[Snyk] Upgrade marked from 0.3.5 to 4.2.2 #5

eliavs-snyk · 2022-12-01T03:39:01Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade marked from 0.3.5 to 4.2.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

The recommended version is 83 versions ahead of your current version.
The recommended version was released a month ago, on 2022-11-05.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Regular Expression Denial of Service (ReDoS) npm:marked:20180225	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) npm:marked:20170907	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Cross-site Scripting (XSS) npm:marked:20170815	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Cross-site Scripting (XSS) npm:marked:20170112	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Cross-site Scripting (XSS) npm:marked:20150520	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Cross-site Scripting (XSS) npm:marked:20170815-1	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-584281	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-451540	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342082	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342073	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-174116	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: marked

4.2.2 - 2022-11-05
4.2.2 (2022-11-05)

Bug Fixes
- fix escape characters in links (#2628) (44a2a23)
4.2.1 - 2022-11-02
4.2.1 (2022-11-02)

Bug Fixes
- Support escapes within emphasis (#2627) (377823a), closes #2280
4.2.0 - 2022-10-31
4.2.0 (2022-10-31)

Features
- export bin/marked (#2629) (bd8aad9)
4.1.1 - 2022-10-01
4.1.1 (2022-10-01)

Bug Fixes
- remove smartLists from docs and code (#2596) (f6ba2e3), closes #2582 #2582 #2582 #2582 #2582 #2582 #2582
4.1.0 - 2022-08-30
4.1.0 (2022-08-30)

Features
- add async option (#2474) (994b2e6)
4.0.19 - 2022-08-21
4.0.19 (2022-08-21)

Bug Fixes
- make second parameter optional on lexer.inline (#2552) (f1a9608)
4.0.18 - 2022-07-11
4.0.18 (2022-07-11)

Bug Fixes
- fix heading in list item (#2520) (01c98d1)
4.0.17 - 2022-06-13
4.0.17 (2022-06-13)

Bug Fixes
- Code and heading after list without blank line (#2483) (15f3f15)
4.0.16 - 2022-05-17
4.0.16 (2022-05-17)

Bug Fixes
- fix ref links inside table (#2471) (81daa2a)
4.0.15 - 2022-05-02
4.0.15 (2022-05-02)

Bug Fixes
- list item bullet without whitespace (#2431) (9c10b4d)
4.0.14 - 2022-04-11
4.0.13 - 2022-04-08
4.0.12 - 2022-01-27
4.0.11 - 2022-01-26
4.0.10 - 2022-01-13
4.0.9 - 2022-01-06
4.0.8 - 2021-12-19
4.0.7 - 2021-12-09
4.0.6 - 2021-12-02
4.0.5 - 2021-11-25
4.0.4 - 2021-11-19
4.0.3 - 2021-11-13
4.0.2 - 2021-11-12
4.0.1 - 2021-11-11
4.0.0 - 2021-11-02
3.0.8 - 2021-10-24
3.0.7 - 2021-10-07
3.0.6 - 2021-10-06
3.0.5 - 2021-10-06
3.0.4 - 2021-09-14
3.0.3 - 2021-09-08
3.0.2 - 2021-08-25
3.0.1 - 2021-08-23
3.0.0 - 2021-08-16
2.1.3 - 2021-06-25
2.1.2 - 2021-06-22
2.1.1 - 2021-06-16
2.1.0 - 2021-06-15
2.0.7 - 2021-06-01
2.0.6 - 2021-05-27
2.0.5 - 2021-05-21
2.0.4 - 2021-05-20
2.0.3 - 2021-04-11
2.0.2 - 2021-04-10
2.0.1 - 2021-02-27
2.0.0 - 2021-02-07
1.2.9 - 2021-02-03
1.2.8 - 2021-01-26
1.2.7 - 2020-12-15
1.2.6 - 2020-12-10
1.2.5 - 2020-11-19
1.2.4 - 2020-11-15
1.2.3 - 2020-11-04
1.2.2 - 2020-10-21
1.2.1 - 2020-10-21
1.2.0 - 2020-09-28
1.1.2 - 2020-10-21
1.1.1 - 2020-07-14
1.1.0 - 2020-05-16
1.0.0 - 2020-04-21
0.8.2 - 2020-03-22
0.8.1 - 2020-03-18
0.8.0 - 2019-12-12
0.7.0 - 2019-07-06
0.6.3 - 2019-06-30
0.6.2 - 2019-04-05
0.6.1 - 2019-02-19
0.6.0 - 2019-01-01
0.5.2 - 2018-11-20
0.5.1 - 2018-09-26
0.5.0 - 2018-08-16
0.4.0 - 2018-05-21
0.3.19 - 2018-03-26
0.3.18 - 2018-03-22
0.3.17 - 2018-02-27
0.3.16 - 2018-02-20
0.3.15 - 2018-02-19
0.3.14 - 2018-02-16
0.3.13 - 2018-02-16
0.3.12 - 2018-01-09
0.3.9 - 2017-12-23
0.3.7 - 2017-12-01
0.3.6 - 2016-07-30
0.3.5 - 2015-07-31

from marked GitHub release notes

Commit messages

Package name: marked

48e28e7 chore(release): 4.2.2 [skip ci]
1a87b9f 🗜️ build [skip ci]
44a2a23 fix: fix escape characters in links (#2628)
3d389d5 chore(release): 4.2.1 [skip ci]
5eee913 🗜️ build [skip ci]
377823a fix: Support escapes within emphasis (#2627)
54410cd chore(release): 4.2.0 [skip ci]
c05218a 🗜️ build [skip ci]
715f88a docs: add cli extension docs (#2632)
b5bdcf9 chore(deps-dev): Bump jasmine from 4.4.0 to 4.5.0 (#2637)
207149e chore(deps-dev): Bump eslint-plugin-n from 15.3.0 to 15.4.0 (#2636)
6973195 chore(deps-dev): Bump rollup-plugin-license from 2.8.2 to 3.0.1 (#2635)
d22e409 chore(deps-dev): Bump uglify-js from 3.17.3 to 3.17.4 (#2634)
1d7f039 docs: added copy to clipboard for each code block (#2616)
7fa1f45 chore: update dingus (#2624)
bd8aad9 feat: export bin/marked (#2629)
2c9728d Update outdated link (#2625)
99ac755 chore(deps-dev): Bump @ rollup/plugin-commonjs from 23.0.0 to 23.0.2 (#2621)
7f8af9a chore(deps-dev): Bump eslint from 8.25.0 to 8.26.0 (#2618)
29927de chore(deps-dev): Bump eslint-plugin-promise from 6.1.0 to 6.1.1 (#2619)
912a855 chore(deps-dev): Bump @ babel/core from 7.19.3 to 7.19.6 (#2620)
338417d chore(deps-dev): Bump @ rollup/plugin-babel from 6.0.0 to 6.0.2 (#2622)
2ddf218 chore(deps-dev): Bump eslint-plugin-promise from 6.0.1 to 6.1.0 (#2612)
372d7b1 chore(deps-dev): Bump rollup-plugin-license from 2.8.1 to 2.8.2 (#2614)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade marked from 0.3.5 to 4.2.2. See this package in npm: https://www.npmjs.com/package/marked See this project in Snyk: https://app.snyk.io/org/eliav-test/project/aff839f7-5105-40ac-9f4c-7bf083bb6ff3?utm_source=github&utm_medium=referral&page=upgrade-pr

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade marked from 0.3.5 to 4.2.2 #5

[Snyk] Upgrade marked from 0.3.5 to 4.2.2 #5

eliavs-snyk commented Dec 1, 2022

4.2.2 (2022-11-05)

Bug Fixes

4.2.1 (2022-11-02)

Bug Fixes

4.2.0 (2022-10-31)

Features

4.1.1 (2022-10-01)

Bug Fixes

4.1.0 (2022-08-30)

Features

4.0.19 (2022-08-21)

Bug Fixes

4.0.18 (2022-07-11)

Bug Fixes

4.0.17 (2022-06-13)

Bug Fixes

4.0.16 (2022-05-17)

Bug Fixes

4.0.15 (2022-05-02)

Bug Fixes

[Snyk] Upgrade marked from 0.3.5 to 4.2.2 #5

Are you sure you want to change the base?

[Snyk] Upgrade marked from 0.3.5 to 4.2.2 #5

Conversation

eliavs-snyk commented Dec 1, 2022

Snyk has created this PR to upgrade marked from 0.3.5 to 4.2.2.

4.2.2 (2022-11-05)

Bug Fixes

4.2.1 (2022-11-02)

Bug Fixes

4.2.0 (2022-10-31)

Features

4.1.1 (2022-10-01)

Bug Fixes

4.1.0 (2022-08-30)

Features

4.0.19 (2022-08-21)

Bug Fixes

4.0.18 (2022-07-11)

Bug Fixes

4.0.17 (2022-06-13)

Bug Fixes

4.0.16 (2022-05-17)

Bug Fixes

4.0.15 (2022-05-02)

Bug Fixes