[Snyk] Upgrade marked from 0.3.19 to 2.0.3

[snyk-bot]

Snyk has created this PR to upgrade marked from 0.3.19 to 2.0.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

Warning: This is a major version upgrade, and may be a breaking change.

• The recommended version is 30 versions ahead of your current version.
• The recommended version was released a month ago, on 2021-04-11.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Access Restriction Bypass SNYK-JS-XMLHTTPREQUESTSSL-1255647	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Arbitrary Code Injection SNYK-JS-XMLHTTPREQUESTSSL-1082936	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Arbitrary File Overwrite SNYK-JS-TAR-174125	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1085630	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1085630	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Denial of Service (DoS) SNYK-JS-SOCKETIOPARSER-1056752	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-SETVALUE-450213	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-SETVALUE-450213	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-NPMUSERVALIDATE-1019352	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Write SNYK-JS-NPM-537606	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Arbitrary File Overwrite SNYK-JS-NPM-537603	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-NODEEXTEND-73641	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-MIXINDEEP-450212	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-LODASHMERGE-173732	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-INI-1048974	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Arbitrary File Overwrite SNYK-JS-FSTREAM-174725	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-CACHEDPATHRELATIVE-72573	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Remote Memory Exposure SNYK-JS-BL-608877	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Write SNYK-JS-BINLINKS-537610	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Arbitrary File Overwrite SNYK-JS-BINLINKS-537608	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-ANGULAR-572020	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-ANGULAR-534884	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-AJV-584908	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Time of Check Time of Use (TOCTOU) npm:chownr:20180731	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Insertion of Sensitive Information into Log File SNYK-JS-NPMREGISTRYFETCH-575432	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Insertion of Sensitive Information into Log File SNYK-JS-NPMREGISTRYFETCH-575432	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Insertion of Sensitive Information into Log File SNYK-JS-NPM-575435	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Command Injection SNYK-JS-NODENOTIFIER-1035794	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS ) SNYK-JS-MARKED-584281	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-451540	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-174116	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-LODASHMERGE-173733	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Man-in-the-Middle (MitM) SNYK-JS-HTTPSPROXYAGENT-469131	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-DOTPROP-543489	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-ANGULAR-570058	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Unauthorized File Access SNYK-JS-NPM-537604	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Validation Bypass SNYK-JS-KINDOF-537849	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Unauthorized File Access SNYK-JS-BINLINKS-537609	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: marked

• 2.0.3 - 2021-04-11
  

  2.0.3 (2021-04-11)

  Bug Fixes

  • actually add a type property to the def token (#2002) (47e65cf)
• 2.0.2 - 2021-04-10
  

  2.0.2 (2021-04-10)

  Bug Fixes

  • add type property on def token (#2001) (009427f)
• 2.0.1 - 2021-02-27
  

  2.0.1 (2021-02-27)

  Bug Fixes

  • fix items between lists (#1936) (46cdfc1)
• 2.0.0 - 2021-02-07
  

  2.0.0 (2021-02-07)

  Bug Fixes

  • Join adjacent inlineText tokens (#1926) (f848e77)
  • Total rework of Emphasis/Strong (#1864) (7293251)

  BREAKING CHANGES

  • em and strong tokenizers have been merged into one emStrong tokenizer.
  • code and text tokenizers do not get passed all tokens as a second parameter.
  • No longer supporting IE 11. IE 11 may still work but we are not committed to making sure it works with every update. We still provide an es5 version in lib/marked.js but some pollyfills may be needed for IE 11 in the future.
• 1.2.9 - 2021-02-03
  

  1.2.9 (2021-02-03)

  Bug Fixes

  • allow sublist to be single space in pedantic (#1924) (1e36afd)
• 1.2.8 - 2021-01-26
  

  1.2.8 (2021-01-26)

  Bug Fixes

  • leave whitespace only lines alone (#1889) (53c79ee)
• 1.2.7 - 2020-12-15
  

  1.2.7 (2020-12-15)

  Bug Fixes

  • Replace use of startsWith and endsWith with regex for IE11 (#1877) (4fdde20), closes #1876
• 1.2.6 - 2020-12-10
  

  1.2.6 (2020-12-10)

  Bug Fixes

  • fix atx heading and make regex safe (#1853) (70ee29c)
    possible breaking change: When using the block.heading rule the text provided in capture group 2 will not be trimmed of whitespace.
  • fix link with angle brackets around href (#1851) (656c3e4)
• 1.2.5 - 2020-11-19
  

  1.2.5 (2020-11-19)

  Bug Fixes

  • fix em and strong starting with special char (#1832) (f9bc93b)
  • task lists not rendered when GFM is disabled (#1825) (3942e89), closes #1823
• 1.2.4 - 2020-11-15
  

  1.2.4 (2020-11-15)

  Bug Fixes

  • no strikethrough on different number of tildes (#1821) (d79f210)

  Possible Breaking Change: When using the inline.del rule the text is provided in capture group 2 instead of 1.

• 1.2.3 - 2020-11-04
• 1.2.2 - 2020-10-21
• 1.2.1 - 2020-10-21
• 1.2.0 - 2020-09-28
• 1.1.2 - 2020-10-21
• 1.1.1 - 2020-07-14
• 1.1.0 - 2020-05-16
• 1.0.0 - 2020-04-21
• 0.8.2 - 2020-03-22
• 0.8.1 - 2020-03-18
• 0.8.0 - 2019-12-12
• 0.7.0 - 2019-07-06
• 0.6.3 - 2019-06-30
• 0.6.2 - 2019-04-05
• 0.6.1 - 2019-02-19
• 0.6.0 - 2019-01-01
• 0.5.2 - 2018-11-20
• 0.5.1 - 2018-09-26
• 0.5.0 - 2018-08-16
• 0.4.0 - 2018-05-21
• 0.3.19 - 2018-03-26

from marked GitHub release notes

Commit messages

Package name: marked

• d4699f4 chore(release): 2.0.3 [skip ci]
• a4a0900 🗜️ build [skip ci]
• 47e65cf fix: actually add a `type` property to the `def` token (Add PEG Token MyEtherWallet/etherwallet#2002)
• 856c4ad chore(release): 2.0.2 [skip ci]
• 5d9e06b 🗜️ build [skip ci]
• 009427f fix: add type property on def token (devop/sync-repo MyEtherWallet/etherwallet#2001)
• d0f9ffd chore(deps-dev): Bump @ babel/core from 7.13.13 to 7.13.14 (Manual gas limits for upcoming _ token MyEtherWallet/etherwallet#1999)
• be27303 chore(deps-dev): Bump rollup from 2.43.1 to 2.44.0 (devop/sync-repo MyEtherWallet/etherwallet#1998)
• 66843ce chore(deps-dev): Bump highlight.js from 10.7.1 to 10.7.2 (Enable Ledger Hardware Wallet support for Ether-1 (ETHO) MyEtherWallet/etherwallet#1997)
• efedf73 chore(deps-dev): Bump @ semantic-release/npm from 7.0.10 to 7.1.0 (devop/remove-x888 MyEtherWallet/etherwallet#1996)
• e5796ec chore(deps-dev): Bump @ babel/preset-env from 7.13.10 to 7.13.12 (Public address has changed using Ledger Nano + Mew **($20k funds LOST)** MyEtherWallet/etherwallet#1989)
• 431a866 chore(deps-dev): Bump rollup from 2.42.2 to 2.43.1 (Enable Ledger Hardware Wallet support for Akroma (AKA) MyEtherWallet/etherwallet#1992)
• 3581317 chore(deps-dev): Bump @ rollup/plugin-commonjs from 17.1.0 to 18.0.0 (devop/update-darklist MyEtherWallet/etherwallet#1987)
• a112f16 chore(deps-dev): Bump eslint from 7.22.0 to 7.23.0 (fixed menu layout MyEtherWallet/etherwallet#1988)
• d856efe chore(deps-dev): Bump uglify-js from 3.13.2 to 3.13.3 (Add EXY interface ABI MyEtherWallet/etherwallet#1990)
• 48d52fc chore(deps-dev): Bump @ babel/core from 7.13.10 to 7.13.13 (devop/sync-repo MyEtherWallet/etherwallet#1991)
• e8ddad0 docs: fix demo initial options not loaded (devop/cleanup-nodeTypes MyEtherWallet/etherwallet#1983)
• 37a88f8 chore(deps-dev): Bump rollup from 2.42.1 to 2.42.2 (Migrate to Trezor Connect v5 MyEtherWallet/etherwallet#1978)
• 0683687 chore(deps-dev): Bump jasmine from 3.6.4 to 3.7.0 (devop/sync-repo MyEtherWallet/etherwallet#1977)
• 2526179 chore(deps-dev): Bump rollup from 2.41.2 to 2.42.1 (add akroma support MyEtherWallet/etherwallet#1976)
• 4962cda chore(deps-dev): Bump highlight.js from 10.6.0 to 10.7.1 (Add custom token offline MyEtherWallet/etherwallet#1975)
• 535dede chore(deps-dev): Bump uglify-js from 3.13.1 to 3.13.2 (devop/sync-repo MyEtherWallet/etherwallet#1974)
• 3432c15 chore(deps-dev): Bump uglify-js from 3.13.0 to 3.13.1 (devop/sync-repo MyEtherWallet/etherwallet#1972)
• d4e6cb3 chore(deps-dev): Bump semantic-release from 17.4.1 to 17.4.2 (devop/add-kyber-contract MyEtherWallet/etherwallet#1971)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs