Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump markdown-to-jsx from 6.10.3 to 6.11.4 #125

Merged
merged 2 commits into from
Jun 22, 2021
Merged

Bump markdown-to-jsx from 6.10.3 to 6.11.4 #125

merged 2 commits into from
Jun 22, 2021

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 4, 2020
edited by hipstersmoothie
Loading

Bumps markdown-to-jsx from 6.10.3 to 6.11.4.

Release notes

Sourced from markdown-to-jsx's releases.

6.11.4: Mitigates security vulnerability where maliciously crafted markdown links could use data: or vbscript: urls to trigger an xss injection ( #306 / https://www.npmjs.com/advisories/1219 ), even when using options.disableParsingRawHTML

Note that currently, the default options.disableParsingRawHTML = false should still only be used for trusted input, as arbitrary html, including script tags.

6.11.3 has no changes (I held the publish script upside down; the only change from 6.11.2 is the version number 😅)

6.11.2

[FIX] - Footnote references (#304) thanks @csantos1113

6.11.1

Fix: Support empty style attribute (#296) thanks @cribbles

6.11.0

  • Optionally disable HTML parsing (#278)
  • Fix HTML multiline comments bug (#246) (#262)
Commits
Maintainer changes

This version was pushed to npm by ariabuckles, a new releaser for markdown-to-jsx since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

📦 Published PR as canary version: 7.3.11-canary.125.1236.0

✨ Test out this PR locally via:

npm install storybook-addon-jsx@7.3.11-canary.125.1236.0
# or 
yarn add storybook-addon-jsx@7.3.11-canary.125.1236.0

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/markdown-to-jsx-6.11.4 branch 2 times, most recently from b10840b to 3d910b0 Compare February 9, 2021 20:00
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/markdown-to-jsx-6.11.4 branch 2 times, most recently from 3e0bb18 to 0a67ec3 Compare March 31, 2021 20:56
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/markdown-to-jsx-6.11.4 branch 4 times, most recently from 0b84c75 to 44443df Compare April 21, 2021 13:36
@jimmyandrade jimmyandrade self-assigned this Apr 21, 2021
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/markdown-to-jsx-6.11.4 branch 2 times, most recently from 6a1bfef to c9123a7 Compare May 13, 2021 13:24
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/markdown-to-jsx-6.11.4 branch 2 times, most recently from 0ee8b18 to a50531f Compare June 15, 2021 14:10
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/markdown-to-jsx-6.11.4 branch from a50531f to e062c86 Compare June 22, 2021 18:51
@dependabot
Bump markdown-to-jsx from 6.10.3 to 6.11.4
d22b700 
Bumps [markdown-to-jsx](https://github.com/probablyup/markdown-to-jsx) from 6.10.3 to 6.11.4.
- [Release notes](https://github.com/probablyup/markdown-to-jsx/releases)
- [Commits](quantizor/markdown-to-jsx@6.10.3...6.11.4)

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/markdown-to-jsx-6.11.4 branch from e062c86 to d22b700 Compare June 22, 2021 18:51
@jimmyandrade jimmyandrade merged commit 4465d1e into master Jun 22, 2021
@jimmyandrade jimmyandrade deleted the dependabot/npm_and_yarn/markdown-to-jsx-6.11.4 branch June 22, 2021 18:59
@hipstersmoothie
Copy link
Contributor

🚀 PR was released in v7.3.12 🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jimmyandrade jimmyandrade jimmyandrade approved these changes

Assignees

@jimmyandrade jimmyandrade

Labels
dependency-update released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@hipstersmoothie @jimmyandrade