[Snyk(Unlimited)] Upgrade marked from 0.3.5 to 0.8.2

[snyk-bot]

Snyk has created this PR to upgrade marked from 0.3.5 to 0.8.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 23 versions ahead of your current version.
• The recommended version was released a year ago, on 2020-03-22.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-SETVALUE-450213	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-SETVALUE-450213	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-MIXINDEEP-450212	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) npm:marked:20180225	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) npm:marked:20170907	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Cross-site Scripting (XSS) npm:marked:20170815	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Cross-site Scripting (XSS) npm:marked:20170112	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Cross-site Scripting (XSS) npm:marked:20150520	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-451540	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-174116	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-HANDLEBARS-567742	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-HANDLEBARS-534988	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary Code Execution SNYK-JS-HANDLEBARS-534478	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Denial of Service (DoS) SNYK-JS-HANDLEBARS-480388	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-HANDLEBARS-469063	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-HANDLEBARS-174183	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-HANDLEBARS-173692	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Cross-site Scripting (XSS) npm:marked:20170815-1	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-HANDLEBARS-1279029	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Remote Code Execution (RCE) SNYK-JS-HANDLEBARS-1056767	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Validation Bypass SNYK-JS-KINDOF-537849	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: marked

• 0.8.2 - 2020-03-22
  

  Fixes

  • Add html to TextRenderer for html in headings #1622
  • Remove html tags in heading ids #1622

  Docs

  • Update comment about GitHub breaks #1620
• 0.8.1 - 2020-03-18
  

  Fixes

  • Fix marked --help #1588
  • Fix GFM Example 116 code fences #1600
  • Send inline html to renderer #1602 (fixes #1601)
  • Improve docs example for invoking highlight.js #1603
  • Fix block-level elements breaking tables #1598 (fixes #1467)
  • break nptables on block-level structures #1617
• 0.8.0 - 2019-12-12
  

  Breaking changes

  • Remove substitutions #1532
  • Separate source into modules #1563 #1572 #1573 #1575 #1576 #1581

  Fixes

  • Fix relative urls in baseUrl option #1526
  • Loose task list #1535
  • Fix image parentheses #1557
  • remove module field & update devDependencies #1581

  Docs

  • Update examples with es6+ #1521
  • Fix link to USING_PRO.md page #1552
  • Fix typo in USING_ADVANCED.md #1558
  • Node worker threads are stable #1555

  Dev Dependencies

  • Update deps #1516
  • Update eslint #1542
  • Update htmldiffer async matcher #1543
• 0.7.0 - 2019-07-06
  

  Security

  • Sanitize paragraph and text tokens #1504
  • Fix ReDOS for links with backticks (issue #1493) #1515

  Breaking Changes

  • Deprecate sanitize and sanitizer options #1504
  • Move fences to CommonMark #1511
  • Move tables to GFM #1511
  • Remove tables option #1511
  • Single backtick in link text needs to be escaped #1515

  Fixes

  • Fix parentheses around a link #1509
  • Fix headings (issue #1510) #1511

  Tests

  • Run tests with correct options #1511
• 0.6.3 - 2019-06-30
  

  Fixes

  • Fix nested blockquotes #1464
  • Fix <em> issue with mixed content #1451
  • revert #1464 #1497
  • Fix breaks: true #1507

  Docs

  • add docs for workers #1432
  • Add security policy #1492
  • Update supported spec versions #1491
  • Update test folder descriptions #1506

  DevOps

  • Use latest commit for demo master #1457
  • Update tests to commonmark 0.29 #1465
  • Update tests to GFM 0.29 #1470
  • Fix commonmark spec 57 and 40 (headings) #1475
• 0.6.2 - 2019-04-05
  Read more
• 0.6.1 - 2019-02-19
  

  Fixes

  • Fix parenthesis url redos #1414

  Docs

  • Update demo site to use a worker #1418
  • Update devDependencies to last stable #1409
  • Update documentation about extending Renderer #1417
  • Remove --save option as it isn't required anymore #1422
  • Add snyk badge #1420
• 0.6.0 - 2019-01-01
  Read more
• 0.5.2 - 2018-11-20
  Read more
• 0.5.1 - 2018-09-26
  Read more
• 0.5.0 - 2018-08-16
• 0.4.0 - 2018-05-21
• 0.3.19 - 2018-03-26
• 0.3.18 - 2018-03-22
• 0.3.17 - 2018-02-27
• 0.3.16 - 2018-02-20
• 0.3.15 - 2018-02-19
• 0.3.14 - 2018-02-16
• 0.3.13 - 2018-02-16
• 0.3.12 - 2018-01-09
• 0.3.9 - 2017-12-23
• 0.3.7 - 2017-12-01
• 0.3.6 - 2016-07-30
• 0.3.5 - 2015-07-31

from marked GitHub release notes

Commit messages

Package name: marked

• 4af69d3 Merge pull request [Snyk(Unlimited)] Upgrade tinymce from 4.1.0 to 4.9.11 #1624 from UziTech/release-0.8.2
• 19f0d4f 0.8.2
• 38403c0 build
• d7b05cb update devdeps
• 17ee15f build [skip ci]
• 58e9fed Merge pull request [Snyk(Unlimited)] Upgrade typeorm from 0.2.30 to 0.2.32 #1622 from UziTech/render-html
• 193a41e simplify tag regex
• 7330a9c add html test to heading ids
• f01ba94 add html to TextRenderer
• cf3d0a0 Merge pull request [Snyk(Unlimited)] Upgrade humanize-ms from 1.0.1 to 1.2.1 #1620 from julien-c/patch-1
• 9f2c0d1 Update docs/USING_ADVANCED.md
• 885d728 Update docs/USING_ADVANCED.md
• b8c5541 Merge pull request [Snyk(Unlimited)] Upgrade express-fileupload from 0.0.5 to 0.4.0 #1616 from UziTech/release-0.8.1
• 20d85bd 0.8.1
• b0928cb build [skip ci]
• 8d51037 Merge pull request [Snyk(Unlimited)] Upgrade dustjs-helpers from 1.5.0 to 1.7.4 #1617 from UziTech/following-nptable
• 4e3d20d Remove inaccurate proposition on GitHub
• c71ac10 Merge pull request [Snyk(Unlimited)] Upgrade consolidate from 0.14.5 to 0.16.0 #1619 from markedjs/dependabot/npm_and_yarn/acorn-7.1.1
• 65febe4 Bump acorn from 7.1.0 to 7.1.1
• 2d8045f test 3 spaces before table rows
• 431f523 remove unneeded code
• d8c09c1 add tests
• cbcda26 copy table rules to nptables
• 11a035e build [skip ci]

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs