elevate icon indicating copy to clipboard operation
elevate copied to clipboard

Published 20 hours ago โ€ข verified publisher icon thomaschampagne

[Snyk] Security upgrade markdown-it from 12.3.2 to 13.0.2

Open thomaschampagne opened this issue 3 months ago โ€ข 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • appcore/package.json
    • appcore/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Infinite loop
SNYK-JS-MARKDOWNIT-6483324		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: markdown-it The new version differs by 35 commits.
  • e476f78 13.0.2 released
  • dfd485b Dist rebuild
  • 80a3adc Fix crash in linkify inline rule on malformed input
  • 49ca65b Sync pathological tests with cmark
  • 2b6cac2 Sync pathological tests with cmark
  • 08444a5 Fix typo; minor copy-edits (#879)
  • 940459e fix: remove outdated comments (#891)
  • 1529ff4 Guard against custom rule not incrementing pos
  • 6325878 Multiple refactors
  • 9ff460e Drop a lot of extra code from blockquotes
  • e843acc Merge branch 'master' of github.com:markdown-it/markdown-it
  • bda7182 13.0.1 released
  • b8b610f Dist rebuild
  • d17df13 Bump linkify-it to 4.0.1
  • 0c19c37 Merge pull request #866 from yne/patch-1
  • e157cd2 doc: Add syntax highlighting
  • 6ec0b76 13.0.0 released
  • 0e4c0f4 Dist rebuild
  • d1757ed Bump linkify-it to v4
  • bab0baf Added examples on how to add and modify rules (#619)
  • e6d1bfd refactor: replace deprecated String.prototype.substr()
  • f523514 Remove (p) => ยง replacement in typographer
  • 3fc0deb Put entities to separate token
  • 6b58ec4 Add linkifier rule to inline chain for full links

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: ๐Ÿง View latest project report

๐Ÿ›  Adjust project settings

๐Ÿ“š Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

๐Ÿฆ‰ Learn about vulnerability in an interactive lesson of Snyk Learn.

thomaschampagne avatar Mar 26 '24 06:03 thomaschampagne