syroegkin / swagger-markdown

swagger to markdown transpiler
MIT License
237 stars 87 forks source link

[Snyk] Security upgrade markdownlint from 0.24.0 to 0.25.1 #182

Closed snyk-bot closed 1 year ago

snyk-bot commented 2 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 551/1000
Why? Recently disclosed, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKDOWNIT-2331914
No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: markdownlint The new version differs by 82 commits.
  • 2d19c06 Update to version 0.25.1.
  • 61bb059 Make all package.json dependency versions explicit for more deterministic installs.
  • 66d533d Update npx invocation to pass --yes to avoid prompting to install missing packages.
  • 23d8ed7 Add test case for custom rule that imports an ESM module (refs #477).
  • b1aef98 Empty commit to note that previous commit fixes #478.
  • f77eca0 Update dependency: markdown-it to 12.3.2.
  • 05b4b5f Update copyright year to 2022.
  • 02707cf Merge branch 'next' into main
  • 4ff4cbc Update to version 0.25.0.
  • e298e3d Include async/await function in custom rules test for asynchronous mode.
  • 11e9a20 Update dependency: globby to 12.0.2.
  • 05b9e6e Update dependency: strip-json-comments to 4.0.0.
  • 528758e Update dependencies: eslint to 8.5.0, eslint-plugin-jsdoc to 37.4.0.
  • fd24b95 Remove require("os") from helpers to reduce dependencies for browser scenarios.
  • 9ec14f1 Include custom rule markdownlint-rule-github-internal-links when validating project Markdown files.
  • 5f00406 Deep freeze name/tokens/lines/frontMatterLines properties of params object before passing to (custom) rules for shared access.
  • 5253669 Fix array indexing for markdownlint-disable-next-line when front matter is present.
  • 7a76f1d Update MD039/no-space-in-links to fix reference-style links, be slightly more permissive matching link content.
  • 064a1e3 Update Node version for TestRepos workflow from 12 to 16.
  • ff8f4ea Reduce execution time by ~50% by updating getEnabledRulesPerLineNumber to make enabledRules immutable and copy only when changed (also, simplify handleInlineConfig slightly).
  • 7cf9c2d Update MD037/no-space-in-emphasis to ignore embedded underscore emphasis markers (fixes #444, fixes #408, fixes #354, fixes #324).
  • 3e8d332 Add test for outdated ignore expressions to markdownlint-test-repos.
  • 6dea678 Update definition of helpers.isBlankLine to treat unterminated start/end comments as potentially blank lines (fixes #431).
  • 1b23976 Update dependencies: eslint-plugin-jsdoc to 37.2.8, eslint-plugin-unicorn to 39.0.0.
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

sonarcloud[bot] commented 2 years ago

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication