[Snyk] Upgrade marked from 0.3.5 to 4.3.0 #507

snyk-bot · 2023-04-21T05:41:26Z

Snyk has created this PR to upgrade marked from 0.3.5 to 4.3.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

The recommended version is 94 versions ahead of your current version.
The recommended version was released a month ago, on 2023-03-22.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Cross-site Scripting (XSS) npm:marked:20150520	654/1000 Why? Has a fix available, CVSS 8.8	No Known Exploit
Cross-site Scripting (XSS) npm:marked:20170112	654/1000 Why? Has a fix available, CVSS 8.8	No Known Exploit
Cross-site Scripting (XSS) npm:marked:20170815	654/1000 Why? Has a fix available, CVSS 8.8	No Known Exploit
Regular Expression Denial of Service (ReDoS) npm:marked:20170907	654/1000 Why? Has a fix available, CVSS 8.8	No Known Exploit
Regular Expression Denial of Service (ReDoS) npm:marked:20180225	654/1000 Why? Has a fix available, CVSS 8.8	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-174116	654/1000 Why? Has a fix available, CVSS 8.8	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342073	654/1000 Why? Has a fix available, CVSS 8.8	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342082	654/1000 Why? Has a fix available, CVSS 8.8	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-451540	654/1000 Why? Has a fix available, CVSS 8.8	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-584281	654/1000 Why? Has a fix available, CVSS 8.8	No Known Exploit
Cross-site Scripting (XSS) npm:marked:20170815-1	654/1000 Why? Has a fix available, CVSS 8.8	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: marked

4.3.0 - 2023-03-22
4.3.0 (2023-03-22)

Bug Fixes
- always return promise if async (#2728) (042dcc5)
- fenced code doesn't need a trailing newline (#2756) (3acbb7f)
Features
- add preprocess and postprocess hooks (#2730) (9b452bc)
4.2.12 - 2023-01-14
4.2.12 (2023-01-14)

Sorry for all of the quick releases. We were testing out different ways to build the files for releases. v4.2.5 - v4.2.12 have no changes to how marked works. The only addition is the version number in the comment in the build files.

Bug Fixes
- revert to build script in ci (d2ab474)
4.2.11 - 2023-01-14
4.2.11 (2023-01-14)

Bug Fixes
- just build in version (22ac2cf)
4.2.10 - 2023-01-14
4.2.10 (2023-01-14)

Bug Fixes
- use version (fd759b3)
4.2.9 - 2023-01-14
4.2.9 (2023-01-14)

Bug Fixes
- fix version (96380c3)
4.2.8 - 2023-01-14
4.2.8 (2023-01-14)

Bug Fixes
- build in postversion for build file version (60c3b7f)
4.2.7 - 2023-01-14
4.2.7 (2023-01-14)

Bug Fixes
- fix build file version (94fa76f)
4.2.6 - 2023-01-14
4.2.6 (2023-01-14)

Bug Fixes
- add version to build files (79b8c0b)
4.2.5 - 2022-12-23
4.2.5 (2022-12-23)

Bug Fixes
- fix paragraph continuation after block element (#2686) (1bbda68)
- fix tabs at beginning of list items (#2679) (e692634)
4.2.4 - 2022-12-07
4.2.4 (2022-12-07)

Bug Fixes
- loose list items are loose (#2672) (df4eb0e)
- remove quotes at the end of gfm autolink (#2673) (697ac2a)
- use paragraph token in blockquote in list (#2671) (edc857c)
4.2.3 - 2022-11-20
4.2.2 - 2022-11-05
4.2.1 - 2022-11-02
4.2.0 - 2022-10-31
4.1.1 - 2022-10-01
4.1.0 - 2022-08-30
4.0.19 - 2022-08-21
4.0.18 - 2022-07-11
4.0.17 - 2022-06-13
4.0.16 - 2022-05-17
4.0.15 - 2022-05-02
4.0.14 - 2022-04-11
4.0.13 - 2022-04-08
4.0.12 - 2022-01-27
4.0.11 - 2022-01-26
4.0.10 - 2022-01-13
4.0.9 - 2022-01-06
4.0.8 - 2021-12-19
4.0.7 - 2021-12-09
4.0.6 - 2021-12-02
4.0.5 - 2021-11-25
4.0.4 - 2021-11-19
4.0.3 - 2021-11-13
4.0.2 - 2021-11-12
4.0.1 - 2021-11-11
4.0.0 - 2021-11-02
3.0.8 - 2021-10-24
3.0.7 - 2021-10-07
3.0.6 - 2021-10-06
3.0.5 - 2021-10-06
3.0.4 - 2021-09-14
3.0.3 - 2021-09-08
3.0.2 - 2021-08-25
3.0.1 - 2021-08-23
3.0.0 - 2021-08-16
2.1.3 - 2021-06-25
2.1.2 - 2021-06-22
2.1.1 - 2021-06-16
2.1.0 - 2021-06-15
2.0.7 - 2021-06-01
2.0.6 - 2021-05-27
2.0.5 - 2021-05-21
2.0.4 - 2021-05-20
2.0.3 - 2021-04-11
2.0.2 - 2021-04-10
2.0.1 - 2021-02-27
2.0.0 - 2021-02-07
1.2.9 - 2021-02-03
1.2.8 - 2021-01-26
1.2.7 - 2020-12-15
1.2.6 - 2020-12-10
1.2.5 - 2020-11-19
1.2.4 - 2020-11-15
1.2.3 - 2020-11-04
1.2.2 - 2020-10-21
1.2.1 - 2020-10-21
1.2.0 - 2020-09-28
1.1.2 - 2020-10-21
1.1.1 - 2020-07-14
1.1.0 - 2020-05-16
1.0.0 - 2020-04-21
0.8.2 - 2020-03-22
0.8.1 - 2020-03-18
0.8.0 - 2019-12-12
0.7.0 - 2019-07-06
0.6.3 - 2019-06-30
0.6.2 - 2019-04-05
0.6.1 - 2019-02-19
0.6.0 - 2019-01-01
0.5.2 - 2018-11-20
0.5.1 - 2018-09-26
0.5.0 - 2018-08-16
0.4.0 - 2018-05-21
0.3.19 - 2018-03-26
0.3.18 - 2018-03-22
0.3.17 - 2018-02-27
0.3.16 - 2018-02-20
0.3.15 - 2018-02-19
0.3.14 - 2018-02-16
0.3.13 - 2018-02-16
0.3.12 - 2018-01-09
0.3.9 - 2017-12-23
0.3.7 - 2017-12-01
0.3.6 - 2016-07-30
0.3.5 - 2015-07-31

from marked GitHub release notes

Commit messages

Package name: marked

d65cf63 chore(release): 4.3.0 [skip ci]
28f4342 🗜️ build v4.3.0 [skip ci]
9b452bc feat: add preprocess and postprocess hooks ([Snyk] Upgrade qs from 0.0.6 to 6.11.2 #2730)
042dcc5 fix: always return promise if async ([Snyk] Upgrade org.apache.logging.log4j:log4j-core from 2.22.0 to 2.23.0 #2728)
3acbb7f fix: fenced code doesn't need a trailing newline ([Snyk] Upgrade tap from 18.6.1 to 18.7.0 #2756)
d1f1319 chore(deps-dev): Bump rollup from 3.19.1 to 3.20.0 ([Snyk] Upgrade @snyk/protect from 1.1117.0 to 1.1280.1 #2760)
0ced8a5 chore(deps-dev): Bump jasmine from 4.5.0 to 4.6.0 ([Snyk] Upgrade semver from 2.3.2 to 7.6.0 #2758)
a5bbe19 chore(deps-dev): Bump @ babel/core from 7.21.0 to 7.21.3 ([Snyk] Upgrade tap from 18.6.1 to 18.7.0 #2761)
00f6e2a chore(deps-dev): Bump semantic-release from 20.1.1 to 20.1.3 ([Snyk] Upgrade snyk from 1.1150.0 to 1.1280.1 #2759)
8c7bca8 chore(deps-dev): Bump node-fetch from 3.3.0 to 3.3.1 ([Snyk] Upgrade qs from 0.0.6 to 6.11.2 #2754)
e086dac chore(deps-dev): Bump eslint from 8.35.0 to 8.36.0 ([Snyk] Upgrade qs from 0.0.6 to 6.11.2 #2753)
c98dbcf chore(deps-dev): Bump rollup from 3.18.0 to 3.19.1 ([Snyk] Upgrade qs from 0.0.6 to 6.11.2 #2752)
6164fb6 docs: Explain how to get an instance of `Slugger` ([Snyk] Upgrade tap from 18.0.4 to 18.7.0 #2750)
f12568e chore(deps-dev): Bump semantic-release from 20.1.0 to 20.1.1 ([Snyk] Upgrade tap from 18.6.1 to 18.7.0 #2749)
c571cd8 chore(deps-dev): Bump rollup from 3.17.3 to 3.18.0 ([Snyk] Upgrade qs from 0.0.6 to 6.11.2 #2748)
75f66c8 chore(deps-dev): Bump eslint from 8.34.0 to 8.35.0 ([Snyk] Upgrade qs from 0.0.6 to 6.11.2 #2743)
5084f9d chore(deps-dev): Bump rollup from 3.17.2 to 3.17.3 ([Snyk] Upgrade tap from 11.1.3 to 18.7.0 #2742)
6962b8a chore(deps-dev): Bump @ babel/core from 7.20.12 to 7.21.0 ([Snyk] Upgrade qs from 0.0.6 to 6.11.2 #2738)
2b61d8d chore(deps-dev): Bump rollup from 3.15.0 to 3.17.2 ([Snyk] Upgrade qs from 0.0.6 to 6.11.2 #2739)
3736b6f chore(deps-dev): Bump rollup from 3.14.0 to 3.15.0 ([Snyk] Upgrade qs from 6.9.4 to 6.11.2 #2732)
248a097 chore(deps-dev): Bump eslint from 8.33.0 to 8.34.0 ([Snyk] Upgrade qs from 0.0.6 to 6.11.2 #2731)
e1a502f chore(deps-dev): Bump rollup from 3.12.0 to 3.14.0 ([Snyk] Upgrade qs from 0.0.6 to 6.11.2 #2729)
79239e4 chore(deps-dev): Bump semantic-release from 20.0.3 to 20.1.0 ([Snyk] Upgrade qs from 0.0.6 to 6.11.2 #2724)
97f7243 chore(deps-dev): Bump rollup from 3.10.1 to 3.12.0 ([Snyk] Upgrade qs from 0.0.6 to 6.11.2 #2725)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade marked from 0.3.5 to 4.3.0. See this package in npm: https://www.npmjs.com/package/marked See this project in Snyk: https://app.snyk.io/org/zezo2019/project/fc24b3cb-38a3-4a18-9011-96d7631d8d20?utm_source=github&utm_medium=referral&page=upgrade-pr

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade marked from 0.3.5 to 4.3.0 #507

[Snyk] Upgrade marked from 0.3.5 to 4.3.0 #507

snyk-bot commented Apr 21, 2023

4.3.0 (2023-03-22)

Bug Fixes

Features

4.2.12 (2023-01-14)

Bug Fixes

4.2.11 (2023-01-14)

Bug Fixes

4.2.10 (2023-01-14)

Bug Fixes

4.2.9 (2023-01-14)

Bug Fixes

4.2.8 (2023-01-14)

Bug Fixes

4.2.7 (2023-01-14)

Bug Fixes

4.2.6 (2023-01-14)

Bug Fixes

4.2.5 (2022-12-23)

Bug Fixes

4.2.4 (2022-12-07)

Bug Fixes

[Snyk] Upgrade marked from 0.3.5 to 4.3.0 #507

Are you sure you want to change the base?

[Snyk] Upgrade marked from 0.3.5 to 4.3.0 #507

Conversation

snyk-bot commented Apr 21, 2023

Snyk has created this PR to upgrade marked from 0.3.5 to 4.3.0.

4.3.0 (2023-03-22)

Bug Fixes

Features

4.2.12 (2023-01-14)

Bug Fixes

4.2.11 (2023-01-14)

Bug Fixes

4.2.10 (2023-01-14)

Bug Fixes

4.2.9 (2023-01-14)

Bug Fixes

4.2.8 (2023-01-14)

Bug Fixes

4.2.7 (2023-01-14)

Bug Fixes

4.2.6 (2023-01-14)

Bug Fixes

4.2.5 (2022-12-23)

Bug Fixes

4.2.4 (2022-12-07)

Bug Fixes