Skip to content

[Snyk(Unlimited)] Upgrade marked from 0.3.5 to 0.8.0 #1590

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk(Unlimited)] Upgrade marked from 0.3.5 to 0.8.0 #1590

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to upgrade marked from 0.3.5 to 0.8.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
  • The recommended version is 21 versions ahead of your current version.
  • The recommended version was released 3 months ago, on 2019-12-12.

The recommended version fixes:

Severity Issue Exploit Maturity
GPL-2.0 license
snyk:lic:npm:goof:GPL-2.0		 No Data
Regular Expression Denial of Service (ReDoS)
npm:marked:20180225		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
npm:marked:20170907		 No Known Exploit
Cross-site Scripting (XSS)
npm:marked:20170815		 No Known Exploit
Cross-site Scripting (XSS)
npm:marked:20170112		 No Known Exploit
Cross-site Scripting (XSS)
npm:marked:20150520		 No Known Exploit
MPL-2.0 license
snyk:lic:npm:symbol:MPL-2.0		 No Data
Cross-site Scripting (XSS)
npm:marked:20170815-1		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-451540		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-174116		 No Known Exploit
Release notes
Package name: marked
  • 0.8.0 - 2019-12-12

    Breaking changes

    Fixes

    • Fix relative urls in baseUrl option #1526
    • Loose task list #1535
    • Fix image parentheses #1557
    • remove module field & update devDependencies #1581

    Docs

    • Update examples with es6+ #1521
    • Fix link to USING_PRO.md page #1552
    • Fix typo in USING_ADVANCED.md #1558
    • Node worker threads are stable #1555

    Dev Dependencies

    • Update deps #1516
    • Update eslint #1542
    • Update htmldiffer async matcher #1543
  • 0.7.0 - 2019-07-06

    Security

    • Sanitize paragraph and text tokens #1504
    • Fix ReDOS for links with backticks (issue #1493) #1515

    Breaking Changes

    • Deprecate sanitize and sanitizer options #1504
    • Move fences to CommonMark #1511
    • Move tables to GFM #1511
    • Remove tables option #1511
    • Single backtick in link text needs to be escaped #1515

    Fixes

    • Fix parentheses around a link #1509
    • Fix headings (issue