Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade marked from 0.3.5 to 12.0.0 #5

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

mnathsnyk
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade marked from 0.3.5 to 12.0.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


Warning: This is a major version upgrade, and may be a breaking change.

  • The recommended version is 130 versions ahead of your current version.
  • The recommended version was released a month ago, on 2024-02-03.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Cross-site Scripting (XSS)
npm:marked:20150520
654/1000
Why? Has a fix available, CVSS 8.8
No Known Exploit
Cross-site Scripting (XSS)
npm:marked:20170112
654/1000
Why? Has a fix available, CVSS 8.8
No Known Exploit
Cross-site Scripting (XSS)
npm:marked:20170815
654/1000
Why? Has a fix available, CVSS 8.8
No Known Exploit
Regular Expression Denial of Service (ReDoS)
npm:marked:20170907
654/1000
Why? Has a fix available, CVSS 8.8
No Known Exploit
Regular Expression Denial of Service (ReDoS)
npm:marked:20180225
654/1000
Why? Has a fix available, CVSS 8.8
Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-174116
654/1000
Why? Has a fix available, CVSS 8.8
No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-2342073
654/1000
Why? Has a fix available, CVSS 8.8
Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-2342082
654/1000
Why? Has a fix available, CVSS 8.8
Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-451540
654/1000
Why? Has a fix available, CVSS 8.8
No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-584281
654/1000
Why? Has a fix available, CVSS 8.8
No Known Exploit
Cross-site Scripting (XSS)
npm:marked:20170815-1
654/1000
Why? Has a fix available, CVSS 8.8
No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: marked
  • 12.0.0 - 2024-02-03

    12.0.0 (2024-02-03)

    Bug Fixes

    BREAKING CHANGES

    • changes to spec
    • Update HTML block tags: add search, remove source
    • Update punctuation to include unicode punctuation and symbol categories
    • Update HTML comment to include <!--> and <!--->
  • 11.2.0 - 2024-01-27

    11.2.0 (2024-01-27)

    Bug Fixes

    Features

  • 11.1.1 - 2023-12-31

    11.1.1 (2023-12-31)

    Bug Fixes

    • improve lexing inline elements step's performance (#3146) (4f87b2a)
  • 11.1.0 - 2023-12-12

    11.1.0 (2023-12-12)

    Features

  • 11.0.1 - 2023-12-08

    11.0.1 (2023-12-08)

    Bug Fixes

  • 11.0.0 - 2023-11-29

    11.0.0 (2023-11-29)

    Bug Fixes

    BREAKING CHANGES

    • Lexer.rules object has been changed so it can be properly types. Some intermediate rules have been removed.
  • 10.0.0 - 2023-11-11

    10.0.0 (2023-11-11)

    Bug Fixes

    BREAKING CHANGES

    • drop support for node v16
  • 9.1.6 - 2023-11-10

    9.1.6 (2023-11-10)

    Bug Fixes

    • fix instance options sent to lexer and parser (#3073) (f9d08cc)
  • 9.1.5 - 2023-11-02

    9.1.5 (2023-11-02)

    Bug Fixes

  • 9.1.4 - 2023-10-31

    9.1.4 (2023-10-31)

    Bug Fixes

  • 9.1.3 - 2023-10-28
  • 9.1.2 - 2023-10-13
  • 9.1.1 - 2023-10-11
  • 9.1.0 - 2023-10-05
  • 9.0.3 - 2023-09-18
  • 9.0.2 - 2023-09-16
  • 9.0.1 - 2023-09-15
  • 9.0.0 - 2023-09-09
  • 8.0.1 - 2023-09-06
  • 8.0.0 - 2023-09-03
  • 7.0.5 - 2023-08-26
  • 7.0.4 - 2023-08-19
  • 7.0.3 - 2023-08-15
  • 7.0.2 - 2023-08-10
  • 7.0.1 - 2023-08-07
  • 7.0.0 - 2023-08-06
  • 6.0.0 - 2023-07-31
  • 5.1.2 - 2023-07-25
  • 5.1.1 - 2023-07-07
  • 5.1.0 - 2023-06-10
  • 5.0.5 - 2023-06-07
  • 5.0.4 - 2023-05-30
  • 5.0.3 - 2023-05-26
  • 5.0.2 - 2023-05-11
  • 5.0.1 - 2023-05-06
  • 5.0.0 - 2023-05-02
  • 4.3.0 - 2023-03-22
  • 4.2.12 - 2023-01-14
  • 4.2.11 - 2023-01-14
  • 4.2.10 - 2023-01-14
  • 4.2.9 - 2023-01-14
  • 4.2.8 - 2023-01-14
  • 4.2.7 - 2023-01-14
  • 4.2.6 - 2023-01-14
  • 4.2.5 - 2022-12-23
  • 4.2.4 - 2022-12-07
  • 4.2.3 - 2022-11-20
  • 4.2.2 - 2022-11-05
  • 4.2.1 - 2022-11-02
  • 4.2.0 - 2022-10-31
  • 4.1.1 - 2022-10-01
  • 4.1.0 - 2022-08-30
  • 4.0.19 - 2022-08-21
  • 4.0.18 - 2022-07-11
  • 4.0.17 - 2022-06-13
  • 4.0.16 - 2022-05-17
  • 4.0.15 - 2022-05-02
  • 4.0.14 - 2022-04-11
  • 4.0.13 - 2022-04-08
  • 4.0.12 - 2022-01-27
  • 4.0.11 - 2022-01-26
  • 4.0.10 - 2022-01-13
  • 4.0.9 - 2022-01-06
  • 4.0.8 - 2021-12-19
  • 4.0.7 - 2021-12-09
  • 4.0.6 - 2021-12-02
  • 4.0.5 - 2021-11-25
  • 4.0.4 - 2021-11-19
  • 4.0.3 - 2021-11-13
  • 4.0.2 - 2021-11-12
  • 4.0.1 - 2021-11-11
  • 4.0.0 - 2021-11-02
  • 3.0.8 - 2021-10-24
  • 3.0.7 - 2021-10-07
  • 3.0.6 - 2021-10-06
  • 3.0.5 - 2021-10-06
  • 3.0.4 - 2021-09-14
  • 3.0.3 - 2021-09-08
  • 3.0.2 - 2021-08-25
  • 3.0.1 - 2021-08-23
  • 3.0.0 - 2021-08-16
  • 2.1.3 - 2021-06-25
  • 2.1.2 - 2021-06-22
  • 2.1.1 - 2021-06-16
  • 2.1.0 - 2021-06-15
  • 2.0.7 - 2021-06-01
  • 2.0.6 - 2021-05-27
  • 2.0.5 - 2021-05-21
  • 2.0.4 - 2021-05-20
  • 2.0.3 - 2021-04-11
  • 2.0.2 - 2021-04-10
  • 2.0.1 - 2021-02-27
  • 2.0.0 - 2021-02-07

    12.0.0 (2024-02-03)

    Bug Fixes

    BREAKING CHANGES

    • changes to spec
    • Update HTML block tags: add search, remove source
    • Update punctuation to include unicode punctuation and symbol categories
    • Update HTML comment to include <!--> and <!--->
  • 1.2.9 - 2021-02-03
  • 1.2.8 - 2021-01-26
  • 1.2.7 - 2020-12-15
  • 1.2.6 - 2020-12-10
  • 1.2.5 - 2020-11-19
  • 1.2.4 - 2020-11-15
  • 1.2.3 - 2020-11-04
  • 1.2.2 - 2020-10-21
  • 1.2.1 - 2020-10-21
  • 1.2.0 - 2020-09-28

    11.2.0 (2024-01-27)

    Bug Fixes

    Features

  • 1.1.2 - 2020-10-21
  • 1.1.1 - 2020-07-14

    11.1.1 (2023-12-31)

    Bug Fixes

    • improve lexing inline elements step's performance (#3146) (4f87b2a)
  • 1.1.0 - 2020-05-16

    11.1.0 (2023-12-12)

    Features

  • 1.0.0 - 2020-04-21

    11.0.0 (2023-11-29)

    Bug Fixes

    BREAKING CHANGES

    • Lexer.rules object has been changed so it can be properly types. Some intermediate rules have been removed.
  • 0.8.2 - 2020-03-22
  • 0.8.1 - 2020-03-18
  • 0.8.0 - 2019-12-12
  • 0.7.0 - 2019-07-06
  • 0.6.3 - 2019-06-30
  • 0.6.2 - 2019-04-05
  • 0.6.1 - 2019-02-19
  • 0.6.0 - 2019-01-01
  • 0.5.2 - 2018-11-20
  • 0.5.1 - 2018-09-26
  • 0.5.0 - 2018-08-16
  • 0.4.0 - 2018-05-21
  • 0.3.19 - 2018-03-26
  • 0.3.18 - 2018-03-22
  • 0.3.17 - 2018-02-27
  • 0.3.16 - 2018-02-20
  • 0.3.15 - 2018-02-19
  • 0.3.14 - 2018-02-16
  • 0.3.13 - 2018-02-16
  • 0.3.12 - 2018-01-09
  • 0.3.9 - 2017-12-23
  • 0.3.7 - 2017-12-01
  • 0.3.6 - 2016-07-30
  • 0.3.5 - 2015-07-31
from marked GitHub release notes
Commit messages
Package name: marked
  • cd15160 chore(release): 12.0.0 [skip ci]
  • 3d9017b fix: update to commonmark specs 0.31 (#3176)
  • 365e720 chore(deps-dev): Bump @ arethetypeswrong/cli from 0.13.5 to 0.13.6 (#3181)
  • 2bf0645 chore(deps-dev): Bump @ typescript-eslint/eslint-plugin from 6.19.0 to 6.19.1 (#3179)
  • a26db80 chore(deps-dev): Bump @ typescript-eslint/parser from 6.19.0 to 6.19.1 (#3180)
  • ee9e20e chore(deps-dev): Bump dts-bundle-generator from 9.2.4 to 9.2.5 (#3178)
  • f0507cb chore(release): 11.2.0 [skip ci]
  • 4826841 feat: flatten childToken arrays (#3172)
  • bf44ae8 fix: Fix ENOENT error message in CLI (#3165)
  • 47a140a chore(deps-dev): Bump @ typescript-eslint/parser from 6.18.1 to 6.19.0 (#3175)
  • 8c01a9f chore(deps-dev): Bump @ typescript-eslint/eslint-plugin from 6.18.0 to 6.19.0 (#3174)
  • f7c3c00 chore(deps-dev): Bump rollup from 4.9.4 to 4.9.6 (#3173)
  • 6f4467c chore(deps-dev): Bump @ typescript-eslint/parser from 6.18.0 to 6.18.1 (#3160)
  • 8dfeba8 chore(deps-dev): Bump semantic-release from 22.0.12 to 23.0.0 (#3161)
  • 99890dd chore(deps-dev): Bump eslint-plugin-n from 16.6.1 to 16.6.2 (#3162)
  • 6570fdf chore(deps-dev): Bump @ rollup/plugin-typescript from 11.1.5 to 11.1.6 (#3163)
  • 1befefc chore(deps-dev): Bump dts-bundle-generator from 9.2.1 to 9.2.4 (#3159)
  • 9514a93 chore(deps-dev): Bump @ typescript-eslint/eslint-plugin from 6.16.0 to 6.18.0 (#3156)
  • f7aa3d6 chore(deps-dev): Bump eslint-plugin-n from 16.6.0 to 16.6.1 (#3155)
  • c2dd3f3 chore(deps-dev): Bump rollup from 4.9.2 to 4.9.4 (#3154)
  • dd1bcd2 chore(deps-dev): Bump @ typescript-eslint/parser from 6.13.2 to 6.18.0 (#3153)
  • edb1567 chore(deps-dev): Bump dts-bundle-generator from 9.0.0 to 9.2.1 (#3149)
  • 7e839cf chore(deps-dev): Bump markdown-it from 13.0.2 to 14.0.0 (#3152)
  • b3d5eb3 chore(deps-dev): Bump eslint-plugin-n from 16.5.0 to 16.6.0 (#3151)

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants