[Snyk] Upgrade markdown-to-jsx from 7.3.2 to 7.7.0

[syofyanzuhad]

Snyk has created this PR to upgrade markdown-to-jsx from 7.3.2 to 7.7.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 14 versions ahead of your current version.

• The recommended version was released on a month ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Cross-site Scripting (XSS) SNYK-JS-MARKDOWNTOJSX-6258886	586	Proof of Concept

Release notes

Package name: markdown-to-jsx

• 7.7.0 - 2024-11-20
  

  Minor Changes

  • 20777bf: Add support for GFM alert-style blockquotes.

    > [!Note]
    > This is a note-flavored alert blockquote. The "Note" text is injected as a `<header>` by
    > default and the blockquote can be styled via the injected class `markdown-alert-note`
    > for example.

  Patch Changes

  • 5d7900b: Adjust type signature for <Markdown> component to allow for easier composition.
  • 918b44b: Use newer React.JSX.* namespace instead of JSX.* for React 19 compatibility.
  • 91a5948: Arbitrary HTML no longer punches out pipes when parsing rows. If you absolutely need a pipe character that isn't a table separator, either escape it or enclose it in backticks to trigger inline code handling.
  • 23caecb: Drop encountered ref attributes when processing inline HTML, React doesn't handle it well.
• 7.6.2 - 2024-11-14
  

  Patch Changes

  • 0274445: Fix false detection of tables in some scenarios.
  • 69f815e: Handle class attribute from arbitrary HTML properly to avoid React warnings.
  • 857809a: Fenced code blocks are now tolerant to a missing closing sequence; this improves use in LLM scenarios where the code block markdown is being streamed into the editor in chunks.
• 7.6.1 - 2024-11-13
  

  Patch Changes

  • 87d8bd3: Handle class attribute from arbitrary HTML properly to avoid React warnings.
• 7.6.0 - 2024-11-12
  

  Minor Changes

  • 2281a4d: Add options.disableAutoLink to customize bare URL handling behavior.

    By default, bare URLs in the markdown document will be converted into an anchor tag. This behavior can be disabled if desired.

    https://quantizor.dev will not be rendered as an anchor tag.',
    { disableAutoLink: true }
    )

    // renders:

    <span>
    The URL https://quantizor.dev will not be rendered as an anchor tag.
    </span>">

    <Markdown options={{ disableAutoLink: true }}>
    
    The URL https://quantizor.dev will not be rendered as an anchor tag.
    
    </Markdown>
    
    // or
    compiler(
    
    'The URL https://quantizor.dev will not be rendered as an anchor tag.',
    
    { disableAutoLink: true }
    
    )
    // renders:
    <span>
    
    The URL https://quantizor.dev will not be rendered as an anchor tag.
    
    </span>

  Patch Changes

  • fb3d716: Simplify handling of fallback scenario if a link reference is missing its corresponding footnote.
• 7.5.1 - 2024-11-12
  

  Patch Changes

  • b16f668: Fix issue with lookback cache resulting in false detection of lists inside lists in some scenarios
  • 58b96d3: fix: handle empty HTML tags more consistently #597
• 7.5.0 - 2024-08-18
  

  Minor Changes

  • 62a16f3: Allow modifying HTML attribute sanitization when options.sanitizer is passed by the composer.

    By default a lightweight URL sanitizer function is provided to avoid common attack vectors that might be placed into the href of an anchor tag, for example. The sanitizer receives the input, the HTML tag being targeted, and the attribute name. The original function is available as a library export called sanitizer.

    This can be overridden and replaced with a custom sanitizer if desired via options.sanitizer:

    foo', {
    sanitizer: (value, tag, attribute) => value,
    })">

    // sanitizer in this situation would receive:
    
    // ('javascript:alert("foo")', 'a', 'href')
    
    <Markdown options={{ sanitizer: (value, tag, attribute) => value }}>
    
    {[foo](javascript:alert("foo"))}
    
    </Markdown>
    // or
    compiler('foo', {
    
    sanitizer: (value, tag, attribute) => value,
    
    })

  Patch Changes

  • 553a175: Replace RuleType enum with an object
• 7.4.7 - 2024-04-13
  

  Patch Changes

  • 7603248: Fix parsing isolation of individual table cells.
  • f9328cc: Improved block html detection regex to handle certain edge cases that cause extreme slowness. Thank you @ devbrains-com for the basis for this fix 🤝
• 7.4.6 - 2024-04-05
  

  Patch Changes

  • a9e5276: Browsers assign element with id to the global scope using the value as the variable name. E.g.: <h1 id="analytics"> can be referenced via window.analytics.
    This can be a problem when a name conflict happens. For instance, pages that expect analytics.push() to be a function will stop working if the an element with an id of analytics exists in the page.

    In this change, we export the slugify function so that users can easily augment it.
    This can be used to avoid variable name conflicts by giving the element a different id.

    import { slugify } from 'markdown-to-jsx';

    options={{
    slugify: str => {
    let result = slugify(str)

    <span class="pl-k">return</span> <span class="pl-s1">result</span> ? <span class="pl-s">'-'</span> <span class="pl-c1">+</span> <span class="pl-s1">str</span> : <span class="pl-s1">result</span><span class="pl-kos">;</span>
    

    }
    }}

• 7.4.5 - 2024-03-22
  

  Patch Changes

  • f5a0079: fix: double newline between consecutive blockquote syntax creates separate blockquotes

    Previously, for consecutive blockquotes they were rendered as one:

    Input

    > Block A.1
    > Block A.2
    
    > Block B.1

    Output

    <blockquote>
      <p>Block A.1</p>
      <p>Block A.2</p>
      <p>Block.B.1</p>
    </blockquote>

    This is not compliant with the GFM spec which states that consecutive blocks should be created if there is a blank line between them.

• 7.4.4 - 2024-03-21
  

  What's Changed

  • Brackets in link text by @ zegl in #551
  • Multiline footnotes by @ zegl in #553
  • fix: multi-line emphasis by @ austingreco in #550
  • fix: gracefully handle missing image references by @ quantizor in #554
  • chore: add changesets by @ quantizor in #555
  • fix: handle newlines inside HTML tag brackets by @ quantizor in #557
  • fix: html block regex prefix conflict by @ quantizor in #558
  • Version Packages by @ github-actions in #556

  New Contributors

  • @ zegl made their first contribution in #551
  • @ austingreco made their first contribution in #550
  • @ github-actions made their first contribution in #556

  Full Changelog: v7.4.3...v7.4.4

• 7.4.3 - 2024-03-13
• 7.4.2 - 2024-03-12
• 7.4.1 - 2024-01-29
• 7.4.0 - 2024-01-01
• 7.3.2 - 2023-08-05

from markdown-to-jsx GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[cloudflare-workers-and-pages]

Deploying profile with    Cloudflare Pages

Latest commit:	497b34c
Status:	🚫  Build failed.

View logs

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
syofyan-profile	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Dec 16, 2024 6:21am