dep: [security] bump commonmarker from 0.23.6 to 0.23.7

Bumps commonmarker from 0.23.6 to 0.23.7. This update includes a security fix.

Vulnerabilities fixed

Several quadratic complexity bugs may lead to denial of service in Commonmarker

Impact

Several quadratic complexity bugs in commonmarker's underlying cmark-gfm library may lead to unbounded resource exhaustion and subsequent denial of service.

The following vulnerabilities were addressed:

• CVE-2023-22483
• CVE-2023-22484
• CVE-2023-22485
• CVE-2023-22486

For more information, consult the release notes for version 0.23.0.gfm.7.

Mitigation

Users are advised to upgrade to commonmarker version 0.23.7.

Patched versions: 0.23.7 Affected versions: < 0.23.7

Release notes

Sourced from commonmarker's releases.

v0.23.7

What's Changed

• C API stable test by @​gjtorikian in gjtorikian/commonmarker#201
• Update to 29.0.gfm.7 by @​anticomputer in gjtorikian/commonmarker#224

Full Changelog: https://github.com/gjtorikian/commonmarker/compare/v0.23.6...v0.23.7

v0.23.7.pre1

What's Changed

• C API stable test by @​gjtorikian in gjtorikian/commonmarker#201

Full Changelog: https://github.com/gjtorikian/commonmarker/compare/v0.23.6...v0.23.7.pre1

Changelog

Sourced from commonmarker's changelog.

Changelog

v1.0.0.pre6 (2023-01-09)

Full Changelog

Closed issues:

• Cargo.lock prevents Ruby 3.2.0 from installing commonmarker v1.0.0.pre4 #211

Merged pull requests:

• always use rb_sys (don't use Ruby's emerging cargo tooling where available) #213 (kivikakk)

v1.0.0.pre5 (2023-01-08)

Full Changelog

Merged pull requests:

• Provide 3.2 build support #212 (gjtorikian)

v1.0.0.pre4 (2022-12-28)

Full Changelog

Closed issues:

• Will the cmark-gfm branch continue to be maintained for awhile? #207

Merged pull requests:

• Implement native syntax highlighting #209 (gjtorikian)
• Bump magnus from 0.4.3 to 0.4.4 #208 (dependabot[bot])
• Bump magnus from 0.4.2 to 0.4.3 #206 (dependabot[bot])
• Bump comrak from 0.14.0 to 0.15.0 #205 (dependabot[bot])
• Bump magnus from 0.4.1 to 0.4.2 #204 (dependabot[bot])

v1.0.0.pre3 (2022-11-30)

Full Changelog

Closed issues:

• Code block incorrectly parsed in commonmarker 1.0.0.pre #202

Merged pull requests:

• Windows build #197 (gjtorikian)

... (truncated)

Commits

• 734fd86 Merge pull request #224 from gjtorikian/update-to-29.0.gfm.7
• 2e724ec Turned off Rubocop.
• 9c923b0 💎 release 0.23.7
• 30419c2 Added call to cmark_init_standard_node_flags()
• 9007c37 Update cmark-upstream to https://github.com/github/cmark-gfm/commit/57d5e093e...
• 1cfec13 Merge pull request #201 from gjtorikian/c-api-stable-test
• bbf631b lint
• 5b807a1 ease up
• 9a24e6d Test fake version
• d8a43bc Allow for manual dispatch
• Additional commits viewable in compare view

---

Dependabot commands

You can trigger Dependabot actions by commenting on this MR

• @dependabot-bot rebase will rebase this MR
• @dependabot-bot recreate will recreate this MR rewriting all the manual changes and resolving conflicts