Skip to content

chore(deps): bump marked from 17.0.3 to 17.0.5#98

Merged
github-actions[bot] merged 1 commit intomainfrom
dependabot/npm_and_yarn/marked-17.0.5
Apr 1, 2026
Merged

chore(deps): bump marked from 17.0.3 to 17.0.5#98
github-actions[bot] merged 1 commit intomainfrom
dependabot/npm_and_yarn/marked-17.0.5

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 1, 2026
edited
Loading

Bumps marked from 17.0.3 to 17.0.5.

Release notes

Sourced from marked's releases.

v17.0.5

17.0.5 (2026-03-20)

Bug Fixes

  • Fix catastrophic backtracking (ReDoS) in link/reflink label regex (#3918) (4625980)
  • prevent quadratic complexity in emStrongLDelim regex (#3906) (c732dd2)
  • prevent single-tilde strikethrough false positives (#3910) (5e03369)
  • re-assign tokenizer.lexer and renderer.parser at start of each parse call (#3907) (f3a3ec0)
  • trim trailing whitespace from lheading text (#3920) (3ea7e88)

v17.0.4

17.0.4 (2026-03-04)

Bug Fixes

  • prevent ReDoS in inline link regex title group (#3902) (46fb9b8)
Commits
  • 811ea59 chore(release): 17.0.5 [skip ci]
  • c732dd2 fix: prevent quadratic complexity in emStrongLDelim regex (#3906)
  • f3a3ec0 fix: re-assign tokenizer.lexer and renderer.parser at start of each parse cal...
  • 4625980 fix: Fix catastrophic backtracking (ReDoS) in link/reflink label regex (#3918)
  • 5e03369 fix: prevent single-tilde strikethrough false positives (#3910)
  • 288349d test: add heading edge case tests (#3919)
  • 3ea7e88 fix: trim trailing whitespace from lheading text (#3920)
  • d4c0fe5 chore(deps-dev): Bump esbuild from 0.27.3 to 0.27.4 (#3915)
  • 30682c1 chore(deps-dev): Bump undici from 6.23.0 to 6.24.0 (#3914)
  • 59752c4 chore(deps-dev): Bump minimatch from 9.0.5 to 9.0.9 (#3913)
  • Additional commits viewable in compare view

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 1, 2026
@dependabot
chore(deps): bump marked from 17.0.3 to 17.0.5
582fa11 
Bumps [marked](https://github.com/markedjs/marked) from 17.0.3 to 17.0.5.
- [Release notes](https://github.com/markedjs/marked/releases)
- [Commits](markedjs/marked@v17.0.3...v17.0.5)

---
updated-dependencies:
- dependency-name: marked
  dependency-version: 17.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/marked-17.0.5 branch from 87d7c3d to 582fa11 Compare April 1, 2026 01:31
@github-actions github-actions bot merged commit 18931d1 into main Apr 1, 2026
1 of 2 checks passed
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/marked-17.0.5 branch April 1, 2026 01:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants