stratos
stratos copied to clipboard
cloudfoundry
[Snyk] Security upgrade marked from 1.2.2 to 2.0.0
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-1070800 |
Yes | No Known Exploit |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: marked
The new version differs by 100 commits.- 8a7502f chore(release): 2.0.0 [skip ci]
- 9d3a781 🗜️ build [skip ci]
- 7293251 fix: Total rework of Emphasis/Strong (#1864)
- f848e77 fix: Join adjacent inlineText tokens (#1926)
- f2535f1 chore(release): 1.2.9 [skip ci]
- f0dc8a2 🗜️ build [skip ci]
- 1e36afd fix: allow sublist to be single space in pedantic (#1924)
- b97b802 chore(deps-dev): Bump rollup from 2.38.0 to 2.38.3 (#1922)
- 409ef11 chore(deps-dev): Bump @ rollup/plugin-babel from 5.2.2 to 5.2.3 (#1917)
- f86549d chore(deps-dev): Bump rollup from 2.38.0 to 2.38.2 (#1916)
- b2fe7c1 chore(deps-dev): Bump uglify-js from 3.12.5 to 3.12.6 (#1919)
- aec6b9d chore(deps-dev): Bump @ rollup/plugin-commonjs from 17.0.0 to 17.1.0 (#1918)
- afb285d chore(deps-dev): Bump eslint from 7.18.0 to 7.19.0 (#1920)
- 57d41b8 chore(release): 1.2.8 [skip ci]
- 608ba7c 🗜️ build [skip ci]
- 53c79ee fix: leave whitespace only lines alone (#1889)
- 42a18f1 chore(deps-dev): Bump rollup from 2.36.2 to 2.38.0 (#1910)
- be27b84 chore(deps-dev): Bump uglify-js from 3.12.4 to 3.12.5 (#1911)
- 5f4a931 chore(deps-dev): Bump jasmine from 3.6.3 to 3.6.4 (#1912)
- c457c53 chore(deps-dev): Bump semantic-release from 17.3.3 to 17.3.7 (#1913)
- e1392c2 chore(deps-dev): Bump rollup from 2.36.1 to 2.36.2 (#1901)
- e9ce0ee chore(deps-dev): Bump eslint from 7.17.0 to 7.18.0 (#1902)
- e3e33ee chore(deps-dev): Bump semantic-release from 17.3.1 to 17.3.3 (#1903)
- 659e558 chore(deps-dev): Bump @ semantic-release/npm from 7.0.9 to 7.0.10 (#1904)
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
- :x: - Snyk bot The commit (9d8649e1ab8232c5beeeebed202874174dd37efe) is not authorized under a signed CLA. Please click here to be authorized. For further assistance with EasyCLA, please submit a support request ticket.
![linux-foundation-easycla[bot] avatar](https://avatars.githubusercontent.com/in/17893?v=4 "Published by a pub.dev verified publisher"){kind=small}