pull [#357](https://togithub.com/trentm/python-markdown2/issues/357)] use style=text-align for table alignment - \[pull [#360](https://togithub.com/trentm/python-markdown2/issues/360)] introduce underline extra - \[pull [#368](https://togithub.com/trentm/python-markdown2/issues/368)] Support for structured and nested values in metadata - \[pull [#371](https://togithub.com/trentm/python-markdown2/issues/371)] add noopener to external links ### [`v2.3.9`](https://togithub.com/trentm/python-markdown2/blob/HEAD/CHANGES.md#python-markdown2-239) [Compare Source](https://togithub.com/trentm/python-markdown2/compare/2.3.8...2.3.9) - \[pull [#335](https://togithub.com/trentm/python-markdown2/issues/335)] Added header support for wiki tables - \[pull [#336](https://togithub.com/trentm/python-markdown2/issues/336)] Reset \_toc when convert is run - \[pull [#353](https://togithub.com/trentm/python-markdown2/issues/353)] XSS fix - \[pull [#350](https://togithub.com/trentm/python-markdown2/issues/350)] XSS fixConfiguration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.