[Snyk] Upgrade marked from 0.3.5 to 4.0.0

[snyk-bot]

Snyk has created this PR to upgrade marked from 0.3.5 to 4.0.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

Warning: This is a major version upgrade, and may be a breaking change.

• The recommended version is 59 versions ahead of your current version.
• The recommended version was released 22 days ago, on 2021-11-02.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) npm:marked:20180225	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) npm:marked:20170907	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
	Cross-site Scripting (XSS) npm:marked:20170815	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
	Cross-site Scripting (XSS) npm:marked:20170112	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
	Cross-site Scripting (XSS) npm:marked:20150520	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
	Cross-site Scripting (XSS) npm:marked:20170815-1	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-584281	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-451540	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-174116	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: marked

• 4.0.0 - 2021-11-02
  

  4.0.0 (2021-11-02)

  Bug Fixes

  • Convert to ESM (#2227) (4afb228)

  BREAKING CHANGES

  • Default export removed. Use import { marked } from 'marked' or const { marked } = require('marked') instead.
  • /lib/marked.js removed. Use /marked.min.js in script tag instead.
  • When using marked in a script tag use marked.parse(...) instead of marked(...)
• 3.0.8 - 2021-10-24
  

  3.0.8 (2021-10-24)

  Bug Fixes

  • walkTokens uses marked as this (#2251) (2da5885)
• 3.0.7 - 2021-10-07
  

  3.0.7 (2021-10-07)

  Bug Fixes

  • use named exports only for ESM build (#2226)
• 3.0.6 - 2021-10-06
  

  3.0.6 (2021-10-06)

  Bug Fixes

  • Remove esm interop (#2225) (4bc9121)
• 3.0.5 - 2021-10-06
  

  3.0.5 (2021-10-06)

  Bug Fixes

  • Expose named exports for ESM build (#2223) (3959651)
• 3.0.4 - 2021-09-14
  

  3.0.4 (2021-09-14)

  Bug Fixes

  • fix detection of orphaned emStrong delimiters (#2203) (7792adc)
• 3.0.3 - 2021-09-08
  

  3.0.3 (2021-09-08)

  Bug Fixes

  • fix space at end of table line (#2201) (910f0f0)
• 3.0.2 - 2021-08-25
  

  3.0.2 (2021-08-25)

  Bug Fixes

  • stop table at lines with only whitespace (#2188) (21268ab)
• 3.0.1 - 2021-08-23
  

  3.0.1 (2021-08-23)

  Bug Fixes

  • fix gfm urls after link (#2186) (e03b5c1)
• 3.0.0 - 2021-08-16
  

  3.0.0 (2021-08-16)

  Bug Fixes

  • Tokenizers lex their own child tokens (#2124) (288f1cb)
  • Add module field to package.json (#2143) (edc2e6d)
  • Drop node 10 support (#2157) (433b16f)
  • Full Commonmark compliance for Lists (#2112) (eb33d3b)
  • Refactor table tokens (#2166) (bc400ac)

  BREAKING CHANGES

  • Drop support for node 10.
  • Add module field to package.json

  ---

  • Tokenizers will create their own tokens with this.lexer.inline(text, tokens). The inline function will queue the token creation until after all block tokens are created.
  • Extensions tokenizer this object will include the lexer as a property. this.inlineTokens becomes this.lexer.inline.
  • Extensions renderer this object will include the parser as a property. this.parseInline becomes this.parser.parseInline.
  • tag and inlineText tokenizer function signatures have changed.

  ---

  • nptable tokenizer is removed and merged with table tokenizer.
  • table tokens header property changed to contain an array of objects for each header cell with text and tokens properties.
  • table tokens cells property changed to rows and is an array of rows where each row contains an array of objects for each cell with text and tokens properties.

  v2 table token:

  {
    "type": "table",
    "align": [null, null],
    "raw": "| a | b |\n|---|---|\n| 1 | 2 |\n",
    "header": ["a", "b"],
    "cells": [["1", "2"]],
    "tokens": {
      "header": [
        [{ "type": "text", "raw": "a", "text": "a" }],
        [{ "type": "text", "raw": "b", "text": "b" }]
      ],
      "cells": [[
        [{ "type": "text", "raw": "1", "text": "1" }],
        [{ "type": "text", "raw": "2", "text": "2" }]
      ]]
    }
  }

  v3 table token:

  {
    "type": "table",
    "align": [null, null],
    "raw": "| a | b |\n|---|---|\n| 1 | 2 |\n",
    "header": [
      {
        "text": "a",
        "tokens": [{ "type": "text", "raw": "a", "text": "a" }]
      },
      {
        "text": "b",
        "tokens": [{ "type": "text", "raw": "b", "text": "b" }]
      }
    ],
    "rows": [
      {
        "text": "1",
        "tokens": [{ "type": "text", "raw": "1", "text": "1" }]
      },
      {
        "text": "2",
        "tokens": [{ "type": "text", "raw": "2", "text": "2" }]
      }
    ]
  }

• 2.1.3 - 2021-06-25
• 2.1.2 - 2021-06-22
• 2.1.1 - 2021-06-16
• 2.1.0 - 2021-06-15
• 2.0.7 - 2021-06-01
• 2.0.6 - 2021-05-27
• 2.0.5 - 2021-05-21
• 2.0.4 - 2021-05-20
• 2.0.3 - 2021-04-11
• 2.0.2 - 2021-04-10
• 2.0.1 - 2021-02-27
• 2.0.0 - 2021-02-07
• 1.2.9 - 2021-02-03
• 1.2.8 - 2021-01-26
• 1.2.7 - 2020-12-15
• 1.2.6 - 2020-12-10
• 1.2.5 - 2020-11-19
• 1.2.4 - 2020-11-15
• 1.2.3 - 2020-11-04
• 1.2.2 - 2020-10-21
• 1.2.1 - 2020-10-21
• 1.2.0 - 2020-09-28
• 1.1.2 - 2020-10-21
• 1.1.1 - 2020-07-14
• 1.1.0 - 2020-05-16
• 1.0.0 - 2020-04-21
• 0.8.2 - 2020-03-22
• 0.8.1 - 2020-03-18
• 0.8.0 - 2019-12-12
• 0.7.0 - 2019-07-06
• 0.6.3 - 2019-06-30
• 0.6.2 - 2019-04-05
• 0.6.1 - 2019-02-19
• 0.6.0 - 2019-01-01
• 0.5.2 - 2018-11-20
• 0.5.1 - 2018-09-26
• 0.5.0 - 2018-08-16
• 0.4.0 - 2018-05-21
• 0.3.19 - 2018-03-26
• 0.3.18 - 2018-03-22
• 0.3.17 - 2018-02-27
• 0.3.16 - 2018-02-20
• 0.3.15 - 2018-02-19
• 0.3.14 - 2018-02-16
• 0.3.13 - 2018-02-16
• 0.3.12 - 2018-01-09
• 0.3.9 - 2017-12-23
• 0.3.7 - 2017-12-01
• 0.3.6 - 2016-07-30
• 0.3.5 - 2015-07-31

from marked GitHub release notes

Commit messages

Package name: marked

• 7c09bb0 chore(release): 4.0.0 [skip ci]
• 1d5966f 🗜️ build [skip ci]
• eb84a28 chore: rename release config
• 4afb228 fix: Convert to ESM (#2227)
• 911dc9c chore(deps-dev): Bump @ babel/preset-env from 7.15.8 to 7.16.0 (#2263)
• 19466ff chore(deps-dev): Bump rollup from 2.58.3 to 2.59.0 (#2262)
• 49ad2ea chore(deps-dev): Bump @ babel/core from 7.15.8 to 7.16.0 (#2261)
• a702a8f chore(deps-dev): Bump @ semantic-release/git from 10.0.0 to 10.0.1 (#2260)
• e93f800 chore(deps-dev): Bump rollup from 2.58.0 to 2.58.3 (#2258)
• d23f94f chore(deps-dev): Bump @ semantic-release/npm from 8.0.1 to 8.0.2 (#2254)
• ef595af chore(deps-dev): Bump @ rollup/plugin-commonjs from 21.0.0 to 21.0.1 (#2255)
• fbc0f4a chore(deps-dev): Bump eslint-plugin-promise from 5.1.0 to 5.1.1 (#2256)
• da5eec8 chore(deps-dev): Bump eslint from 8.0.1 to 8.1.0 (#2257)
• d7f5e68 chore(release): 3.0.8 [skip ci]
• 48e5bd0 🗜️ build [skip ci]
• 2da5885 fix: walkTokens uses marked as this (#2251)
• 40b33d0 chore(deps-dev): Bump highlight.js from 11.2.0 to 11.3.1 (#2244)
• 9d4971f chore(deps-dev): Bump eslint from 8.0.0 to 8.0.1 (#2243)
• 90e41bb chore(deps-dev): Bump jasmine from 3.9.0 to 3.10.0 (#2245)
• d78820e chore(deps-dev): Bump @ semantic-release/npm from 8.0.0 to 8.0.1 (#2246)
• 1d886aa chore(deps-dev): Bump eslint from 7.32.0 to 8.0.0 (#2235)
• de7a5d6 chore(deps-dev): Bump @ babel/core from 7.15.5 to 7.15.8 (#2236)
• 4ee1053 chore(deps-dev): Bump rollup-plugin-license from 2.5.0 to 2.6.0 (#2237)
• 3fb4166 chore(deps-dev): Bump @ babel/preset-env from 7.15.6 to 7.15.8 (#2238)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs