Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk] Upgrade marked from 3.0.8 to 14.0.0 #7

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade marked from 3.0.8 to 14.0.0 #7

wants to merge 1 commit into from

Conversation

Sec32fun32
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade marked from 3.0.8 to 14.0.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

  • The recommended version is 79 versions ahead of your current version.

  • The recommended version was released on a month ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Prototype Poisoning
SNYK-JS-QS-3153490		 641 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		 641 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		 641 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		 641 Proof of Concept
high severity Inefficient Regular Expression Complexity
SNYK-JS-MICROMATCH-6838728		 641 No Known Exploit
high severity Uncontrolled resource consumption
SNYK-JS-BRACES-6838727		 641 Proof of Concept
high severity Improper Verification of Cryptographic Signature
SNYK-JS-BROWSERIFYSIGN-6037026		 641 No Known Exploit
high severity Improper Input Validation
SNYK-JS-FOLLOWREDIRECTS-6141137		 641 Proof of Concept
medium severity Prototype Pollution
SNYK-JS-JSON5-3182856		 641 Proof of Concept
medium severity Prototype Pollution
SNYK-JS-JSON5-3182856		 641 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-2342073		 641 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-2342082		 641 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-3050818		 641 No Known Exploit
medium severity Information Exposure
SNYK-JS-FOLLOWREDIRECTS-6444610		 641 Proof of Concept
low severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-WORDWRAP-3149973		 641 Proof of Concept
critical severity Improper Verification of Cryptographic Signature
SNYK-JS-ELLIPTIC-7577916		 641 Proof of Concept
critical severity Improper Verification of Cryptographic Signature
SNYK-JS-ELLIPTIC-7577917		 641 Proof of Concept
critical severity Improper Verification of Cryptographic Signature
SNYK-JS-ELLIPTIC-7577918		 641 Proof of Concept
Release notes
Package name: marked
  • 14.0.0 - 2024-08-07

    14.0.0 (2024-08-07)

    Bug Fixes

    BREAKING CHANGES

    • Remove old renderer
    • throw an error if async: false is set when an extension sets async: true
  • 13.0.3 - 2024-07-28

    13.0.3 (2024-07-28)

    Bug Fixes

    • fix recursion-like stack overflow error caused by the old render… (#3380) (89af0b8)
  • 13.0.2 - 2024-07-04

    13.0.2 (2024-07-04)

    Bug Fixes

  • 13.0.1 - 2024-06-24

    13.0.1 (2024-06-24)

    Bug Fixes

  • 13.0.0 - 2024-06-12

    13.0.0 (2024-06-12)

    Bug Fixes

    • Fix blockquote code continuation (#3264) (7ab8185)
    • Add parser as a property on the Renderer object (#3291)
    • Send block text tokens to the text renderer (#3291)

    Features

    • Send token objects to renderers (#3291) (1ce59ea)
    • Add space renderer that returns empty string by default (#3291)
    • Add header and align properties to TableCell token (#3291)
    • Add TableRow token (#3291)
    • Add Checkbox token (#3291)

    BREAKING CHANGES

    • Add space token after blockquote and hr if there are multiple newlines
    • Send token objects to renderers and move logic to parse tokens from the parser to the renderers.

      • Most extensions that update marked renderers should still work with this version but will break in a future major version.

      • Extensions that change marked renderers will need to be updated and use new option useNewRenderer and accept a token object instead of multiple parameters. See updated Renderer docs

        // v12 renderer extension

        const extension = {
        renderer: {
        heading(text, level) {
        // increase level by 1
        return &lt;h<span class="pl-s1"><span class="pl-kos">${</span><span class="pl-s1">level</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span><span class="pl-kos">}</span></span>&gt;<span class="pl-s1"><span class="pl-kos">${</span><span class="pl-s1">text</span><span class="pl-kos">}</span></span>&lt;/h<span class="pl-s1"><span class="pl-kos">${</span><span class="pl-s1">level</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span><span class="pl-kos">}</span></span>&gt;;
        }
        }
        };

        marked.use(extension);

        // v13 renderer extension

        const extension = {
        useNewRenderer: true,
        renderer: {
        heading(token) {
        // increase depth by 1
        const text = this.parser.parseInline(token.tokens);
        const level = token.depth;
        return &lt;h<span class="pl-s1"><span class="pl-kos">${</span><span class="pl-s1">level</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span><span class="pl-kos">}</span></span>&gt;<span class="pl-s1"><span class="pl-kos">${</span><span class="pl-s1">text</span><span class="pl-kos">}</span></span>&lt;/h<span class="pl-s1"><span class="pl-kos">${</span><span class="pl-s1">level</span> <span class="pl-c1">+</span> <span class="pl-c1">1</span><span class="pl-kos">}</span></span>&gt;;
        }
        }
        };

        marked.use(extension);

  • 12.0.2 - 2024-04-19

    12.0.2 (2024-04-19)

    Bug Fixes

  • 12.0.1 - 2024-03-06

    12.0.1 (2024-03-06)

    Bug Fixes

  • 12.0.0 - 2024-02-03

    12.0.0 (2024-02-03)

    Bug Fixes

    BREAKING CHANGES

    • changes to spec
    • Update HTML block tags: add search, remove source
    • Update punctuation to include unicode punctuation and symbol categories
    • Update HTML comment to include <!--> and <!--->
  • 11.2.0 - 2024-01-27

    11.2.0 (2024-01-27)

    Bug Fixes

    Features

  • 11.1.1 - 2023-12-31

    11.1.1 (2023-12-31)

    Bug Fixes

    • improve lexing inline elements step's performance (#3146) (4f87b2a)
  • 11.1.0 - 2023-12-12
  • 11.0.1 - 2023-12-08
  • 11.0.0 - 2023-11-29
  • 10.0.0 - 2023-11-11
  • 9.1.6 - 2023-11-10
  • 9.1.5 - 2023-11-02
  • 9.1.4 - 2023-10-31
  • 9.1.3 - 2023-10-28
  • 9.1.2 - 2023-10-13
  • 9.1.1 - 2023-10-11
  • 9.1.0 - 2023-10-05
  • 9.0.3 - 2023-09-18
  • 9.0.2 - 2023-09-16
  • 9.0.1 - 2023-09-15
  • 9.0.0 - 2023-09-09
  • 8.0.1 - 2023-09-06
  • 8.0.0 - 2023-09-03
  • 7.0.5 - 2023-08-26
  • 7.0.4 - 2023-08-19
  • 7.0.3 - 2023-08-15
  • 7.0.2 - 2023-08-10
  • 7.0.1 - 2023-08-07
  • 7.0.0 - 2023-08-06
  • 6.0.0 - 2023-07-31
  • 5.1.2 - 2023-07-25
  • 5.1.1 - 2023-07-07
  • 5.1.0 - 2023-06-10
  • 5.0.5 - 2023-06-07
  • 5.0.4 - 2023-05-30
  • 5.0.3 - 2023-05-26
  • 5.0.2 - 2023-05-11
  • 5.0.1 - 2023-05-06
  • 5.0.0 - 2023-05-02
  • 4.3.0 - 2023-03-22
  • 4.2.12 - 2023-01-14
  • 4.2.11 - 2023-01-14
  • 4.2.10 - 2023-01-14
  • 4.2.9 - 2023-01-14
  • 4.2.8 - 2023-01-14
  • 4.2.7 - 2023-01-14
  • 4.2.6 - 2023-01-14
  • 4.2.5 - 2022-12-23
  • 4.2.4 - 2022-12-07
  • 4.2.3 - 2022-11-20
  • 4.2.2 - 2022-11-05
  • 4.2.1 - 2022-11-02
  • 4.2.0 - 2022-10-31
  • 4.1.1 - 2022-10-01
  • 4.1.0 - 2022-08-30
  • 4.0.19 - 2022-08-21
  • 4.0.18 - 2022-07-11
  • 4.0.17 - 2022-06-13
  • 4.0.16 - 2022-05-17
  • 4.0.15 - 2022-05-02
  • 4.0.14 - 2022-04-11
  • 4.0.13 - 2022-04-08
  • 4.0.12 - 2022-01-27
  • 4.0.11 - 2022-01-26
  • 4.0.10 - 2022-01-13
  • 4.0.9 - 2022-01-06
  • 4.0.8 - 2021-12-19
  • 4.0.7 - 2021-12-09
  • 4.0.6 - 2021-12-02
  • 4.0.5 - 2021-11-25
  • 4.0.4 - 2021-11-19
  • 4.0.3 - 2021-11-13
  • 4.0.2 - 2021-11-12
  • 4.0.1 - 2021-11-11
  • 4.0.0 - 2021-11-02

    14.0.0 (2024-08-07)

    Bug Fixes

    BREAKING CHANGES

    • Remove old renderer
    • throw an error if async: false is set when an extension sets async: true
  • 3.0.8 - 2021-10-24
from marked GitHub release notes

Important

  • Warning: This PR contains a major version upgrade, and may be a breaking change.
  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
feat: upgrade marked from 3.0.8 to 14.0.0
9a1ff35 
Snyk has created this PR to upgrade marked from 3.0.8 to 14.0.0.

See this package in npm:
marked

See this project in Snyk:
https://app.snyk.io/org/sec32fun32/project/c1ed0054-c0cc-421b-96f7-6a45fee0b6d1?utm_source=github&utm_medium=referral&page=upgrade-pr
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
PA: Code review pending
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Sec32fun32 @snyk-bot