Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency markdown-it to v12 #11

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update dependency markdown-it to v12 #11

wants to merge 1 commit into from

Conversation

mend-for-github-com[bot]
Copy link

@mend-for-github-com mend-for-github-com bot commented Nov 30, 2022
edited

This PR contains the following updates:

Package Type Update Change
markdown-it dependencies major 8.4.1 -> 12.3.2

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity CVSS Score CVE
Medium Medium 5.3 CVE-2022-21670

Release Notes

markdown-it/markdown-it

v12.3.2

Compare Source

Security

v12.3.1

Compare Source

Fixed
  • Fix corner case when tab prevents paragraph continuation in lists, #​830.

v12.3.0

Compare Source

Changed
  • StateInline.delimiters[].jump is removed.
Fixed
  • Fixed quadratic complexity in pathological ***<10k stars>***a***<10k stars>*** case.

v12.2.0

Compare Source

Added
  • Ordered lists: add order value to token info.
Fixed
  • Always suffix indented code block with a newline, #​799.

v12.1.0

Compare Source

Changed
  • Updated CM spec compatibility to 0.30.

v12.0.6

Compare Source

Fixed
  • Newline in alt should be rendered, #​775.

v12.0.5

Compare Source

Fixed
  • HTML block tags with === inside are no longer incorrectly interpreted as headers, #​772.
  • Fix table/list parsing ambiguity, #​767.

v12.0.4

Compare Source

Fixed
  • Fix crash introduced in 12.0.3 when processing strikethrough (~~) and similar plugins, #​742.
  • Avoid fenced token mutation, #​745.

v12.0.3

Compare Source

Fixed
  • [](<foo<bar>) is no longer a valid link.
  • [](url (xxx()) is no longer a valid link.
  • [](url\ xxx) is no longer a valid link.
  • Fix performance issues when parsing links (#​732, #​734), backticks, (#​733, #​736),
    emphases (#​735), and autolinks (#​737).
  • Allow newline in <? ... ?> in an inline context.
  • Allow <meta> html tag to appear in an inline context.

v12.0.2

Compare Source

Fixed
  • Three pipes (|\n|\n|) are no longer rendered as a table with no columns, #​724.

v12.0.1

Compare Source

Fixed
  • Fix tables inside lists indented with tabs, #​721.

v12.0.0

Compare Source

Added
  • .gitattributes, force unix eol under windows, for development.
Changed
  • Added 3rd argument to highlight(code, lang, attrs), #​626.
  • Rewrite tables according to latest GFM spec, #​697.
  • Use rollup.js to browserify sources.
  • Drop bower.json (bower reached EOL).
  • Deps bump.
  • Tune specsplit.js options.
  • Drop Makefile in favour of npm scrips.
Fixed
  • Fix mappings for table rows (amended fix made in 11.0.1), #​705.
  • %25 is no longer decoded in beautified urls, #​720.

v11.0.1

Compare Source

Fixed
  • Fix blockquote lazy newlines, #​696.
  • Fix missed mappings for table rows, #​705.

v11.0.0

Compare Source

Changed
  • Bumped linkify-it to 3.0.0, #​661 + allow unlimited . inside links.
  • Dev deps bump.
  • Switch to nyc for coverage reports.
  • Partially moved tasks from Makefile to npm scripts.
  • Automate web update on npm publish.
Fixed
  • Fix em- and en-dashes not being typographed when separated by 1 char, #​624.
  • Allow opening quote after another punctuation char in typographer, #​641.
  • Assorted wording & typo fixes.

v10.0.0

Compare Source

Security
  • Fix quadratic parse time for some combinations of pairs, #​583. Algorithm is
    now similar to one in reference implementation.
Changed
  • Minor internal structs change, to make pairs parse more effective (cost is
    linear now). If you use external "pairs" extensions, you need sync those with
    "official ones". Without update, old code will work, but can cause invalid
    result in rare case. This is the only reason of major version bump. With high probability you don't need to change your code, only update version dependency.
  • Updated changelog format.
  • Deps bump.

v9.1.0

Compare Source

Changed
  • Remove extra characters from line break check. Leave only 0x0A & 0x0D, as in
    CommonMark spec, #​581.

v9.0.1

Compare Source

Fixed
  • Fix possible corruption of open/close tag levels, #​466

v9.0.0

Compare Source

Changed
  • Updated CM spec compatibility to 0.29.
  • Update Travis-CI node version to actual (8 & latest).
  • Deps bump.

v8.4.2

Compare Source

Fixed
  • Fix --no-html CLI option, #​476.
  • If you want to rebase/retry this PR, click this checkbox.

@mend-for-github-com mend-for-github-com bot added the security fix Security fix generated by Mend label Nov 30, 2022
@mend-for-github-com mend-for-github-com bot changed the title Update dependency markdown-it to v12 Update dependency markdown-it to v12 - autoclosed Dec 4, 2022
@mend-for-github-com mend-for-github-com bot deleted the whitesource-remediate/markdown-it-12.x branch December 4, 2022 07:58
@mend-for-github-com mend-for-github-com bot changed the title Update dependency markdown-it to v12 - autoclosed Update dependency markdown-it to v12 Dec 4, 2022
@mend-for-github-com mend-for-github-com bot reopened this Dec 4, 2022
@mend-for-github-com mend-for-github-com bot restored the whitesource-remediate/markdown-it-12.x branch December 4, 2022 08:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
security fix Security fix generated by Mend
Projects
None yet
Milestone
No milestone
0 participants