[Snyk] Upgrade react-markdown from 8.0.0 to 8.0.7 #327

NOUIY · 2024-02-14T21:00:03Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade react-markdown from 8.0.0 to 8.0.7.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 7 versions ahead of your current version.
The recommended version was released 10 months ago, on 2023-04-12.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Prototype Poisoning SNYK-JS-QS-3153490	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-AXIOS-6144788	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Improper Verification of Cryptographic Signature SNYK-JS-BROWSERIFYSIGN-6037026	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SIDEWAYFORMULA-3317169	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Prototype Pollution SNYK-JS-XML2JS-5414874	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-6124857	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
Denial of Service (DoS) SNYK-JS-JPEGJS-2859218	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
Open Redirect SNYK-JS-GOT-2932019	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Open Redirect SNYK-JS-GOT-2932019	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-HTTPCACHESEMANTICS-3248783	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-JSON5-3182856	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: react-markdown

8.0.7 - 2023-04-12
Perf
- c289176 Fix performance for keys
  by @ wooorm in #738
Docs
- 9034dbd Fix types in syntax highlight example
  by @ dlqqq in #736
Full Changelog: 8.0.6...8.0.7
8.0.6 - 2023-03-20
- 33ab015 Update to TS 5
  by @ Methuselah96 in #734
Full Changelog: 8.0.5...8.0.6
8.0.5 - 2023-01-17
Misc
- d640d40 Update to use node16 module resolution in tsconfig.json
  by @ ChristianMurphy in #723
- 402fea3 Fix typo in plugins deprecation message
  by @ marc2332 in #719
- 4f98f73 Remove deprecated and unneeded defaultProps
  by @ Lepozepo in #718
New Contributors
- @ Lepozepo made their first contribution in #718
- @ marc2332 made their first contribution in #719
Full Changelog: 8.0.4...8.0.5
8.0.4 - 2022-12-01
- 9b20440 Fix type of td, th props
  by @ lucasassisrosa in #714
- cfe075b Add clarification of alt on img in docs
  by @ cballenar in #692
Full Changelog: 8.0.3...8.0.4
8.0.3 - 2022-04-20
- a2fb833 Fix prop types of plugins
  by @ starpit in #683
Full Changelog: 8.0.2...8.0.3
8.0.2 - 2022-03-31
- 2712227 Update react-is
- 704c3c6 Fix TypeScript bug by adding workaround
  by @ Methuselah96 in #676
Full Changelog: 8.0.1...8.0.2
8.0.1 - 2022-03-14
- c23ecf6 Add missing dependency for types
  by @ Methuselah96 in #675
Full Changelog: 8.0.0...8.0.1
8.0.0 - 2022-01-17
What's Changed
- cd845c9 Remove deprecated plugins option
  (migrate by renaming it to remarkPlugins)
- 36e4916 Update remark-rehype, add support for passing it options
  by @ peolic in #669
  (migrate by removing remark-footnotes and updating remark-gfm if you were using them, otherwise you shouldn’t notice this)
Full Changelog: 7.1.2...8.0.0

from react-markdown GitHub release notes

Commit messages

Package name: react-markdown

4a6065b 8.0.7
c289176 Fix performance for keys
184a1a3 Update dev-dependencies
9034dbd Fix types in syntax highlight example
298b4f1 8.0.6
33ab015 Update to TS 5
a3de85b Remove ununsed dev-dependency
5aad622 Add test for nullish properties
8c40d4e 8.0.5
469ebc2 Add tests for exposed identifiers
5ab03c4 Use Node test runner
b81001f Refactor to use more explicit names
69583d2 Remove `path`, use `fs/promises` in tests
998ba08 Update `tsconfig.json`
560d6d0 Update dev-dependencies
d640d40 Update to use `node16` module resolution in `tsconfig.json`
e63707f Add `ignore-scripts` to `.npmrc`
4f98f73 Remove deprecated and unneeded `defaultProps`
402fea3 Fix typo in `plugins` deprecation message
72ee489 Update dev-dependencies
25d651c 8.0.4
1009b1b Update dev-dependency
9b20440 Fix type of `td`, `th` props
a80dfde Update actions

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade react-markdown from 8.0.0 to 8.0.7. See this package in npm: https://www.npmjs.com/package/react-markdown See this project in Snyk: https://app.snyk.io/org/nexuscompute/project/bef06760-1f49-482c-a194-473d63571976?utm_source=github&utm_medium=referral&page=upgrade-pr

NOUIY had a problem deploying to preview-env-327 February 14, 2024 21:00 — with GitHub Actions Failure

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Snyk] Upgrade react-markdown from 8.0.0 to 8.0.7 #327

[Snyk] Upgrade react-markdown from 8.0.0 to 8.0.7 #327

Uh oh!

NOUIY commented Feb 14, 2024

Perf

Docs

Misc

New Contributors

What's Changed

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

[Snyk] Upgrade react-markdown from 8.0.0 to 8.0.7 #327

Are you sure you want to change the base?

[Snyk] Upgrade react-markdown from 8.0.0 to 8.0.7 #327

Uh oh!

Conversation

NOUIY commented Feb 14, 2024

Snyk has created this PR to upgrade react-markdown from 8.0.0 to 8.0.7.

Perf

Docs

Misc

New Contributors

What's Changed

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants