This repository was archived by the owner on Aug 18, 2025. It is now read-only.
Update dependency markdown-it to v12 [SECURITY] - abandoned#2380
Open
renovate[bot] wants to merge 1 commit into
Open
Update dependency markdown-it to v12 [SECURITY] - abandoned#2380renovate[bot] wants to merge 1 commit into
renovate[bot] wants to merge 1 commit into
Conversation
Author
Edited/Blocked NotificationRenovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR. You can manually request rebase by checking the rebase/retry box above. |
Author
Autoclosing SkippedThis PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
10.0.0->12.3.2GitHub Vulnerability Alerts
CVE-2022-21670
Impact
Special patterns with length > 50K chars can slow down parser significantly.
Patches
Upgrade to v12.3.2+
Workarounds
No.
References
Fix + test sample: markdown-it/markdown-it@ffc49ab
Release Notes
markdown-it/markdown-it
v12.3.2Compare Source
Security
v12.3.1Compare Source
Fixed
v12.3.0Compare Source
Changed
StateInline.delimiters[].jumpis removed.Fixed
***<10k stars>***a***<10k stars>***case.v12.2.0Compare Source
Added
Fixed
v12.1.0Compare Source
Changed
v12.0.6Compare Source
Fixed
altshould be rendered, #775.v12.0.5Compare Source
Fixed
===inside are no longer incorrectly interpreted as headers, #772.v12.0.4Compare Source
Fixed
12.0.3when processing strikethrough (~~) and similar plugins, #742.v12.0.3Compare Source
Fixed
[](<foo<bar>)is no longer a valid link.[](url (xxx())is no longer a valid link.[](url\ xxx)is no longer a valid link.emphases (#735), and autolinks (#737).
<? ... ?>in an inline context.<meta>html tag to appear in an inline context.v12.0.2Compare Source
Fixed
|\n|\n|) are no longer rendered as a table with no columns, #724.v12.0.1Compare Source
Fixed
v12.0.0Compare Source
Added
.gitattributes, force unix eol under windows, for development.Changed
highlight(code, lang, attrs), #626.rollup.jsto browserify sources.bower.json(bower reached EOL).specsplit.jsoptions.Makefilein favour of npm scrips.Fixed
%25is no longer decoded in beautified urls, #720.v11.0.1Compare Source
Fixed
v11.0.0Compare Source
Changed
linkify-itto 3.0.0, #661 + allow unlimited.inside links.nycfor coverage reports.Fixed
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.