[Snyk] Upgrade marked from 0.3.5 to 4.0.12 #6

snyk-bot · 2022-03-01T12:27:07Z

Snyk has created this PR to upgrade marked from 0.3.5 to 4.0.12.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

The recommended version is 71 versions ahead of your current version.
The recommended version was released a month ago, on 2022-01-27.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Regular Expression Denial of Service (ReDoS) npm:marked:20180225	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) npm:marked:20170907	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Cross-site Scripting (XSS) npm:marked:20170815	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Cross-site Scripting (XSS) npm:marked:20170112	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Cross-site Scripting (XSS) npm:marked:20150520	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Cross-site Scripting (XSS) npm:marked:20170815-1	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-584281	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-451540	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342082	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342073	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-174116	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: marked

4.0.12 - 2022-01-27
4.0.12 (2022-01-27)

Bug Fixes
- fix nbsp after table (#2372) (ed66bf8)
4.0.11 - 2022-01-26
4.0.11 (2022-01-26)

Bug Fixes
- fix blank line after table header (#2332) (6e1f923)
4.0.10 - 2022-01-13
4.0.10 (2022-01-13)

Bug Fixes
- security: fix redos vulnerabilities (8f80657)
4.0.9 - 2022-01-06
4.0.9 (2022-01-06)

Bug Fixes
- retain line breaks in tokens properly (#2341) (a9696e2)
4.0.8 - 2021-12-19
4.0.8 (2021-12-19)

Bug Fixes
- spaces on a newline after a table (#2319) (f82ea2c)
4.0.7 - 2021-12-09
4.0.7 (2021-12-09)

Bug Fixes
- Fix every third list item broken (#2318) (346b162), closes #2314
4.0.6 - 2021-12-02
4.0.6 (2021-12-02)

Bug Fixes
- speed up parsing long lists (#2302) (e0005d8)
4.0.5 - 2021-11-25
4.0.5 (2021-11-25)

Bug Fixes
- table after paragraph without blank line (#2298) (5714212)
4.0.4 - 2021-11-19
4.0.4 (2021-11-19)

Bug Fixes
- fix cli (#2294) (ab2977a)
4.0.3 - 2021-11-13
4.0.3 (2021-11-13)

Bug Fixes
- build min from umd (#2283) (ea26ea9)
4.0.2 - 2021-11-12
4.0.1 - 2021-11-11
4.0.0 - 2021-11-02
3.0.8 - 2021-10-24
3.0.7 - 2021-10-07
3.0.6 - 2021-10-06
3.0.5 - 2021-10-06
3.0.4 - 2021-09-14
3.0.3 - 2021-09-08
3.0.2 - 2021-08-25
3.0.1 - 2021-08-23
3.0.0 - 2021-08-16
2.1.3 - 2021-06-25
2.1.2 - 2021-06-22
2.1.1 - 2021-06-16
2.1.0 - 2021-06-15
2.0.7 - 2021-06-01
2.0.6 - 2021-05-27
2.0.5 - 2021-05-21
2.0.4 - 2021-05-20
2.0.3 - 2021-04-11
2.0.2 - 2021-04-10
2.0.1 - 2021-02-27
2.0.0 - 2021-02-07
1.2.9 - 2021-02-03
1.2.8 - 2021-01-26
1.2.7 - 2020-12-15
1.2.6 - 2020-12-10
1.2.5 - 2020-11-19
1.2.4 - 2020-11-15
1.2.3 - 2020-11-04
1.2.2 - 2020-10-21
1.2.1 - 2020-10-21
1.2.0 - 2020-09-28
1.1.2 - 2020-10-21
1.1.1 - 2020-07-14
1.1.0 - 2020-05-16
1.0.0 - 2020-04-21
0.8.2 - 2020-03-22
0.8.1 - 2020-03-18
0.8.0 - 2019-12-12
0.7.0 - 2019-07-06
0.6.3 - 2019-06-30
0.6.2 - 2019-04-05
0.6.1 - 2019-02-19
0.6.0 - 2019-01-01
0.5.2 - 2018-11-20
0.5.1 - 2018-09-26
0.5.0 - 2018-08-16
0.4.0 - 2018-05-21
0.3.19 - 2018-03-26
0.3.18 - 2018-03-22
0.3.17 - 2018-02-27
0.3.16 - 2018-02-20
0.3.15 - 2018-02-19
0.3.14 - 2018-02-16
0.3.13 - 2018-02-16
0.3.12 - 2018-01-09
0.3.9 - 2017-12-23
0.3.7 - 2017-12-01
0.3.6 - 2016-07-30
0.3.5 - 2015-07-31

from marked GitHub release notes

Commit messages

Package name: marked

4c5b974 chore(release): 4.0.12 [skip ci]
a200d0a 🗜️ build [skip ci]
5fba688 fix: fix nbsp after table
ed66bf8 Add check in splitCells to prevent calling trim on undefined (#2372)
8375314 chore(release): 4.0.11 [skip ci]
f77fa68 🗜️ build [skip ci]
6e1f923 fix: fix blank line after table header (#2332)
5384d17 chore(deps-dev): Bump @ babel/preset-env from 7.16.8 to 7.16.11 (#2367)
00487d1 chore(deps-dev): Bump rollup from 2.64.0 to 2.66.0 (#2366)
83ca3b1 chore(deps-dev): Bump semantic-release from 18.0.1 to 19.0.2 (#2368)
bd01abe chore(deps-dev): Bump node-fetch from 3.1.1 to 3.2.0 (#2369)
6a16d1b chore(deps-dev): Bump @ babel/core from 7.16.7 to 7.16.12 (#2370)
dd22152 chore(deps-dev): Bump node-fetch from 3.1.0 to 3.1.1 (#2359)
f049e52 chore(deps-dev): Bump eslint from 8.6.0 to 8.7.0 (#2360)
4241eca chore(deps-dev): Bump rollup from 2.63.0 to 2.64.0 (#2361)
eef2bf5 chore(deps-dev): Bump jasmine from 4.0.1 to 4.0.2 (#2362)
84eac22 chore(deps-dev): Bump @ babel/preset-env from 7.16.7 to 7.16.8 (#2363)
96c46c7 chore(readme): fix copyright date (#2356)
ae01170 chore(release): 4.0.10 [skip ci]
fceda57 🗜️ build [skip ci]
8f80657 fix(security): fix redos vulnerabilities
c4a3ccd Merge pull request from GHSA-rrrm-qjm4-v8hf
d7212a6 chore(deps-dev): Bump jasmine from 4.0.0 to 4.0.1 (#2352)
5a84db5 chore(deps-dev): Bump rollup from 2.62.0 to 2.63.0 (#2350)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade marked from 0.3.5 to 4.0.12. See this package in npm: https://www.npmjs.com/package/marked See this project in Snyk: https://app.snyk.io/org/fchaza/project/9dfdea0b-c192-454b-9b6a-6029f1be40b7?utm_source=github&utm_medium=referral&page=upgrade-pr

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade marked from 0.3.5 to 4.0.12 #6

[Snyk] Upgrade marked from 0.3.5 to 4.0.12 #6

snyk-bot commented Mar 1, 2022

4.0.12 (2022-01-27)

Bug Fixes

4.0.11 (2022-01-26)

Bug Fixes

4.0.10 (2022-01-13)

Bug Fixes

4.0.9 (2022-01-06)

Bug Fixes

4.0.8 (2021-12-19)

Bug Fixes

4.0.7 (2021-12-09)

Bug Fixes

4.0.6 (2021-12-02)

Bug Fixes

4.0.5 (2021-11-25)

Bug Fixes

4.0.4 (2021-11-19)

Bug Fixes

4.0.3 (2021-11-13)

Bug Fixes

[Snyk] Upgrade marked from 0.3.5 to 4.0.12 #6

Are you sure you want to change the base?

[Snyk] Upgrade marked from 0.3.5 to 4.0.12 #6

Conversation

snyk-bot commented Mar 1, 2022

Snyk has created this PR to upgrade marked from 0.3.5 to 4.0.12.

4.0.12 (2022-01-27)

Bug Fixes

4.0.11 (2022-01-26)

Bug Fixes

4.0.10 (2022-01-13)

Bug Fixes

4.0.9 (2022-01-06)

Bug Fixes

4.0.8 (2021-12-19)

Bug Fixes

4.0.7 (2021-12-09)

Bug Fixes

4.0.6 (2021-12-02)

Bug Fixes

4.0.5 (2021-11-25)

Bug Fixes

4.0.4 (2021-11-19)

Bug Fixes

4.0.3 (2021-11-13)

Bug Fixes