dep: [security] bump commonmarker from 0.23.5 to 0.23.6

Bumps commonmarker from 0.23.5 to 0.23.6. This update includes a security fix.

Vulnerabilities fixed

Unbounded resource exhaustion in cmark-gfm autolink extension may lead to denial of service

Impact

CommonMarker uses cmark-gfm for rendering Github Flavored Markdown. A polynomial time complexity issue in cmark-gfm's autolink extension may lead to unbounded resource exhaustion and subsequent denial of service.

Patches

This vulnerability has been patched in the following CommonMarker release:

• v0.23.6

Workarounds

Disable use of the autolink extension.

References

gjtorikian/commonmarker#190 https://github.com/github/cmark-gfm/security/advisories/GHSA-cgh3-p57x-9q7q https://en.wikipedia.org/wiki/Time_complexity

... (truncated)

Patched versions: 0.23.6 Affected versions: < 0.23.6

Release notes

Sourced from commonmarker's releases.

v0.23.6

What's Changed

This release includes two updates from the upstream cmark-gfm library, namely:

• DoS vulnerability in autolink extension per GHSA-cgh3-p57x-9q7q
• Added xmpp: and mailto: support to the autolink extension

Commits

• a8f8d76 Merge pull request #190 from anticomputer/main
• ac91634 💎 release 0.23.6
• 777fd30 Update cmark-upstream to https://github.com/github/cmark-gfm/commit/9d57d8a23...
• 7aaeb37 Merge pull request #188 from stevenlaidlaw/update-to-0290gfm5
• 795e628 Update cmark-upstream to https://github.com/github/cmark-gfm/commit/0578e1e4f...
• 39d19d6 Update cmark-upstream to https://github.com/github/cmark-gfm/commit/766f161ef...
• 63b7bf8 Update FUNDING.yml
• See full diff in compare view

---

Dependabot commands

You can trigger Dependabot actions by commenting on this MR

• @dependabot-bot rebase will rebase this MR
• @dependabot-bot recreate will recreate this MR rewriting all the manual changes and resolving conflicts

---

Allure report

allure-report-publisher generated test report!

rspec: ✅ test report for fccdd1ca

+------------------------------------------------------------------+
|                        behaviors summary                         |
+-------------+--------+--------+---------+-------+-------+--------+
|             | passed | failed | skipped | flaky | total | result |
+-------------+--------+--------+---------+-------+-------+--------+
| jobs        | 14     | 0      | 0       | 0     | 14    | ✅     |
| services    | 174    | 0      | 0       | 0     | 174   | ✅     |
| controllers | 25     | 0      | 0       | 0     | 25    | ✅     |
| models      | 4      | 0      | 0       | 0     | 4     | ✅     |
| tasks       | 9      | 0      | 0       | 0     | 9     | ✅     |
| system      | 10     | 0      | 0       | 0     | 10    | ✅     |
+-------------+--------+--------+---------+-------+-------+--------+
| Total       | 236    | 0      | 0       | 0     | 236   | ✅     |
+-------------+--------+--------+---------+-------+-------+--------+