[Snyk] Upgrade marked from 5.0.1 to 5.1.2 #1478

akroon3r · 2023-08-15T21:18:26Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade marked from 5.0.1 to 5.1.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 7 versions ahead of your current version.
The recommended version was released 22 days ago, on 2023-07-25.

Release notes

Package name: marked

5.1.2 - 2023-07-25
5.1.2 (2023-07-25)

Bug Fixes
- Add support for Node 16 (#2886) (e465ce4)
5.1.1 - 2023-07-07
5.1.1 (2023-07-07)

Bug Fixes
- fix typo (#2870) (e6a7184)
5.1.0 - 2023-06-10
5.1.0 (2023-06-10)

Bug Fixes
- Simplify unicode punctuation (#2841) (f19fe76)
Features
- add Marked instance (#2831) (353e13b)
5.0.5 - 2023-06-07
5.0.5 (2023-06-07)

Bug Fixes
- Fix more Escape conflicts (#2838) (f879a23)
5.0.4 - 2023-05-30
5.0.4 (2023-05-30)

Bug Fixes
- Add Unicode punctuations (#2811) (b213f02)
- fix hr after list (#2809) (efc40df)
- Replace custom repeatString function with repeat() (#2820) (72ee2d6)
5.0.3 - 2023-05-26
5.0.3 (2023-05-26)

Bug Fixes
- fix quadratic execution in em mask (#2818) (a37fe8e)
5.0.2 - 2023-05-11
5.0.2 (2023-05-11)

Bug Fixes
- Clarify deprecation messages for default parameters (#2802) (763e9de)
5.0.1 - 2023-05-06
5.0.1 (2023-05-06)

Bug Fixes
- only warn if langPrefix is changed (#2796) (d193694)
  The deprecated options warnings can be turned off by default by using:
```
marked.use({
  mangle: false,
  headerIds: false,
});
```
  For the cli you can use:
```
marked --no-mangle --no-header-ids ...
```

from marked GitHub release notes

Commit messages

Package name: marked

929d235 chore(release): 5.1.2 [skip ci]
a33ed06 🗜️ build v5.1.2 [skip ci]
e465ce4 fix: Add support for Node 16 (#2886)
ab23e19 chore(deps-dev): Bump jasmine from 5.0.2 to 5.1.0 (#2887)
c69b62b chore(deps-dev): Bump @ babel/preset-env from 7.22.7 to 7.22.9 (#2880)
76a2103 chore(deps-dev): Bump @ semantic-release/github from 9.0.3 to 9.0.4 (#2882)
af881c1 chore(deps-dev): Bump @ babel/core from 7.22.8 to 7.22.9 (#2881)
c68be89 chore(deps-dev): Bump rollup from 3.26.2 to 3.26.3 (#2884)
f59fd2a chore(deps-dev): Bump eslint from 8.44.0 to 8.45.0 (#2883)
48daab1 docs: Add raito to the list of tools (#2878)
9a3d089 chore(deps-dev): Bump @ babel/core from 7.22.5 to 7.22.8 (#2874)
3851a71 chore(deps-dev): Bump rollup from 3.26.0 to 3.26.2 (#2876)
5a53a95 chore(deps-dev): Bump semantic-release from 21.0.6 to 21.0.7 (#2875)
53ae7bd chore(deps-dev): Bump @ babel/preset-env from 7.22.5 to 7.22.7 (#2873)
13cbdf5 chore(deps-dev): Bump @ semantic-release/release-notes-generator from 11.0.3 to 11.0.4 (#2872)
19b8ced chore(release): 5.1.1 [skip ci]
eaa232d 🗜️ build v5.1.1 [skip ci]
e6a7184 fix: fix typo (#2870)
16533f5 chore(deps-dev): Bump semantic-release from 21.0.5 to 21.0.6 (#2866)
a99ca4f chore(deps-dev): Bump rollup from 3.25.2 to 3.26.0 (#2867)
900ff10 chore(deps-dev): Bump eslint from 8.43.0 to 8.44.0 (#2868)
884c782 chore(deps-dev): Bump eslint-plugin-n from 15.7.0 to 16.0.1 (#2859)
805aa9a chore(deps-dev): Bump jasmine from 5.0.1 to 5.0.2 (#2858)
2964347 chore(deps-dev): Bump rollup from 3.25.1 to 3.25.2 (#2857)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade marked from 5.0.1 to 5.1.2. See this package in npm: https://www.npmjs.com/package/marked See this project in Snyk: https://app.snyk.io/org/akroon3r/project/255a6757-57ca-4fe1-abe9-096edb5e5ca8?utm_source=github&utm_medium=referral&page=upgrade-pr

github-actions · 2023-08-15T21:19:13Z

# npm audit report

mockery  *
Severity: critical
mockery is vulnerable to prototype pollution - https://github.com/advisories/GHSA-gmwp-3pwc-3j3g
fix available via `npm audit fix --force`
Will install wdio-cucumberjs-json-reporter@1.0.4, which is a breaking change
node_modules/mockery
  @wdio/cucumber-framework  *
  Depends on vulnerable versions of @cucumber/cucumber
  Depends on vulnerable versions of mockery
  node_modules/@wdio/cucumber-framework
    wdio-cucumberjs-json-reporter  >=1.0.5
    Depends on vulnerable versions of @wdio/cucumber-framework
    node_modules/wdio-cucumberjs-json-reporter

semver  <=5.7.1 || 6.0.0 - 6.3.0 || 7.0.0 - 7.5.1
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix --force`
Will install wdio-cucumberjs-json-reporter@1.0.4, which is a breaking change
node_modules/@babel/core/node_modules/semver
node_modules/@babel/helper-compilation-targets/node_modules/semver
node_modules/@babel/helper-create-class-features-plugin/node_modules/semver
node_modules/@babel/helper-create-regexp-features-plugin/node_modules/semver
node_modules/@babel/helper-define-polyfill-provider/node_modules/semver
node_modules/@babel/preset-env/node_modules/semver
node_modules/@jest/core/node_modules/semver
node_modules/babel-plugin-istanbul/node_modules/semver
node_modules/babel-plugin-polyfill-corejs2/node_modules/semver
node_modules/cac/node_modules/semver
node_modules/eslint-config-airbnb-base/node_modules/semver
node_modules/eslint-plugin-jsx-a11y/node_modules/semver
node_modules/eslint-plugin-react/node_modules/semver
node_modules/istanbul-lib-report/node_modules/semver
node_modules/make-dir/node_modules/semver
node_modules/read-pkg-up/node_modules/semver
node_modules/semver
  @cucumber/cucumber  8.0.0-rc.1 - 9.2.0
  Depends on vulnerable versions of semver
  node_modules/@cucumber/cucumber

word-wrap  <1.2.4
Severity: moderate
word-wrap vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-j8xg-fqg3-53r7
fix available via `npm audit fix`
node_modules/word-wrap

6 vulnerabilities (3 moderate, 3 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

akroon3r requested review from antsand, Bottle7, BradyMitch, NoorChasib and JieunSon96 as code owners August 15, 2023 21:18

github-actions bot requested review from binggaofw and kushal-arora-fw August 15, 2023 21:18

github-actions bot added the DPIA API PR contains changes to DPIA API label Aug 15, 2023

github-actions bot assigned akroon3r Aug 15, 2023

BradyMitch approved these changes Aug 21, 2023

View reviewed changes

BradyMitch merged commit 239cc8d into main Aug 21, 2023
8 of 9 checks passed

BradyMitch deleted the snyk-upgrade-60c9f0dad41a149b88c76abd6d2ce535 branch August 21, 2023 16:38

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade marked from 5.0.1 to 5.1.2 #1478

[Snyk] Upgrade marked from 5.0.1 to 5.1.2 #1478

akroon3r commented Aug 15, 2023

5.1.2 (2023-07-25)

Bug Fixes

5.1.1 (2023-07-07)

Bug Fixes

5.1.0 (2023-06-10)

Bug Fixes

Features

5.0.5 (2023-06-07)

Bug Fixes

5.0.4 (2023-05-30)

Bug Fixes

5.0.3 (2023-05-26)

Bug Fixes

5.0.2 (2023-05-11)

Bug Fixes

5.0.1 (2023-05-06)

Bug Fixes

github-actions bot commented Aug 15, 2023

[Snyk] Upgrade marked from 5.0.1 to 5.1.2 #1478

[Snyk] Upgrade marked from 5.0.1 to 5.1.2 #1478

Conversation

akroon3r commented Aug 15, 2023

Snyk has created this PR to upgrade marked from 5.0.1 to 5.1.2.

5.1.2 (2023-07-25)

Bug Fixes

5.1.1 (2023-07-07)

Bug Fixes

5.1.0 (2023-06-10)

Bug Fixes

Features

5.0.5 (2023-06-07)

Bug Fixes

5.0.4 (2023-05-30)

Bug Fixes

5.0.3 (2023-05-26)

Bug Fixes

5.0.2 (2023-05-11)

Bug Fixes

5.0.1 (2023-05-06)

Bug Fixes

github-actions bot commented Aug 15, 2023