[Snyk] Security upgrade showdown from 1.9.0 to 2.0.0 - Githubissues

topcoder-platform / leaderboard-ui

0 stars 3 forks source link

[Snyk] Security upgrade showdown from 1.9.0 to 2.0.0 #97

Open snyk-bot opened 2 years ago

snyk-bot commented 2 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: showdown

The new version differs by 25 commits.

32a1aaa chore(build): version 2.0.0
97a7696 doc(security): add a security policy
e5f419b build: prep and create a 2.0.0-alpha release
366ef28 fix(extension-registering) removeExtension implementation
6ea6bbf Including QCObjects in "Who uses Showdown"-README (#744)
a931cc2 docs: clear ambiguity about CDN usage
62636d0 feature(ellipsis): Add option to disable ellipsis
b432da1 fix reference link impostors
b03e34a rename test files to match convention
525b65f preserve spaces between inline elements
33f2f9c Update README.md
b3310a1 docs: update README.md (#652)
f54395f Escaped the <br> in README.md (#645)
55314da chore: add vue-showdown (#630)
35730b7 fix: reduce npm package size
25c4420 fix: allow escaping of colons
e3ddcaf chore(license): update liscense to MIT
9828a82 chore(deps): make dependecies consistent with ^ operator
434eaff chore(deps): update all dependecies to the latest; make eslint work
1efca07 chore(ci): update CI to lastest node versions & github actions
414d7a5 remove nodejs v6 from travis CI
483e51f release 1.9.1
5cc3fcc update dev dependencies
1cd281f fix(openLinksInNewWindow): add rel="noopener noreferrer" to links

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic