Update dependency marked to v0.3.18 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
marked (source)	devDependencies	patch	0.3.7 -> 0.3.18

GitHub Vulnerability Alerts

CVE-2017-17461

A Regular expression Denial of Service (ReDoS) vulnerability in the file marked.js of the marked npm package (tested on version 0.3.7) allows a remote attacker to overload and crash a server by passing a maliciously crafted string.

CVE-2017-16114

The marked module is vulnerable to a regular expression denial of service. Based on the information published in the public issue, 1k characters can block for around 6 seconds.

GHSA-8wp3-cp9v-44fm / WS-2019-0026

Versions 0.3.7 and earlier of marked unescape only lowercase while owsers support both lowercase and uppercase x in hexadecimal form of HTML character entity

GHSA-xf5p-87ch-gxw2 / WS-2019-0027

Versions 0.3.17 and earlier of marked has Four regexes were vulnerable to catastrophic backtracking. This leaves markdown servers open to a potential REDOS attack.

GHSA-wjmf-58vc-xqjr / WS-2019-0025

Versions 0.3.7 and earlier of marked When mangling is disabled via option mangle don't escape target href. This allow attacker to inject arbitrary html-event into resulting a tag.

---

Release Notes

markedjs/marked

v0.3.18

Compare Source

• Supported Markdown flavors: CommonMark 0.28 and GitHub Flavored Markdown 0.28
• Updates to our CI pipeline; we're all green! #​1098 with the caveat that there is a test that needs to get sorted (help us out #​1092)
• Start ordered lists using the initial numbers from markdown lists (#​1144)
• Added GitHub Pages site for documentation https://marked.js.org/ (#​1138)

v0.3.17

Compare Source

• The elephant in the room: A security vulnerability was discovered and fixed. Please note, if something breaks due to these changes, it was not our intent, and please let us know by submitting a PR or issue to course correct (the nature of the zero-major release and having security as a number one priority) #​1083
• The other elephant in the room: We missed publishing a 0.3.16 release to GitHub; so, trying to make up for that a bit.
• Updates to the project documentation and operations, you should check it out, just start with the README and you should be good.
• New release PR template available #​1076
• Updates to default PR and Issue templates #​1076
• Lint checks + tests + continuous integration using Travis #​1020
• Updated testing output #​1085 & #​1087

v0.3.16

Compare Source

v0.3.15

Compare Source

Fixes unintended breaking change from v0.3.14

v0.3.14

Compare Source

• Marked has a new home under the MarkedJS org! Other advances soon to come.
• Updated minifier.
• Various parser fixes

v0.3.13

Compare Source

v0.3.12

Compare Source

• Addresses issue where some users might not have been able to update due to missing use strict #​991
• Parser fix #​977
• New way to perform tests with options and running individual tests #​1002
• Improved test cases
• Improved links

v0.3.9

Compare Source

We think with this version we have addressed most, if not all, known security vulnerabilities. If you find more, please let us know.

---

Renovate configuration

📅 Schedule: "" (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever PR becomes conflicted, or if you modify the PR title to begin with "rebase!".

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

Newsflash: Renovate has joined WhiteSource, and is now free for all use. Learn more or view updated terms and privacy policies.

[netlify]

Deploy preview for ant-desing-vue processing.

Building with commit 8347c9a

https://app.netlify.com/sites/ant-desing-vue/deploys/5e00cb94eb1cd700078064e5

[codecov]

Codecov Report

Merging #1642 into master will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##           master    #1642   +/-   ##
=======================================
  Coverage   88.01%   88.01%           
=======================================
  Files         157      157           
  Lines        5406     5406           
  Branches     1522     1522           
=======================================
  Hits         4758     4758           
  Misses        579      579           
  Partials       69       69

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 1c9e9e2...8347c9a. Read the comment docs.

[github-actions]

This pull request has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.