[Snyk] Upgrade marked from 0.3.5 to 4.0.4 #176

snyk-bot · 2021-12-10T22:36:36Z

Snyk has created this PR to upgrade marked from 0.3.5 to 4.0.4.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

The recommended version is 63 versions ahead of your current version.
The recommended version was released 21 days ago, on 2021-11-19.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Regular Expression Denial of Service (ReDoS) npm:marked:20180225	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) npm:marked:20170907	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Cross-site Scripting (XSS) npm:marked:20170815	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Cross-site Scripting (XSS) npm:marked:20170112	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Cross-site Scripting (XSS) npm:marked:20150520	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Cross-site Scripting (XSS) npm:marked:20170815-1	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-584281	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-451540	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-174116	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: marked

4.0.4 - 2021-11-19
4.0.4 (2021-11-19)

Bug Fixes
- fix cli (#2294) (ab2977a)
4.0.3 - 2021-11-13
4.0.3 (2021-11-13)

Bug Fixes
- build min from umd (#2283) (ea26ea9)
4.0.2 - 2021-11-12
4.0.2 (2021-11-12)

Bug Fixes
- Create separate CJS and UMD builds (#2281) (62faaf4)
4.0.1 - 2021-11-11
4.0.1 (2021-11-11)

Bug Fixes
- Set commonJS code as main in package.json (#2276) (7e636d5)
4.0.0 - 2021-11-02
4.0.0 (2021-11-02)

Bug Fixes
- Convert to ESM (#2227) (4afb228)
BREAKING CHANGES
- Default export removed. Use import { marked } from 'marked' or const { marked } = require('marked') instead.
- /lib/marked.js removed. Use /marked.min.js in script tag instead.
- When using marked in a script tag use marked.parse(...) instead of marked(...)
3.0.8 - 2021-10-24
3.0.8 (2021-10-24)

Bug Fixes
- walkTokens uses marked as this (#2251) (2da5885)
3.0.7 - 2021-10-07
3.0.7 (2021-10-07)

Bug Fixes
- use named exports only for ESM build (#2226)
3.0.6 - 2021-10-06
3.0.6 (2021-10-06)

Bug Fixes
- Remove esm interop (#2225) (4bc9121)
3.0.5 - 2021-10-06
3.0.5 (2021-10-06)

Bug Fixes
- Expose named exports for ESM build (#2223) (3959651)
3.0.4 - 2021-09-14
3.0.4 (2021-09-14)

Bug Fixes
- fix detection of orphaned emStrong delimiters (#2203) (7792adc)
3.0.3 - 2021-09-08
3.0.2 - 2021-08-25
3.0.1 - 2021-08-23
3.0.0 - 2021-08-16
2.1.3 - 2021-06-25
2.1.2 - 2021-06-22
2.1.1 - 2021-06-16
2.1.0 - 2021-06-15
2.0.7 - 2021-06-01
2.0.6 - 2021-05-27
2.0.5 - 2021-05-21
2.0.4 - 2021-05-20
2.0.3 - 2021-04-11
2.0.2 - 2021-04-10
2.0.1 - 2021-02-27
2.0.0 - 2021-02-07
1.2.9 - 2021-02-03
1.2.8 - 2021-01-26
1.2.7 - 2020-12-15
1.2.6 - 2020-12-10
1.2.5 - 2020-11-19
1.2.4 - 2020-11-15
1.2.3 - 2020-11-04
1.2.2 - 2020-10-21
1.2.1 - 2020-10-21
1.2.0 - 2020-09-28
1.1.2 - 2020-10-21
1.1.1 - 2020-07-14
1.1.0 - 2020-05-16
1.0.0 - 2020-04-21
0.8.2 - 2020-03-22
0.8.1 - 2020-03-18
0.8.0 - 2019-12-12
0.7.0 - 2019-07-06
0.6.3 - 2019-06-30
0.6.2 - 2019-04-05
0.6.1 - 2019-02-19
0.6.0 - 2019-01-01
0.5.2 - 2018-11-20
0.5.1 - 2018-09-26
0.5.0 - 2018-08-16
0.4.0 - 2018-05-21
0.3.19 - 2018-03-26
0.3.18 - 2018-03-22
0.3.17 - 2018-02-27
0.3.16 - 2018-02-20
0.3.15 - 2018-02-19
0.3.14 - 2018-02-16
0.3.13 - 2018-02-16
0.3.12 - 2018-01-09
0.3.9 - 2017-12-23
0.3.7 - 2017-12-01
0.3.6 - 2016-07-30
0.3.5 - 2015-07-31

from marked GitHub release notes

Commit messages

Package name: marked

0ed66bd chore(release): 4.0.4 [skip ci]
ab2977a fix: fix cli (#2294)
6cba7b4 chore(docs): remove nptable tokenizer from docs (#2293)
e77f9e3 chore(deps-dev): Bump rollup from 2.59.0 to 2.60.0 (#2288)
83878dc chore(deps-dev): Bump eslint-plugin-import from 2.25.2 to 2.25.3 (#2289)
2550537 chore(deps-dev): Bump node-fetch from 3.0.0 to 3.1.0 (#2287)
92da674 chore(release): 4.0.3 [skip ci]
2d64613 🗜️ build [skip ci]
ea26ea9 fix: build min from umd (#2283)
6b9e079 chore(release): 4.0.2 [skip ci]
2110c62 🗜️ build [skip ci]
62faaf4 fix: Create separate CJS and UMD builds (#2281)
bc1027f chore(deps-dev): Bump titleize from 2.1.0 to 3.0.0 (#2027)
a34e86e chore: avoid linefeed errors running on windows (#2277)
c05e577 chore(release): 4.0.1 [skip ci]
7e636d5 fix: Set commonJS code as `main` in `package.json` (#2276)
9286c8f chore(deps-dev): Bump @ semantic-release/npm from 8.0.2 to 8.0.3 (#2272)
9e93219 chore(deps-dev): Bump uglify-js from 3.14.2 to 3.14.3 (#2270)
7d7e223 chore(deps-dev): Bump eslint from 8.1.0 to 8.2.0 (#2271)
59487a2 chore(deps-dev): Bump @ semantic-release/github from 8.0.1 to 8.0.2 (#2273)
7c09bb0 chore(release): 4.0.0 [skip ci]
1d5966f 🗜️ build [skip ci]
eb84a28 chore: rename release config
4afb228 fix: Convert to ESM (#2227)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade marked from 0.3.5 to 4.0.4. See this package in npm: https://www.npmjs.com/package/marked See this project in Snyk: https://app.snyk.io/org/ninja-co./project/72dd65a6-a474-411a-bf88-c24587e09bf3?utm_source=github&utm_medium=referral&page=upgrade-pr

This was referenced May 28, 2022

[Snyk] Security upgrade adm-zip from 0.4.7 to 0.4.11 #372

Open

[Snyk] Security upgrade adm-zip from 0.4.7 to 0.4.11 #387

Open

[Snyk] Security upgrade adm-zip from 0.4.7 to 0.4.11 #399

Open

akanchhaS mentioned this pull request Jun 11, 2022

[Snyk] Security upgrade adm-zip from 0.4.7 to 0.4.11 #421

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade marked from 0.3.5 to 4.0.4 #176

[Snyk] Upgrade marked from 0.3.5 to 4.0.4 #176

snyk-bot commented Dec 10, 2021

4.0.4 (2021-11-19)

Bug Fixes

4.0.3 (2021-11-13)

Bug Fixes

4.0.2 (2021-11-12)

Bug Fixes

4.0.1 (2021-11-11)

Bug Fixes

4.0.0 (2021-11-02)

Bug Fixes

BREAKING CHANGES

3.0.8 (2021-10-24)

Bug Fixes

3.0.7 (2021-10-07)

Bug Fixes

3.0.6 (2021-10-06)

Bug Fixes

3.0.5 (2021-10-06)

Bug Fixes

3.0.4 (2021-09-14)

Bug Fixes

[Snyk] Upgrade marked from 0.3.5 to 4.0.4 #176

Are you sure you want to change the base?

[Snyk] Upgrade marked from 0.3.5 to 4.0.4 #176

Conversation

snyk-bot commented Dec 10, 2021

Snyk has created this PR to upgrade marked from 0.3.5 to 4.0.4.

4.0.4 (2021-11-19)

Bug Fixes

4.0.3 (2021-11-13)

Bug Fixes

4.0.2 (2021-11-12)

Bug Fixes

4.0.1 (2021-11-11)

Bug Fixes

4.0.0 (2021-11-02)

Bug Fixes

BREAKING CHANGES

3.0.8 (2021-10-24)

Bug Fixes

3.0.7 (2021-10-07)

Bug Fixes

3.0.6 (2021-10-06)

Bug Fixes

3.0.5 (2021-10-06)

Bug Fixes

3.0.4 (2021-09-14)

Bug Fixes