node-help icon indicating copy to clipboard operation
node-help copied to clipboard
verified publisher icon foundling

[Snyk] Security upgrade marked-terminal from 2.0.0 to 3.1.0

Open foundling opened this issue 2 years ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: marked-terminal The new version differs by 31 commits.
  • 0bdab74 v3.1.0
  • 2508b92 v3.0.1
  • 4b6edd4 Supports both 0.4.0 and 0.5.0
  • f32584f Updates all dependencies
  • c2ccd5a Merge pull request #42 from millette/patch-1
  • 14fe01b Upgrade to marked 0.5.0
  • fd96408 v3.0.0
  • a70c307 Bumps dev dependencies to marked 0.4
  • 36a8035 Merge pull request #41 from gr2m/patch-1
  • fca5514 Changes travis checks for modern versions of node
  • e9d5ff4 build(package): marked@^0.4.0
  • aa5e552 Revert "Revert "No longer bullet every line of multi-line list items""
  • d57047e Merge pull request #38 from mikaelbr/revert-37-multi-line-list-items
  • 5ab64f8 Revert "No longer bullet every line of multi-line list items"
  • 4e756c9 Revert "v2.0.1"
  • dd005fa Merge pull request #37 from devinivy/multi-line-list-items
  • a981246 v2.0.1
  • 6c6297b Updates package-lock
  • e9ecc8d Do not bullet every line of multi-line list items
  • 105245b Merge pull request #36 from dzabrzenski/master
  • 9d48a88 update `marked` to the latest version
  • f8b778a Merge pull request #35 from mikaelbr/add-license-1
  • 727a660 Create LICENSE
  • 9c2654f Merge pull request #34 from mikaelbr/add-code-of-conduct-1

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

foundling avatar Nov 28 '23 14:11 foundling