Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: upgrade marked to resolve ReDos vulnerability #2330

Merged
merged 4 commits into from Jan 17, 2022
Merged

fix: upgrade marked to resolve ReDos vulnerability #2330

merged 4 commits into from Jan 17, 2022

Commits on Jan 15, 2022

  1. fix: bump marked from 2.0.1 to 4.0.10 

    This addresses GHSA-rrrm-qjm4-v8hf.
GHSA-rrrm-qjm4-v8hf

Accommodate breaking change in index.js. (Use marked.parse() instead of
marked().)

Bumps [marked](https://github.com/markedjs/marked) from 2.0.1 to 4.0.10.
- [Release notes](https://github.com/markedjs/marked/releases)
- [Changelog](https://github.com/markedjs/marked/blob/master/.releaserc.json)
- [Commits](markedjs/marked@v2.0.1...v4.0.10)

---
updated-dependencies:
- dependency-name: marked
  dependency-type: direct:production
...
    @Trott
    Trott committed Jan 15, 2022
    Copy the full SHA
    bba42d4 View commit details
    Browse the repository at this point in the history

  2. fix: bump marked-terminal from 4.1.1 to 5.0.0

    @Trott
    Trott committed Jan 15, 2022
    Copy the full SHA
    289e6b1 View commit details
    Browse the repository at this point in the history

Commits on Jan 16, 2022

  1. chore: update engines per CI 

    BREAKING CHANGE: Drop support for Node.js 15.x.
    @Trott
    Trott committed Jan 16, 2022
    Copy the full SHA
    a889425 View commit details
    Browse the repository at this point in the history

  2. chore: add Node.js 17.x to CI test matrix

    @Trott
    Trott committed Jan 16, 2022
    Copy the full SHA
    04ae5e0 View commit details
    Browse the repository at this point in the history