This repository has been archived by the owner on Feb 5, 2022. It is now read-only.
fix(deps): update dependency showdown to v1 [security] #27
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
0.3.1
->1.9.1
GitHub Vulnerability Alerts
GHSA-h6mq-3cj6-h738
Versions of
showdown
prior to 1.9.1 are vulnerable to Reverse Tabnabbing. The package usestarget='_blank'
in anchor tags, allowing attackers to accesswindow.opener
for the original page when opening links. This is commonly used for phishing attacks.Recommendation
Upgrade to version 1.9.1 or later.
Release Notes
showdownjs/showdown
v1.9.1
Compare Source
Bug Fixes
Dependecy update
v1.9.0
Compare Source
Version 1.9.0 introduces a new feature, the Markdown to HTML converter. This feature is still experimental and is a partial backport of the new Reverse Converter planned for version 2.0.
Bug Fixes
Features
v1.8.7
Compare Source
Bug Fixes
emojis: fix emoji excessive size (4aca41c)
gfm-codeblocks: add support for spaces before language declaration (24bf7b1), closes #569
leading space no longer breaks gfm codeblocks (828c32f), closes #523
images: fix js error when using image references (980e702), closes #585
literalMidWordAsterisks: now parses single characters enclosed by * correctly (fe70e45), closes #478
mentions: allow for usernames with dot, underscore and dash (dfeb1e2), closes #574
nbsp: fix replacing of nbsp with regular spaces (8bc1f42)
v1.8.6
Compare Source
Features
v1.8.5
Compare Source
Features
1.8.4 (2017-12-05)
Bug Fixes
1.8.3 (2017-11-28)
Bug Fixes
1.8.2 (2017-11-11)
Bug Fixes
1.8.1 (2017-11-01)
Dependencies update
Bug Fixes
v1.8.4
Compare Source
Bug Fixes
v1.8.3
Compare Source
Bug Fixes
v1.8.2
Compare Source
Bug Fixes
v1.8.1
Compare Source
Dependencies update
Bug Fixes
v1.8.0
Compare Source
NOTICE
Don't use the CDNjs version of this release. See issue #452 for more details.
Bug Fixes
Features
ellipsis: add auto-ellipsis support (25f1978)
Example:
input
output
emoji: add emoji support through option
emoji
(5b8f1d3), closes #448Usage:
Example:
input
this is a smile :smile: emoji
output
start ordered lists at an arbitrary number: add support for defining the first item number of ordered lists (9cdc35e), closes #377
Example:
input
output
underline: add EXPERIMENTAL support for underline (084b819), closes #450
Usage:
Example:
input
output
Note: With this option enabled, underscore no longer parses as
<em>
or<strong>
BREAKING CHANGES
list output may differ.
1.7.6 (2017-10-06)
Bug Fixes
1.7.5 (2017-10-02)
Bug Fixes
1.7.4 (2017-09-08)
Bug Fixes
Features
1.7.3 (2017-08-23)
Bug Fixes
Features
1.7.2 (2017-08-05)
Bug Fixes
Features
1.7.1 (2017-06-02)
Important HOTFIX
Bug Fixes
1.7.0 (2017-06-01)
(DEPRECATED)
Bug Fixes
Features
1.6.4 (2017-02-06)
Bug Fixes
prefixHeaderId
string be parsed along the generated id (f641a7d)Features
1.6.3 (2017-01-30)
Bug Fixes
Features
1.6.2 (2017-01-29)
Bug Fixes
Features
1.6.1 (2017-01-28)
Bug Fixes
Features
Notes
This release also improves performance a bit (around 8%)
1.6.0 (2017-01-09)
Bug Fixes
Features
BREAKING CHANGES:
CLI tool now uses the same option defaults as showdown main library. This mean
the default flavor is vanilla and ghCodeBlocks options is enabled by default.
To update, add
--ghCodeBlocks="false"
to the command.1.5.5 (2016-12-30)
Features
1.5.4 (2016-12-21)
Bug Fixes
1.5.3 (2016-12-19)
Bug Fixes
Features
#
and header text mandatory (5d19877), closes #2771.5.2 (2016-12-17)
Bug Fixes
1.5.1 (2016-12-01)
Features
. This option enables linebreaks to always be treated as
<br />
tagswithout needing to add spaces in front of the line, the same way GitHub does. (0942b5e), closes #206
1.5.0 (2016-11-11)
Bug Fixes
Features
BREAKING CHANGES
syntax for sublists is now more restrictive. Before, sublists SHOULD be indented by 4 spaces, but indenting at least 2 spaces would work.
Now, sublists MUST be indented 4 spaces or they won't work.
With this input:
Before (output):
After (output):
To migrate either fix source md files or activate the option
disableForced4SpacesIndentedSublists
:1.4.4 (2016-11-02)
Bug Fixes
1.4.3 (2016-08-19)
Bug Fixes
1.4.2 (2016-06-21)
Bug Fixes
Features
1.4.1 (2016-05-17)
Bug Fixes
1.4.0 (2016-05-13)
Bug Fixes
Features
1.3.0 (2015-10-19)
Bug Fixes
Features
<a name"1.2.3">
1.2.3 (2015-08-27)
Bug Fixes
<a name"1.2.2">
1.2.2 (2015-08-02)
Bug Fixes
<a name"1.2.1">
1.2.1 (2015-07-22)
Features
Bug Fixes
tables:
italicsAndBold:
codeSpans: Fix issue with code html tags not being correctly escaped (5f043ca)
images: fix alt attribute not being escaped correctly (542194e)
<a name"1.2.0">
1.2.0 (2015-07-13)
This release moves some of the most popular extensions (such as table-extension and github-extension) to core.
Also introduces a simple cli tool that you can use to quickly convert markdown files into html.
Bug Fixes
Features
<a name"1.1.0">
1.1.0 (2015-06-18)
Bug Fixes
Features
Breaking Changes
showdown.extensions
property. To migrate, extensions should use the new methodshowdown.extension(<ext name>, <extension>)
to register.For more information on the new extension loading mechanism, please check the wiki pages.
(4ebd0caa)
<a name"1.0.2">
1.0.2 (2015-05-28)
Bug Fixes
with showdown(5315508. Credits to Alexandre Courtiol.
<a name"1.0.1">
1.0.1 (2015-05-27)
Bug Fixes
<a name"1.0.0">
1.0.0 (2015-05-27)
Release Information
This is a major code refactor with some big changes such as:
is kept so old extensions should be compatible.
Bug Fixes
closes #50,#56,
#104, #108,
#109, #111,
#118, #122
Features
The system, however, is not final and will probably be changed until the final version([
0fd10cb
] (http://github.com/showdownjs/showdown/commit/0fd10cb))Breaking Changes
NAMESPACE: showdown's namespace changed.
To migrate your code you should update all references to
Showdown
withshowdown
.Converter: converter reference changed from
converter
toConverter
.To migrate you should update all references to
Showdown.converter
withshowdown.Converter
angular: angular integration was removed from core and now lives in it's own repository.
If you're using angular integration, you should install ng-showdown. Ex:
bower install ng-showdown
extensions: showdown extensions were removed from core package and now live in their own repository. See the project's github page for available extensions
v1.7.6
Compare Source
Bug Fixes
v1.7.5
Compare Source
Bug Fixes
v1.7.4
Compare Source
Bug Fixes
Features
v1.7.3
Compare Source
Bug Fixes
Features
v1.7.2
Compare Source
Bug Fixes
Features
v1.7.1
Compare Source
Important HOTFIX
Bug Fixes
v1.7.0
Compare Source
(DEPRECATED)
Bug Fixes
Features
v1.6.4
Compare Source
Bug Fixes
prefixHeaderId
string be parsed along the generated id (f641a7d)Features
v1.6.3
Compare Source
Bug Fixes
Features
v1.6.2
Compare Source
Bug Fixes
Features
v1.6.1
Compare Source
Bug Fixes
Features
Configuration
📅 Schedule: "" (UTC).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.