Skip to content

[Snyk] Fix for 1 vulnerabilities

Dan Trevino requested to merge snyk-fix-6282edd6070d3165f2ff498cffc693da into master

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this Merge Request

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 551/1000
Why? Recently disclosed, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-HIGHLIGHTJS-1048676
Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: markdown-it-highlightjs The new version differs by 26 commits.
  • f10f960 3.3.0
  • d06fce1 Bump highlight.js
  • 1c44695 Merge pull request #11 (closed) from vfcp/master
  • 5b77dca Use langPrefix from Markdown-it options instead of hardcoded value 'language-'
  • 437acd2 Bump highlight.js from 9.18.1 to 10.1.1
  • 967f7ae 3.2.0
  • 2f7c1d9 Update changelog
  • c97b53c Refactor out inline highlight as a function
  • f3ebc06 Merge pull request #10 from wetmore/inline-pr
  • dc38f21 add missing :
  • 98faa69 Merge branch 'master' of github.com:wetmore/markdown-it-highlightjs
  • 5bc782a Fix regex by escaping .
  • 730b571 More docs
  • 56243d8 Update README.md
  • d25b3a7 Add option to readma
  • c5ce3c4 Add option to highlight inline code blocks.
  • eed2e88 Bump 3.1.0
  • 5fafb06 Small adjustments
  • 603503e Merge pull request #7 from commenthol/feat-register
  • 7980c36 Merge pull request #8 from commenthol/fix-undef-lang
  • b94a914 Merge pull request #6 from commenthol/chore-bump
  • 8efa3c3 fix: console log Unknown language: ""
  • 2242296 feat: register languages
  • b3ebbfd chore: bump dependencies

See the full diff

Check the changes in this Merge Request to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Merge request reports