[Snyk] Upgrade marked from 4.0.10 to 4.3.0

[setilight]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade marked from 4.0.10 to 4.3.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 25 versions ahead of your current version.
• The recommended version was released a year ago, on 2023-03-22.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Command Injection SNYK-JS-LODASHTEMPLATE-1088054	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Proof of Concept
	Access Control Bypass SNYK-JS-VITE-6182924	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Proof of Concept
	Information Exposure SNYK-JS-EVENTSOURCE-2823375	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-6147607	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Proof of Concept
	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: marked

• 4.3.0 - 2023-03-22
  

  4.3.0 (2023-03-22)

  Bug Fixes

  • always return promise if async (#2728) (042dcc5)
  • fenced code doesn't need a trailing newline (#2756) (3acbb7f)

  Features

  • add preprocess and postprocess hooks (#2730) (9b452bc)
• 4.2.12 - 2023-01-14
  

  4.2.12 (2023-01-14)

  Sorry for all of the quick releases. We were testing out different ways to build the files for releases. v4.2.5 - v4.2.12 have no changes to how marked works. The only addition is the version number in the comment in the build files.

  Bug Fixes

  • revert to build script in ci (d2ab474)
• 4.2.11 - 2023-01-14
  

  4.2.11 (2023-01-14)

  Bug Fixes

  • just build in version (22ac2cf)
• 4.2.10 - 2023-01-14
  

  4.2.10 (2023-01-14)

  Bug Fixes

  • use version (fd759b3)
• 4.2.9 - 2023-01-14
  

  4.2.9 (2023-01-14)

  Bug Fixes

  • fix version (96380c3)
• 4.2.8 - 2023-01-14
  

  4.2.8 (2023-01-14)

  Bug Fixes

  • build in postversion for build file version (60c3b7f)
• 4.2.7 - 2023-01-14
  

  4.2.7 (2023-01-14)

  Bug Fixes

  • fix build file version (94fa76f)
• 4.2.6 - 2023-01-14
  

  4.2.6 (2023-01-14)

  Bug Fixes

  • add version to build files (79b8c0b)
• 4.2.5 - 2022-12-23
  

  4.2.5 (2022-12-23)

  Bug Fixes

  • fix paragraph continuation after block element (#2686) (1bbda68)
  • fix tabs at beginning of list items (#2679) (e692634)
• 4.2.4 - 2022-12-07
  

  4.2.4 (2022-12-07)

  Bug Fixes

  • loose list items are loose (#2672) (df4eb0e)
  • remove quotes at the end of gfm autolink (#2673) (697ac2a)
  • use paragraph token in blockquote in list (#2671) (edc857c)
• 4.2.3 - 2022-11-20
• 4.2.2 - 2022-11-05
• 4.2.1 - 2022-11-02
• 4.2.0 - 2022-10-31
• 4.1.1 - 2022-10-01
• 4.1.0 - 2022-08-30
• 4.0.19 - 2022-08-21
• 4.0.18 - 2022-07-11
• 4.0.17 - 2022-06-13
• 4.0.16 - 2022-05-17
• 4.0.15 - 2022-05-02
• 4.0.14 - 2022-04-11
• 4.0.13 - 2022-04-08
• 4.0.12 - 2022-01-27
• 4.0.11 - 2022-01-26
• 4.0.10 - 2022-01-13

from marked GitHub release notes

Commit messages

Package name: marked

• d65cf63 chore(release): 4.3.0 [skip ci]
• 28f4342 🗜️ build v4.3.0 [skip ci]
• 9b452bc feat: add preprocess and postprocess hooks (#2730)
• 042dcc5 fix: always return promise if async (#2728)
• 3acbb7f fix: fenced code doesn't need a trailing newline (#2756)
• d1f1319 chore(deps-dev): Bump rollup from 3.19.1 to 3.20.0 (#2760)
• 0ced8a5 chore(deps-dev): Bump jasmine from 4.5.0 to 4.6.0 (#2758)
• a5bbe19 chore(deps-dev): Bump @ babel/core from 7.21.0 to 7.21.3 (#2761)
• 00f6e2a chore(deps-dev): Bump semantic-release from 20.1.1 to 20.1.3 (#2759)
• 8c7bca8 chore(deps-dev): Bump node-fetch from 3.3.0 to 3.3.1 (#2754)
• e086dac chore(deps-dev): Bump eslint from 8.35.0 to 8.36.0 (#2753)
• c98dbcf chore(deps-dev): Bump rollup from 3.18.0 to 3.19.1 (#2752)
• 6164fb6 docs: Explain how to get an instance of `Slugger` (#2750)
• f12568e chore(deps-dev): Bump semantic-release from 20.1.0 to 20.1.1 (#2749)
• c571cd8 chore(deps-dev): Bump rollup from 3.17.3 to 3.18.0 (#2748)
• 75f66c8 chore(deps-dev): Bump eslint from 8.34.0 to 8.35.0 (#2743)
• 5084f9d chore(deps-dev): Bump rollup from 3.17.2 to 3.17.3 (#2742)
• 6962b8a chore(deps-dev): Bump @ babel/core from 7.20.12 to 7.21.0 (#2738)
• 2b61d8d chore(deps-dev): Bump rollup from 3.15.0 to 3.17.2 (#2739)
• 3736b6f chore(deps-dev): Bump rollup from 3.14.0 to 3.15.0 (#2732)
• 248a097 chore(deps-dev): Bump eslint from 8.33.0 to 8.34.0 (#2731)
• e1a502f chore(deps-dev): Bump rollup from 3.12.0 to 3.14.0 (#2729)
• 79239e4 chore(deps-dev): Bump semantic-release from 20.0.3 to 20.1.0 (#2724)
• 97f7243 chore(deps-dev): Bump rollup from 3.10.1 to 3.12.0 (#2725)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs