Update dependency markdown-it to v12 [SECURITY] - abandoned

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
markdown-it	^11.0.0 -> ^12.0.0

GitHub Vulnerability Alerts

CVE-2022-21670

Impact

Special patterns with length > 50K chars can slow down parser significantly.

const md = require('markdown-it')();

md.render(`x ${' '.repeat(150000)} x  \nx`);

Patches

Upgrade to v12.3.2+

Workarounds

No.

References

Fix + test sample: markdown-it/markdown-it@ffc49ab

---

Release Notes

markdown-it/markdown-it

v12.3.2

Compare Source

Security

• Fix possible ReDOS in newline rule. Thanks to @​MakeNowJust.

v12.3.1

Compare Source

Fixed

• Fix corner case when tab prevents paragraph continuation in lists, #​830.

v12.3.0

Compare Source

Changed

• StateInline.delimiters[].jump is removed.

Fixed

• Fixed quadratic complexity in pathological ***<10k stars>***a***<10k stars>*** case.

v12.2.0

Compare Source

Added

• Ordered lists: add order value to token info.

Fixed

• Always suffix indented code block with a newline, #​799.

v12.1.0

Compare Source

Changed

• Updated CM spec compatibility to 0.30.

v12.0.6

Compare Source

Fixed

• Newline in alt should be rendered, #​775.

v12.0.5

Compare Source

Fixed

• HTML block tags with === inside are no longer incorrectly interpreted as headers, #​772.
• Fix table/list parsing ambiguity, #​767.

v12.0.4

Compare Source

Fixed

• Fix crash introduced in 12.0.3 when processing strikethrough (~~) and similar plugins, #​742.
• Avoid fenced token mutation, #​745.

v12.0.3

Compare Source

Fixed

• [](<foo<bar>) is no longer a valid link.
• [](url (xxx()) is no longer a valid link.
• [](url\ xxx) is no longer a valid link.
• Fix performance issues when parsing links (#​732, #​734), backticks, (#​733, #​736),
  emphases (#​735), and autolinks (#​737).
• Allow newline in <? ... ?> in an inline context.
• Allow <meta> html tag to appear in an inline context.

v12.0.2

Compare Source

Fixed

• Three pipes (|\n|\n|) are no longer rendered as a table with no columns, #​724.

v12.0.1

Compare Source

Fixed

• Fix tables inside lists indented with tabs, #​721.

v12.0.0

Compare Source

Added

• .gitattributes, force unix eol under windows, for development.

Changed

• Added 3rd argument to highlight(code, lang, attrs), #​626.
• Rewrite tables according to latest GFM spec, #​697.
• Use rollup.js to browserify sources.
• Drop bower.json (bower reached EOL).
• Deps bump.
• Tune specsplit.js options.
• Drop Makefile in favour of npm scrips.

Fixed

• Fix mappings for table rows (amended fix made in 11.0.1), #​705.
• %25 is no longer decoded in beautified urls, #​720.

v11.0.1

Compare Source

Fixed

• Fix blockquote lazy newlines, #​696.
• Fix missed mappings for table rows, #​705.

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

[renovate]

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.