[1.3][CVE-2022-21670] Bump markdown-it from 10.0.0 to 12.3.2 #5016
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backport from #1140.
With the
SemVer
philosophy, when releasing a patch version, it should not introduce breaking changes, which includes bumping a dependency to its major version. Thismarkdown-it
is a devDependency and the two major bump doesn't include breaking changes affecting OSD usages. Meanwhile, it is not included in release artifact.Issues Resolved
CVE-2022-21670
Check List
yarn test:jest
yarn test:jest_integration
yarn test:ftr