[Snyk] Upgrade commonmark from 0.27.0 to 0.29.2 #62
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade commonmark from 0.27.0 to 0.29.2.
✨ Snyk has automatically assigned this pull request, set who gets assigned.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version fixes:
SNYK-JS-MINIMIST-559764
Why? Proof of Concept exploit, CVSS 5.6
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: commonmark
We now use the built in
str.toLowerCase().toUpperCase()
, which@rlidwka has shown does an accurate unicode case fold.
This allows us to remove a huge lookup table and should
both decrease the size of the library and speed things up.
Improves on earlier fix to #141, which only worked for code blocks
flush with the left margin.
versions.
Renderer
(#162, Federico Ramirez). Export theRenderer
class so consumers can use it as a base class for their own custom
Renderer
's. [API change]\
is treated as punctuation character (#161).reHtmlBlockOpen
(Vas Sudanagunta).reWhitespace
.--smart
.!can_open && !can_close
(#172).escapeXml
(#169, Robin Stocker).%25
-basedregression test (Daniel Berndt).
.editorconfig
indent_size
to actual (#178, Vas Sudanagunta).^
operator for versions.:
, since the commonmark reader already unescapes entities. Thanks to Sebastiaan Knijnenburg for noticing this.(
in parenthesized link title.\\
, so matching it again in another alternative was causing exponential complexity explosion. This makes the following behavior changes:[foo\\\]
is no longer incorrectly accepted as a link reference.<foo\>
is no longer incorrectly accepted as an angle-bracketed link destination.Update spec to 0.28.
Align punctuation regex with spec (#121). Previously some ASCII
punctuation characters were not being counted, so
^_test_
came outwithout emphasis, for example.
Simplified a logical test, making it closer to the wording of the spec.
Don't parse reference def if last
]
is escaped (Comments on the foundational rework MicrosoftDocs/architecture-center#468).E.g.
Dingus Makefile: remove ref to obsolete html.js.
Removed obsolete lib/xml.js (replaced by lib/render/xml.js).
Allow tabs before and after ATX closing header (Erik Edrosa).
Change precedence of Strong/Emph when both nestings possible.
This accommodates the spec change to rule 14.
Note that commonmark.js was not previously in conformity
with rule 14 for things like
***hi****
.Calculate "mulitple of 3" for delim runs based on original number
of delims, not the number remaining after some have been
used.
Make esc() method abstract and overridable (muji).
README: update documentation for overriding softbreak and esc (#118).
Remove old XMLRenderer implementation (muji).
package.json: use shorter form for repository.
Don't export version in lib/index.js.
Instead, users can get version from package.json:
require('commonmark/package.json').version
.Removed remnants of old html renderer (#113).
Now we use lib/renderer/html.js.
Hand-rolled parser for link destinations.
This allows nested parens, as now required by the spec.
Fix regression test example (Colin O'Dell).
dingus: Fixed iframe on load.
It should be document, not CommonMark.
(
. See commonmark/commonmark-spec#427.(#108, problem not recognizing East Asian punctuation).
(Timothy Gu, see commonmark/commonmark-spec#343). Per ECMA-262 6th Edition
("ECMAScript 2015") §21.2.2.12 [CharacterClassEscape], the JavaScript
\s
escape character matches the characters specified by "Unicode whitespace,"
but not "whitespace." Rename the existing regular expression variable to
UnicodeWhitespace
, and create and use a new regular expression variablethat only matches the limited set of "whitespace" characters.
Commit messages
Package name: commonmark
Compare
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
👩💻 Set who automatically gets assigned
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs