[Security] Bump commonmarker from 0.23.8 to 0.23.9
Bumps commonmarker from 0.23.8 to 0.23.9. This update includes a security fix.
Vulnerabilities fixed
Commonmarker vulnerable to to several quadratic complexity bugs that may lead to denial of service
Impact
Several quadratic complexity bugs in commonmarker's underlying
cmark-gfm
library may lead to unbounded resource exhaustion and subsequent denial of service.The following vulnerabilities were addressed:
For more information, consult the release notes for version
0.23.0.gfm.10
and0.23.0.gfm.11
.Mitigation
Users are advised to upgrade to commonmarker version
0.23.9
.Patched versions: 0.23.9 Affected versions: < 0.23.9
Release notes
Sourced from commonmarker's releases.
v0.23.9
What's Changed
- Update to 0.29.0.gfm.11 by
@anticomputer
in gjtorikian/commonmarker#236Full Changelog: https://github.com/gjtorikian/commonmarker/compare/v0.23.8...v0.23.9
Changelog
Sourced from commonmarker's changelog.
Changelog
v1.0.0.pre9 (2023-03-28)
Merged pull requests:
- Updates from upstream #235 (gjtorikian)
- Bump comrak from 0.16.0 to 0.17.1 #234 (dependabot[bot])
- Bump magnus from 0.5.1 to 0.5.2 #233 (dependabot[bot])
- Add ability to load
tmtheme
s from a folder #232 (gjtorikian)- Bump magnus from 0.5.0 to 0.5.1 #231 (dependabot[bot])
- Bump magnus from 0.4.4 to 0.5.0 #230 (dependabot[bot])
- Test the new integrated rb-sys #228 (gjtorikian)
v1.0.0.pre8 (2023-03-09)
Closed issues:
Commits
-
42cfc90
Merge pull request #236 from anticomputer/update-to-0.29.0.gfm.10 -
d793fbf
Update cmark-upstream to https://github.com/github/cmark-gfm/commit/1e230827a... -
4e4588f
Update Makefile for export header consolidation -
2eb8ca8
Update cmark-upstream to https://github.com/github/cmark-gfm/commit/c8dcdc71c... -
bbb49db
HtmlRenderer: don't nest <strong> -
f303e6b
💎 release 0.23.9 -
d6fe4c8
Update cmark-upstream to https://github.com/github/cmark-gfm/commit/dcf6b3862... - See full diff in compare view
Dependabot commands
You can trigger Dependabot actions by commenting on this MR
-
@dependabot-bot rebase
will rebase this MR -
@dependabot-bot recreate
will recreate this MR rewriting all the manual changes and resolving conflicts