[Snyk] Upgrade marked from 0.3.5 to 14.0.0 #1305

akanchhaS · 2024-08-28T04:32:57Z

Snyk has created this PR to upgrade marked from 0.3.5 to 14.0.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

The recommended version is 137 versions ahead of your current version.
The recommended version was released on 21 days ago.

Issues fixed by the recommended upgrade:

Issue	Score	Exploit Maturity
Regular Expression Denial of Service (ReDoS) npm:marked:20180225	61	Proof of Concept
Cross-site Scripting (XSS) npm:marked:20150520	61	No Known Exploit
Cross-site Scripting (XSS) npm:marked:20170112	61	No Known Exploit
Cross-site Scripting (XSS) npm:marked:20170815	61	No Known Exploit
Regular Expression Denial of Service (ReDoS) npm:marked:20170907	61	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-174116	61	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342073	61	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342082	61	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-451540	61	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-584281	61	No Known Exploit
Cross-site Scripting (XSS) npm:marked:20170815-1	61	No Known Exploit

Release notes

Package name: marked

14.0.0 - 2024-08-07
14.0.0 (2024-08-07)

Bug Fixes
- allow async option to dictate type returned (#3341) (b5a5004)
- Remove useNewRenderer (#3342) (e64f226)
BREAKING CHANGES
- Remove old renderer
- throw an error if async: false is set when an extension sets async: true
13.0.3 - 2024-07-28
13.0.3 (2024-07-28)

Bug Fixes
- fix recursion-like stack overflow error caused by the old render… (#3380) (89af0b8)
13.0.2 - 2024-07-04
13.0.2 (2024-07-04)

Bug Fixes
- fix list item with blank first line (#3351) (d28e4c6)
13.0.1 - 2024-06-24
13.0.1 (2024-06-24)

Bug Fixes
- fix this type in extension methods (#3339) (520b9ad)
13.0.0 - 2024-06-12
13.0.0 (2024-06-12)

Bug Fixes
- Fix blockquote code continuation (#3264) (7ab8185)
- Add parser as a property on the Renderer object (#3291)
- Send block text tokens to the text renderer (#3291)
Features
- Send token objects to renderers (#3291) (1ce59ea)
- Add space renderer that returns empty string by default (#3291)
- Add header and align properties to TableCell token (#3291)
- Add TableRow token (#3291)
- Add Checkbox token (#3291)
BREAKING CHANGES
- Add space token after blockquote and hr if there are multiple newlines
- Send token objects to renderers and move logic to parse tokens from the parser to the renderers.
 - Most extensions that update marked renderers should still work with this version but will break in a future major version.
 - Extensions that change marked renderers will need to be updated and use new option useNewRenderer and accept a token object instead of multiple parameters. See updated Renderer docs
 
 // v12 renderer extension
 
 const extension = {
 renderer: {
 heading(text, level) {
 // increase level by 1
 return <h${level + 1}>${text}</h${level + 1}>;
 }
 }
 };
 
 marked.use(extension);
 
 // v13 renderer extension
 
 const extension = {
 useNewRenderer: true,
 renderer: {
 heading(token) {
 // increase depth by 1
 const text = this.parser.parseInline(token.tokens);
 const level = token.depth;
 return <h${level + 1}>${text}</h${level + 1}>;
 }
 }
 };
 
 marked.use(extension);
12.0.2 - 2024-04-19
12.0.2 (2024-04-19)

Bug Fixes
- fix Setext continuation in blockquote (#3257) (e9f0eed)
12.0.1 - 2024-03-06
12.0.1 (2024-03-06)

Bug Fixes
- fix setext heading interupts (#3210) (d848445)
12.0.0 - 2024-02-03
12.0.0 (2024-02-03)

Bug Fixes
- update to commonmark spec 0.31 (#3176) (3d9017b)
BREAKING CHANGES
- changes to spec
- Update HTML block tags: add search, remove source
- Update punctuation to include unicode punctuation and symbol categories
- Update HTML comment to include 
11.2.0 - 2024-01-27
11.2.0 (2024-01-27)

Bug Fixes
- Fix ENOENT error message in CLI (#3165) (bf44ae8)
Features
- flatten childToken arrays (#3172) (4826841)
11.1.1 - 2023-12-31
11.1.1 (2023-12-31)

Bug Fixes
- improve lexing inline elements step's performance (#3146) (4f87b2a)
11.1.0 - 2023-12-12
11.0.1 - 2023-12-08
11.0.0 - 2023-11-29
10.0.0 - 2023-11-11
9.1.6 - 2023-11-10
9.1.5 - 2023-11-02
9.1.4 - 2023-10-31
9.1.3 - 2023-10-28
9.1.2 - 2023-10-13
9.1.1 - 2023-10-11
9.1.0 - 2023-10-05
9.0.3 - 2023-09-18
9.0.2 - 2023-09-16
9.0.1 - 2023-09-15
9.0.0 - 2023-09-09
8.0.1 - 2023-09-06
8.0.0 - 2023-09-03
7.0.5 - 2023-08-26
7.0.4 - 2023-08-19
7.0.3 - 2023-08-15
7.0.2 - 2023-08-10
7.0.1 - 2023-08-07
7.0.0 - 2023-08-06
6.0.0 - 2023-07-31
5.1.2 - 2023-07-25
5.1.1 - 2023-07-07
5.1.0 - 2023-06-10
5.0.5 - 2023-06-07
5.0.4 - 2023-05-30
5.0.3 - 2023-05-26
5.0.2 - 2023-05-11
5.0.1 - 2023-05-06
5.0.0 - 2023-05-02
4.3.0 - 2023-03-22
4.2.12 - 2023-01-14
4.2.11 - 2023-01-14
4.2.10 - 2023-01-14
4.2.9 - 2023-01-14
4.2.8 - 2023-01-14
4.2.7 - 2023-01-14
4.2.6 - 2023-01-14
4.2.5 - 2022-12-23
4.2.4 - 2022-12-07
4.2.3 - 2022-11-20
4.2.2 - 2022-11-05
4.2.1 - 2022-11-02
4.2.0 - 2022-10-31
4.1.1 - 2022-10-01
4.1.0 - 2022-08-30
4.0.19 - 2022-08-21
4.0.18 - 2022-07-11
4.0.17 - 2022-06-13
4.0.16 - 2022-05-17
4.0.15 - 2022-05-02
4.0.14 - 2022-04-11
4.0.13 - 2022-04-08
4.0.12 - 2022-01-27
4.0.11 - 2022-01-26
4.0.10 - 2022-01-13
4.0.9 - 2022-01-06
4.0.8 - 2021-12-19
4.0.7 - 2021-12-09
4.0.6 - 2021-12-02
4.0.5 - 2021-11-25
4.0.4 - 2021-11-19
4.0.3 - 2021-11-13
4.0.2 - 2021-11-12
4.0.1 - 2021-11-11
4.0.0 - 2021-11-02
14.0.0 (2024-08-07)

Bug Fixes
- allow async option to dictate type returned (#3341) (b5a5004)
- Remove useNewRenderer (#3342) (e64f226)
BREAKING CHANGES
- Remove old renderer
- throw an error if async: false is set when an extension sets async: true
3.0.8 - 2021-10-24
3.0.7 - 2021-10-07
3.0.6 - 2021-10-06
3.0.5 - 2021-10-06
3.0.4 - 2021-09-14
3.0.3 - 2021-09-08
13.0.3 (2024-07-28)

Bug Fixes
- fix recursion-like stack overflow error caused by the old render… (#3380) (89af0b8)
3.0.2 - 2021-08-25
13.0.2 (2024-07-04)

Bug Fixes
- fix list item with blank first line (#3351) (d28e4c6)
3.0.1 - 2021-08-23
13.0.1 (2024-06-24)

Bug Fixes
- fix this type in extension methods (#3339) (520b9ad)
3.0.0 - 2021-08-16
13.0.0 (2024-06-12)

Bug Fixes
- Fix blockquote code continuation (#3264) (7ab8185)
- Add parser as a property on the Renderer object (#3291)
- Send block text tokens to the text renderer (#3291)
Features
- Send token objects to renderers (#3291) (1ce59ea)
- Add space renderer that returns empty string by default (#3291)
- Add header and align properties to TableCell token (#3291)
- Add TableRow token (#3291)
- Add Checkbox token (#3291)
BREAKING CHANGES
- Add space token after blockquote and hr if there are multiple newlines
- Send token objects to renderers and move logic to parse tokens from the parser to the renderers.
 - Most extensions that update marked renderers should still work with this version but will break in a future major version.
 - Extensions that change marked renderers will need to be updated and use new option useNewRenderer and accept a token object instead of multiple parameters. See updated Renderer docs
 
 // v12 renderer extension
 
 const extension = {
 renderer: {
 heading(text, level) {
 // increase level by 1
 return <h${level + 1}>${text}</h${level + 1}>;
 }
 }
 };
 
 marked.use(extension);
 
 // v13 renderer extension
 
 const extension = {
 useNewRenderer: true,
 renderer: {
 heading(token) {
 // increase depth by 1
 const text = this.parser.parseInline(token.tokens);
 const level = token.depth;
 return <h${level + 1}>${text}</h${level + 1}>;
 }
 }
 };
 
 marked.use(extension);
2.1.3 - 2021-06-25
2.1.2 - 2021-06-22
2.1.1 - 2021-06-16
2.1.0 - 2021-06-15
2.0.7 - 2021-06-01
2.0.6 - 2021-05-27
2.0.5 - 2021-05-21
2.0.4 - 2021-05-20
2.0.3 - 2021-04-11
2.0.2 - 2021-04-10
12.0.2 (2024-04-19)

Bug Fixes
- fix Setext continuation in blockquote (#3257) (e9f0eed)
2.0.1 - 2021-02-27
12.0.1 (2024-03-06)

Bug Fixes
- fix setext heading interupts (#3210) (d848445)
2.0.0 - 2021-02-07
12.0.0 (2024-02-03)

Bug Fixes
- update to commonmark spec 0.31 (#3176) (3d9017b)
BREAKING CHANGES
- changes to spec
- Update HTML block tags: add search, remove source
- Update punctuation to include unicode punctuation and symbol categories
- Update HTML comment to include 
1.2.9 - 2021-02-03
1.2.8 - 2021-01-26
1.2.7 - 2020-12-15
1.2.6 - 2020-12-10
1.2.5 - 2020-11-19
1.2.4 - 2020-11-15
1.2.3 - 2020-11-04
1.2.2 - 2020-10-21
1.2.1 - 2020-10-21
1.2.0 - 2020-09-28
11.2.0 (2024-01-27)

Bug Fixes
- Fix ENOENT error message in CLI (#3165) (bf44ae8)
Features
- flatten childToken arrays (#3172) (4826841)
1.1.2 - 2020-10-21
1.1.1 - 2020-07-14
11.1.1 (2023-12-31)

Bug Fixes
- improve lexing inline elements step's performance (#3146) (4f87b2a)
1.1.0 - 2020-05-16
1.0.0 - 2020-04-21
0.8.2 - 2020-03-22
0.8.1 - 2020-03-18
0.8.0 - 2019-12-12
0.7.0 - 2019-07-06
0.6.3 - 2019-06-30
0.6.2 - 2019-04-05
0.6.1 - 2019-02-19
0.6.0 - 2019-01-01
0.5.2 - 2018-11-20
0.5.1 - 2018-09-26
0.5.0 - 2018-08-16
0.4.0 - 2018-05-21
0.3.19 - 2018-03-26
0.3.18 - 2018-03-22
0.3.17 - 2018-02-27
0.3.16 - 2018-02-20
0.3.15 - 2018-02-19
0.3.14 - 2018-02-16
0.3.13 - 2018-02-16
0.3.12 - 2018-01-09
0.3.9 - 2017-12-23
0.3.7 - 2017-12-01
0.3.6 - 2016-07-30
0.3.5 - 2015-07-31

from marked GitHub release notes

Important

Warning: This PR contains a major version upgrade, and may be a breaking change.
Check the changes in this PR to ensure they won't cause issues with your project.
This PR was automatically created by Snyk using the credentials of a real user.
Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

📜 Customise PR templates

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade marked from 0.3.5 to 14.0.0. See this package in npm: marked See this project in Snyk: https://app.snyk.io/org/panda-co/project/ebfb2282-581e-4b1b-afb0-8a0e07b1b540?utm_source=github&utm_medium=referral&page=upgrade-pr

[Snyk] Upgrade marked from 0.3.5 to 14.0.0 #1305

Are you sure you want to change the base?

[Snyk] Upgrade marked from 0.3.5 to 14.0.0 #1305

Conversation

akanchhaS commented Aug 28, 2024

Snyk has created this PR to upgrade marked from 0.3.5 to 14.0.0.

Issues fixed by the recommended upgrade:

14.0.0 (2024-08-07)

Bug Fixes

BREAKING CHANGES

13.0.3 (2024-07-28)

Bug Fixes

13.0.2 (2024-07-04)

Bug Fixes

13.0.1 (2024-06-24)

Bug Fixes

13.0.0 (2024-06-12)

Bug Fixes

Features

BREAKING CHANGES

12.0.2 (2024-04-19)

Bug Fixes

12.0.1 (2024-03-06)

Bug Fixes

12.0.0 (2024-02-03)

Bug Fixes

BREAKING CHANGES

11.2.0 (2024-01-27)

Bug Fixes

Features

11.1.1 (2023-12-31)

Bug Fixes

14.0.0 (2024-08-07)

Bug Fixes

BREAKING CHANGES

13.0.3 (2024-07-28)

Bug Fixes

13.0.2 (2024-07-04)

Bug Fixes

13.0.1 (2024-06-24)

Bug Fixes

13.0.0 (2024-06-12)

Bug Fixes

Features

BREAKING CHANGES

12.0.2 (2024-04-19)

Bug Fixes

12.0.1 (2024-03-06)

Bug Fixes

12.0.0 (2024-02-03)

Bug Fixes

BREAKING CHANGES

11.2.0 (2024-01-27)

Bug Fixes

Features

11.1.1 (2023-12-31)

Bug Fixes