koajs
[Snyk] Security upgrade markdown-it from 3.1.0 to 13.0.2
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5 |
Infinite loop SNYK-JS-MARKDOWNIT-6483324 |
Yes | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: markdown-it
The new version differs by 250 commits.- e476f78 13.0.2 released
- dfd485b Dist rebuild
- 80a3adc Fix crash in linkify inline rule on malformed input
- 49ca65b Sync pathological tests with cmark
- 2b6cac2 Sync pathological tests with cmark
- 08444a5 Fix typo; minor copy-edits (#879)
- 940459e fix: remove outdated comments (#891)
- 1529ff4 Guard against custom rule not incrementing pos
- 6325878 Multiple refactors
- 9ff460e Drop a lot of extra code from blockquotes
- e843acc Merge branch 'master' of github.com:markdown-it/markdown-it
- bda7182 13.0.1 released
- b8b610f Dist rebuild
- d17df13 Bump linkify-it to 4.0.1
- 0c19c37 Merge pull request #866 from yne/patch-1
- e157cd2 doc: Add syntax highlighting
- 6ec0b76 13.0.0 released
- 0e4c0f4 Dist rebuild
- d1757ed Bump linkify-it to v4
- bab0baf Added examples on how to add and modify rules (#619)
- e6d1bfd refactor: replace deprecated String.prototype.substr()
- f523514 Remove (p) => § replacement in typographer
- 3fc0deb Put entities to separate token
- 6b58ec4 Add linkifier rule to inline chain for full links
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.
New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
| Package | New capabilities | Transitives | Size | Publisher |
|---|---|---|---|---|
| npm/[email protected] | Transitive: environment, filesystem | +5 |
967 kB | vitaly |
🚮 Removed packages: npm/[email protected]
![socket-security[bot] avatar](https://avatars.githubusercontent.com/in/156372?v=4 "Published by a pub.dev verified publisher"){kind=small}