chore(deps): update mend: high confidence minor and patch dependency updates

[mend-renovate-gms]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
async (source)	2.6.1 -> 2.6.4
body-parser	1.18.3 -> 1.20.2
cross-env	7.0.2 -> 7.0.3
express (source)	4.16.4 -> 4.19.2
express-session	1.15.6 -> 1.18.0
grunt (source)	1.0.3 -> 1.6.1
grunt-cli	1.3.2 -> 1.4.3
jshint (source)	2.12.0 -> 2.13.6
marked (source)	0.3.5 -> 0.8.2
nodemon (source)	1.19.1 -> 1.19.4
underscore (source)	1.9.1 -> 1.13.6

---

Release Notes

caolan/async (async)

v2.6.4

Compare Source

v2.6.3

Compare Source

v2.6.2

Compare Source

expressjs/body-parser (body-parser)

v1.20.2

Compare Source

===================

• Fix strict json error message on Node.js 19+
• deps: content-type@~1.0.5
  • perf: skip value escaping when unnecessary
• deps: raw-body@2.5.2

v1.20.1

Compare Source

===================

• deps: qs@6.11.0
• perf: remove unnecessary object clone

v1.20.0

Compare Source

===================

• Fix error message for json parse whitespace in strict
• Fix internal error when inflated body exceeds limit
• Prevent loss of async hooks context
• Prevent hanging when request already read
• deps: depd@2.0.0
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: http-errors@2.0.0
  • deps: depd@2.0.0
  • deps: statuses@2.0.1
• deps: on-finished@2.4.1
• deps: qs@6.10.3
• deps: raw-body@2.5.1
  • deps: http-errors@2.0.0

v1.19.2

Compare Source

===================

• deps: bytes@3.1.2
• deps: qs@6.9.7
  • Fix handling of __proto__ keys
• deps: raw-body@2.4.3
  • deps: bytes@3.1.2

v1.19.1

Compare Source

===================

• deps: bytes@3.1.1
• deps: http-errors@1.8.1
  • deps: inherits@2.0.4
  • deps: toidentifier@1.0.1
  • deps: setprototypeof@1.2.0
• deps: qs@6.9.6
• deps: raw-body@2.4.2
  • deps: bytes@3.1.1
  • deps: http-errors@1.8.1
• deps: safe-buffer@5.2.1
• deps: type-is@~1.6.18

v1.19.0

Compare Source

===================

• deps: bytes@3.1.0
  • Add petabyte (pb) support
• deps: http-errors@1.7.2
  • Set constructor name when possible
  • deps: setprototypeof@1.1.1
  • deps: statuses@'>= 1.5.0 < 2'
• deps: iconv-lite@0.4.24
  • Added encoding MIK
• deps: qs@6.7.0
  • Fix parsing array brackets after index
• deps: raw-body@2.4.0
  • deps: bytes@3.1.0
  • deps: http-errors@1.7.2
  • deps: iconv-lite@0.4.24
• deps: type-is@~1.6.17
  • deps: mime-types@~2.1.24
  • perf: prevent internal throw on invalid type

kentcdodds/cross-env (cross-env)

v7.0.3

Compare Source

Bug Fixes

• add maintenance mode notice (fe80c84)

expressjs/express (express)

v4.19.2

Compare Source

==========

• Improved fix for open redirect allow list bypass

v4.19.1

Compare Source

==========

• Allow passing non-strings to res.location with new encoding handling checks

v4.19.0

Compare Source

==========

• Prevent open redirect allow list bypass due to encodeurl
• deps: cookie@0.6.0

v4.18.3

Compare Source

==========

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2
• deps: cookie@0.6.0
  • Add partitioned option

v4.18.2

Compare Source

===================

• Fix regression routing a large stack in a single route
• deps: body-parser@1.20.1
  • deps: qs@6.11.0
  • perf: remove unnecessary object clone
• deps: qs@6.11.0

v4.18.1

Compare Source

===================

• Fix hanging on large stack of sync routes

v4.18.0

Compare Source

===================

• Add "root" option to res.download
• Allow options without filename in res.download
• Deprecate string and non-integer arguments to res.status
• Fix behavior of null/undefined as maxAge in res.cookie
• Fix handling very large stacks of sync middleware
• Ignore Object.prototype values in settings through app.set/app.get
• Invoke default with same arguments as types in res.format
• Support proper 205 responses using res.send
• Use http-errors for res.format error
• deps: body-parser@1.20.0
  • Fix error message for json parse whitespace in strict
  • Fix internal error when inflated body exceeds limit
  • Prevent loss of async hooks context
  • Prevent hanging when request already read
  • deps: depd@2.0.0
  • deps: http-errors@2.0.0
  • deps: on-finished@2.4.1
  • deps: qs@6.10.3
  • deps: raw-body@2.5.1
• deps: cookie@0.5.0
  • Add priority option
  • Fix expires option to reject invalid dates
• deps: depd@2.0.0
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: finalhandler@1.2.0
  • Remove set content headers that break response
  • deps: on-finished@2.4.1
  • deps: statuses@2.0.1
• deps: on-finished@2.4.1
  • Prevent loss of async hooks context
• deps: qs@6.10.3
• deps: send@0.18.0
  • Fix emitted 416 error missing headers property
  • Limit the headers removed for 304 response
  • deps: depd@2.0.0
  • deps: destroy@1.2.0
  • deps: http-errors@2.0.0
  • deps: on-finished@2.4.1
  • deps: statuses@2.0.1
• deps: serve-static@1.15.0
  • deps: send@0.18.0
• deps: statuses@2.0.1
  • Remove code 306
  • Rename 425 Unordered Collection to standard 425 Too Early

v4.17.3

Compare Source

===================

• deps: accepts@~1.3.8
  • deps: mime-types@~2.1.34
  • deps: negotiator@0.6.3
• deps: body-parser@1.19.2
  • deps: bytes@3.1.2
  • deps: qs@6.9.7
  • deps: raw-body@2.4.3
• deps: cookie@0.4.2
• deps: qs@6.9.7
  • Fix handling of __proto__ keys
• pref: remove unnecessary regexp for trust proxy

v4.17.2

Compare Source

===================

• Fix handling of undefined in res.jsonp
• Fix handling of undefined when "json escape" is enabled
• Fix incorrect middleware execution with unanchored RegExps
• Fix res.jsonp(obj, status) deprecation message
• Fix typo in res.is JSDoc
• deps: body-parser@1.19.1
  • deps: bytes@3.1.1
  • deps: http-errors@1.8.1
  • deps: qs@6.9.6
  • deps: raw-body@2.4.2
  • deps: safe-buffer@5.2.1
  • deps: type-is@~1.6.18
• deps: content-disposition@0.5.4
  • deps: safe-buffer@5.2.1
• deps: cookie@0.4.1
  • Fix maxAge option to reject invalid values
• deps: proxy-addr@~2.0.7
  • Use req.socket over deprecated req.connection
  • deps: forwarded@0.2.0
  • deps: ipaddr.js@1.9.1
• deps: qs@6.9.6
• deps: safe-buffer@5.2.1
• deps: send@0.17.2
  • deps: http-errors@1.8.1
  • deps: ms@2.1.3
  • pref: ignore empty http tokens
• deps: serve-static@1.14.2
  • deps: send@0.17.2
• deps: setprototypeof@1.2.0

v4.17.1

Compare Source

===================

• Revert "Improve error message for null/undefined to res.status"

v4.17.0

Compare Source

===================

• Add express.raw to parse bodies into Buffer
• Add express.text to parse bodies into string
• Improve error message for non-strings to res.sendFile
• Improve error message for null/undefined to res.status
• Support multiple hosts in X-Forwarded-Host
• deps: accepts@~1.3.7
• deps: body-parser@1.19.0
  • Add encoding MIK
  • Add petabyte (pb) support
  • Fix parsing array brackets after index
  • deps: bytes@3.1.0
  • deps: http-errors@1.7.2
  • deps: iconv-lite@0.4.24
  • deps: qs@6.7.0
  • deps: raw-body@2.4.0
  • deps: type-is@~1.6.17
• deps: content-disposition@0.5.3
• deps: cookie@0.4.0
  • Add SameSite=None support
• deps: finalhandler@~1.1.2
  • Set stricter Content-Security-Policy header
  • deps: parseurl@~1.3.3
  • deps: statuses@~1.5.0
• deps: parseurl@~1.3.3
• deps: proxy-addr@~2.0.5
  • deps: ipaddr.js@1.9.0
• deps: qs@6.7.0
  • Fix parsing array brackets after index
• deps: range-parser@~1.2.1
• deps: send@0.17.1
  • Set stricter CSP header in redirect & error responses
  • deps: http-errors@~1.7.2
  • deps: mime@1.6.0
  • deps: ms@2.1.1
  • deps: range-parser@~1.2.1
  • deps: statuses@~1.5.0
  • perf: remove redundant path.normalize call
• deps: serve-static@1.14.1
  • Set stricter CSP header in redirect response
  • deps: parseurl@~1.3.3
  • deps: send@0.17.1
• deps: setprototypeof@1.1.1
• deps: statuses@~1.5.0
  • Add 103 Early Hints
• deps: type-is@~1.6.18
  • deps: mime-types@~2.1.24
  • perf: prevent internal throw on invalid type

expressjs/session (express-session)

v1.18.0

Compare Source

===================

• Add debug log for pathname mismatch
• Add partitioned to cookie options
• Add priority to cookie options
• Fix handling errors from setting cookie
• Support any type in secret that crypto.createHmac supports
• deps: cookie@0.6.0
  • Fix expires option to reject invalid dates
  • perf: improve default decode speed
  • perf: remove slow string split in parse
• deps: cookie-signature@1.0.7

v1.17.3

Compare Source

===================

• Fix resaving already-saved new session at end of request
• deps: cookie@0.4.2

v1.17.2

Compare Source

===================

• Fix res.end patch to always commit headers
• deps: cookie@0.4.1
• deps: safe-buffer@5.2.1

v1.17.1

Compare Source

===================

• Fix internal method wrapping error on failed reloads

v1.17.0

Compare Source

===================

• deps: cookie@0.4.0
  • Add SameSite=None support
• deps: safe-buffer@5.2.0

v1.16.2

Compare Source

===================

• Fix restoring cookie.originalMaxAge when store returns Date
• deps: parseurl@~1.3.3

v1.16.1

Compare Source

===================

• Fix error passing data option to Cookie constructor
• Fix uncaught error from bad session data

v1.16.0

Compare Source

===================

• Catch invalid cookie.maxAge value earlier
• Deprecate setting cookie.maxAge to a Date object
• Fix issue where resave: false may not save altered sessions
• Remove utils-merge dependency
• Use safe-buffer for improved Buffer API
• Use Set-Cookie as cookie header name for compatibility
• deps: depd@~2.0.0
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
  • perf: remove argument reassignment
• deps: on-headers@~1.0.2
  • Fix res.writeHead patch missing return value

gruntjs/grunt (grunt)

v1.6.1

Compare Source

• Changelog updates 72f6f03
• Merge pull request #​1755 from gruntjs/rm-dep 8d4c183
• Add recursive 1c7d483
• Merge pull request #​1756 from gruntjs/downgrade-glob 2d4fd38
• Downgrade glob 902db7c
• Fix syntax 494f243
• remove mkdirp b01389e
• remove dep on rimraf and mkdirp 0072510

v1.6.0

Compare Source

• Merge pull request #​1750 from gruntjs/dep-update-jan28 2805dc3
• README updates 3f1e423
• Bump to 16 8fd096d
• Update more deps 42c5f95
• Bump eslint and node version 1d88050

v1.5.3

Compare Source

• Merge pull request #​1745 from gruntjs/fix-copy-op 572d79b
• Patch up race condition in symlink copying. 58016ff
• Merge pull request #​1746 from JamieSlome/patch-1 0749e1d
• Create SECURITY.md 69b7c50

v1.5.2

Compare Source

• Update Changelog 7f15fd5
• Merge pull request #​1743 from gruntjs/cleanup-link b0ec6e1
• Clean up link handling 433f91b

v1.5.1

Compare Source

• Merge pull request #​1742 from gruntjs/update-symlink-test ad22608
• Fix symlink test 0652305

v1.5.0

Compare Source

• Updated changelog b2b2c2b
• Merge pull request #​1740 from gruntjs/update-deps-22-10 3eda6ae
• Update testing matrix 47d32de
• More updates 2e9161c
• Remove console log 04b960e
• Update dependencies, tests... aad3d45
• Merge pull request #​1736 from justlep/main fdc7056
• support .cjs extension e35fe54

v1.4.1

Compare Source

• Update Changelog e7625e5
• Merge pull request #​1731 from gruntjs/update-options 5d67e34
• Fix ci install d13bf88
• Switch to Actions 08896ae
• Update grunt-known-options eee0673
• Add note about a breaking change 1b6e288

v1.4.0

Compare Source

• Merge pull request #​1728 from gruntjs/update-deps-changelog 63b2e89
• Update changelog and util dep 106ed17
• Merge pull request #​1727 from gruntjs/update-deps-apr 49de70b
• Update CLI and nodeunit 47cf8b6
• Merge pull request #​1722 from gruntjs/update-through e86db1c
• Update deps 4952368

v1.3.0

Compare Source

• Merge pull request #​1720 from gruntjs/update-changelog-deps faab6be
• Update Changelog and legacy-util dependency 520fedb
• Merge pull request #​1719 from gruntjs/yaml-refactor 7e669ac
• Switch to use safeLoad for loading YML files via file.readYAML. e350cea
• Merge pull request #​1718 from gruntjs/legacy-log-bumo 7125f49
• Bump legacy-log 00d5907

v1.2.1

Compare Source

• Changelog update ae11839
• Merge pull request #​1715 from sibiraj-s/remove-path-is-absolute 9d23cb6
• Remove path-is-absolute dependency e789b1f

v1.2.0

Compare Source

• Allow usage of grunt plugins that are located in any location that
  is visible to Node.js and NPM, instead of node_modules directly
  inside package that have a dev dependency to these pluginhttps://github.com/gruntjs/grunt/pull/1677nt/pull/1677)
• Removed coffeescript from dependencies. To ease transition, if
  coffeescript is still around, Grunt will attempt to load it.
  If it is not, and the user loads a CoffeeScript file,
  Grunt will print a useful error indicating that the
  coffeescript package should be installed as a dev dependency.
  This is considerably more user-friendly than dropping the require entirely,
  but doing so is feasible with the latest grunt-cli as users
  may simply use grunt --require https://github.com/gruntjs/grunt/pull/1675thub.com/Remove coffeescript from dependencies. gruntjs/grunt#1675)
• Exposes Grunt Option keys for ease of use.
  (https://github.com/gruntjs/grunt/pull/15701570)
• Avoiding infinite loop on very long command names.
  (https://github.com/gruntjs/grunt/pull/16971697)

v1.1.0

Compare Source

• Update to mkdirp ~1.0.3
• Only support versions of Node >= 8

v1.0.4

Compare Source

gruntjs/grunt-cli (grunt-cli)

v1.4.3

Compare Source

• Fix preload option (#​147) 07f3b0d
• Revert liftoff (#​144) 4d691e2
• Revert liftoff changes due to https://github.com/gruntjs/grunt/issues/1725 (#​143) e820858

v1.4.2

Compare Source

• Revert liftoff (#​144) 4d691e2
• Revert liftoff changes due to https://github.com/gruntjs/grunt/issues/1725 (#​143) e820858

v1.4.1

Compare Source

• Revert liftoff changes due to https://github.com/gruntjs/grunt/issues/1725 (#​143) e820858

v1.4.0

Compare Source

• Update changelog bbc4400
• Ignore package-lock 3fa5bf6
• Update deps, switch to actions (#​141) c271173
• Bump deps, required node version and ci (#​137) 84ebcb8

jshint/jshint (jshint)

v2.13.6

Compare Source

Bug Fixes

• Allow initializing const bindings to undef (fedaf6f)
• Correct error message (03b1a06)

v2.13.5

Compare Source

Bug Fixes

• Tolerate late definition of async function (#​3618) (5c256a2)

v2.13.4

Compare Source

Bug Fixes

• Remove shelljs (eb4609a)

v2.13.3

Compare Source

Bug Fixes

• Recognize ES2020 globals (b1426f1)

v2.13.2

Compare Source

Bug Fixes

• Add missing well-known globals (#​3582) (cc1adf6)
• add URL for node in src/vars.js (#​3570) (ca06e6a)
• change escape-sequence handler for double quotes (") (#​3566) (75e48b7)
• Limit "Too many Errors" (E043) to errors only (#​3562) (4a681b9)
• Tolerate keyword in object shorthand (057b1c6)
• Tolerate unterminated nullish coalescing (ecae54a)

v2.13.1

Compare Source

Bug Fixes

• Allow invoking result of optional chaining (71ec395)
• Allow optional chaining call as satement (11dc0a6)
• Tolerate dangling NewExpression (7c890aa)

v2.13.0

Compare Source

Bug Fixes

• Allow comma expression in MemberExpression (f05c8d1)
• Consider all exported bindings "used" (90228b7)
• Correct interpretation of ImportSpecifier (72a8102)
• Correct location for error (e831188)
• Correct location reported for directive (ee6aa68)
• Detect duplicate exported bindings (916c230)
• Don't warn when Function() is used without 'new'. (#​3531) (c13c5cc)
• Don't warn when RegExp() is used without 'new'. (#​3529) (c18a6e4)
• Enforce restrictions on new operand (c2719eb)
• Graduate BigInt support to esversion: 11 (553f816)
• Improve declaration parsing (a9bdc93)
• Report early reference with warning (2c1a5f8)
• Support RegExp Unicode property escapes (e7fa785)

Features

• Add support for "export * as ns from" (c46f464)
• Add support for import.meta (73d7e0d)
• Add support for dynamic import (6bfcaed)
• Add support for optional chaining (b125dbe)
• Implement support for nullish coalescing (f50b14d)

markedjs/marked (marked)

v0.8.2: 0.8.2

Compare Source

Fixes

• Add html to TextRenderer for html in headings #​1622
• Remove html tags in heading ids #​1622

Docs

• Update comment about GitHub breaks #​1620

v0.8.1: 0.8.1

Compare Source

Fixes

• Fix marked --help #​1588
• Fix GFM Example 116 code fences #​1600
• Send inline html to renderer #​1602 (fixes #​1601)
• Improve docs example for invoking highlight.js #​1603
• Fix block-level elements breaking tables #​1598 (fixes #​1467)
• break nptables on block-level structures #​1617

v0.8.0: 0.8.0

Compare Source

Breaking changes

• Remove substitutions #​1532
• Separate source into modules #​1563 #​1572 #​1573 #​1575 #​1576 #​1581

Fixes

• Fix relative urls in baseUrl option #​1526
• Loose task list #​1535
• Fix image parentheses #​1557
• remove module field & update devDependencies #​1581

Docs

• Update examples with es6+ #​1521
• Fix link to USING_PRO.md page #​1552
• Fix typo in USING_ADVANCED.md #​1558
• Node worker threads are stable #​1555

Dev Dependencies

• Update deps #​1516
• Update eslint #​1542
• Update htmldiffer async matcher #​1543

v0.7.0: 0.7.0

Compare Source

Security

• Sanitize paragraph and text tokens #​1504
• Fix ReDOS for links with backticks (issue #​1493) #​1515

Breaking Changes

• Deprecate sanitize and sanitizer options #​1504
• Move fences to CommonMark #​1511
• Move tables to GFM #​1511
• Remove tables option #​1511
• Single backtick in link text needs to be escaped #​1515

Fixes

• Fix parentheses around a link #​1509
• Fix headings (issue #​1510) #​1511

Tests

• Run tests with correct options #​1511

v0.6.3: 0.6.3

Compare Source

Fixes

• Fix nested blockquotes #​1464
• Fix <em> issue with mixed content #​1451
• revert #​1464 #​1497
• Fix breaks: true #​1507

Docs

• add docs for workers #​1432
• Add security policy #​1492
• Update supported spec versions #​1491
• Update test folder descriptions #​1506

DevOps

• Use latest commit for demo master #​1457
• Update tests to commonmark 0.29 #​1465
• Update tests to GFM 0.29 #​1470
• Fix commonmark spec 57 and 40 (headings) #​1475

v0.6.2: 0.6.2

Compare Source

Security

• Link redos #​1426
• Text redos #​1460

Fixes

• Links parens #​1435
• New line after table with escaped pipe #​1439
• List item tables #​1446

Enhancements

• Pass token boolean to the listitem function #​1440
• Allow html without \n after #​1438

CLI

• Update man page to include --test and fix argv parameters #​1442
• Add a --version flag to print marked version #​1448

Testing

• Normalize marked tests #​1444
• Update tests to node 4 syntax #​1449

v0.6.1: 0.6.1

Compare Source

Fixes

• Fix parenthesis url redos #​1414

Docs

• Update demo site to use a worker #​1418
• Update devDependencies to last stable #​1409
• Update documentation about extending Renderer #​1417
• Remove --save option as it isn't required anymore #​1422
• Add snyk badge #​1420

v0.6.0: 0.6.0

Compare Source

Breaking Changes

• Drop support for Node v0.10 and old browsers such as Internet Explorer
  • You should not have any problems if using Node 4+ or a modern browser
• Add parameter slugger to Renderer.prototype.heading method #​1401
  • You should not have any problems if you do not override this method

New Features

• Add new export marked.Slugger #​1401

Fixes

• Fix emphasis followed by a punctuation #​1383
• Fix bold around autolink email address #​1385
• Make autolinks case insensitive #​1384
• Make code fences compliant with Commonmark spec #​1387
• Make blockquote paragraph continuation compliant with Commonmark spec #​1394
• Make ordered list marker length compliant with Commonmark spec #​1391
• Make empty list items compliant with Commonmark spec #​1395
• Make tag escaping compliant with Commonmark spec #​1397
• Make strong/bold compliant with Commonmark spec #​1400
• Fix handling of adjacent lists #​684
• Add better error handling when token type cannot be found #​1005
• Fix duplicate heading id and non-latin characters #​1401

CLI

• Pretty print ENOENT errors on cli #​1396
• Update repo url in man #​1403

Docs

• Fix breaks option description #​1381
• Update docs to include "Since" version #​1382
• Add defibrillator badge for @​mccraveiro #​1392

Tests

• Remove old test covered by gfm/cm #​1389

v0.5.2: 0.5.2

Compare Source

Bug Fixes

• Fix emphasis closing by single _ (part of left-flanking run) #​1351
• Make URL handling consistent between links and images #​1359

Other

• Add missing semicolons, add lint rule #​1340
• Make Steven (@​styfle) a npm publisher #​1346
• Fix typo in docs: responsibility #​1364
• Add the ability to specify options on the demo page as JSON #​1357
  • Show red border when JSON options are invalid #​1360
• Move license file back to root dir #​1356
• Fix builds: remove node v0.10 from travis matrix #​1366
  • This does not a break compatibility in this release but it will a future release
• Add files key to package.json to prevent publishing unused files #​1367

v0.5.1: 0.5.1

Compare Source

Security

• Fix inline code regex and prevent REDOS #​1337
• Use @markedjs/html-differ to prevent REDOS #​1331

Bug Fixes

• Fix typographic substitution in (pre|code|kbd|script) blocks when smartypants=true #​1335
• Fix auto-linking email address #​1338

Other

• Refactor the escape() function to improve performance 10-20% #​975
• Update copyright in source code #​1326
• Update benchmark tests #​1019
• Add dependency badges to readme #​1333

v0.5.0: 0.5.0

Compare Source

Security

• Use rtrim, not unsafe /X+$/ #​1260

Breaking Changes

• Fix GFM empty table cells #​1262
• Fix GFM extended auto-linking requiring multiple backpedals #​1293
• Fix GFM strikethrough compatibility #​1258
• Fix issues link references and prototypes #​1299
• Fix hard line break when backslash at EOL #​1303
• Fix hyperlinks with parenthesis #​1305
• Fix loose lists #​1304
• Fix strong and em #​1315

Docs

• Fix typo in USING_ADVANCED.md #​1276
• Add pictures to AUTHORS.md #​1272
• Change badge to latest version of marked #​1300
• Change badges from shields.io to badgen.net #​1317
• Use iframe to sandbox generated html #​1295
• Add additional links into readme #​1310
• Add missing parameters for renderer methods #​1311
• Add undocumented option descriptions #​1312
• Add navigation sidebar to the docs #​1316

CI

• Change travis clone depth to 3 #​1270

v0.4.0

Compare Source

Security Fixes

• Fix unsafe heading regex (#​1224)
• Fix unsafe link regex (#​1223, #​1227)

New Features

• Add option to disable heading ids (#​1190)
• Add support for GFM Task Lists to comply with the GFM spec (#​1250)

Breaking Changes

• Fix escaping pipes in tables (#​1239)
• Fix html output for tables to match GFM spec (#​1245)
• Fix many bugs to reach parity with CommonMark spec (#​1135)
• Fix new Renderer() so it uses default options (#​1203)
• Fix text and paragraph return types (#​1248) (#​1249)
• Fix <em> less than 3 chars (#​1181)
• Fix <pre> code blocks so there is no more trailing \n (#​1266)
• Fix default langPrefix to follow CommonMark standard language- (#​1265)

CLI Changes

• Add string argument to CLI (#​1182)
• Change CLI stdio to remove warning (#​994)

Other changes

• Lint all the things (#​1185)
• Improved testing and DevOps (#​1160, #​1210, #​1220, #​1228, #​1219, #​1256)
• Update documentation and demos (#​1196, #​1197, #​1204, [#​1207](https://togithub.com/markedjs/mark

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.