l4p1n-bot/website
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

Update dependency league/commonmark to v2.6.1 - autoclosed #80

Closed
professeur-chen wants to merge 1 commit from renovate/league-commonmark-2.x into trunk
pull from: renovate/league-commonmark-2.x
merge into: l4p1n-bot:trunk
Conversation 0 Commits 1 Files changed 2 +40 -39
professeur-chen commented 2024-12-07 18:16:28 +01:00
Collaborator
Copy link

This PR contains the following updates:

Package Type Update Change
league/commonmark (source) require minor 2.5.3 -> 2.6.1

Release Notes

thephpleague/commonmark (league/commonmark)

v2.6.1

Compare Source

Fixed
  • Rendered list items should only add newlines around block-level children (#​1059, #​1061)

v2.6.0

Compare Source

This is a security release to address potential denial of service attacks when parsing specially crafted,
malicious input from untrusted sources (like user input).

Added
  • Added max_delimiters_per_line config option to prevent denial of service attacks when parsing malicious input
  • Added table/max_autocompleted_cells config option to prevent denial of service attacks when parsing large tables
  • The AttributesExtension now supports attributes without values (#​985, #​986)
  • The AutolinkExtension exposes two new configuration options to override the default behavior (#​969, #​987):
    • autolink/allowed_protocols - an array of protocols to allow autolinking for
    • autolink/default_protocol - the default protocol to use when none is specified
  • Added RegexHelper::isWhitespace() method to check if a given character is an ASCII whitespace character
  • Added CacheableDelimiterProcessorInterface to ensure linear complexity for dynamic delimiter processing
  • Added Bracket delimiter type to optimize bracket parsing
Changed
  • [ and ] are no longer added as Delimiter objects on the stack; a new Bracket type with its own stack is used instead
  • UrlAutolinkParser no longer parses URLs with more than 127 subdomains
  • Expanded reference links can no longer exceed 100kb, or the size of the input document (whichever is greater)
  • Delimiters should always provide a non-null value via DelimiterInterface::getIndex()
    • We'll attempt to infer the index based on surrounding delimiters where possible
  • The DelimiterStack now accepts integer positions for any $stackBottom argument
  • Several small performance optimizations

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [league/commonmark](https://commonmark.thephpleague.com) ([source](https://github.com/thephpleague/commonmark)) | require | minor | `2.5.3` -> `2.6.1` | --- ### Release Notes <details> <summary>thephpleague/commonmark (league/commonmark)</summary> ### [`v2.6.1`](https://github.com/thephpleague/commonmark/blob/HEAD/CHANGELOG.md#261---2024-12-29) [Compare Source](https://github.com/thephpleague/commonmark/compare/2.6.0...2.6.1) ##### Fixed - Rendered list items should only add newlines around block-level children ([#&#8203;1059](https://github.com/thephpleague/commonmark/issues/1059), [#&#8203;1061](https://github.com/thephpleague/commonmark/issues/1061)) ### [`v2.6.0`](https://github.com/thephpleague/commonmark/blob/HEAD/CHANGELOG.md#260---2024-12-07) [Compare Source](https://github.com/thephpleague/commonmark/compare/2.5.3...2.6.0) This is a **security release** to address potential denial of service attacks when parsing specially crafted, malicious input from untrusted sources (like user input). ##### Added - Added `max_delimiters_per_line` config option to prevent denial of service attacks when parsing malicious input - Added `table/max_autocompleted_cells` config option to prevent denial of service attacks when parsing large tables - The `AttributesExtension` now supports attributes without values ([#&#8203;985](https://github.com/thephpleague/commonmark/issues/985), [#&#8203;986](https://github.com/thephpleague/commonmark/issues/986)) - The `AutolinkExtension` exposes two new configuration options to override the default behavior ([#&#8203;969](https://github.com/thephpleague/commonmark/issues/969), [#&#8203;987](https://github.com/thephpleague/commonmark/issues/987)): - `autolink/allowed_protocols` - an array of protocols to allow autolinking for - `autolink/default_protocol` - the default protocol to use when none is specified - Added `RegexHelper::isWhitespace()` method to check if a given character is an ASCII whitespace character - Added `CacheableDelimiterProcessorInterface` to ensure linear complexity for dynamic delimiter processing - Added `Bracket` delimiter type to optimize bracket parsing ##### Changed - `[` and `]` are no longer added as `Delimiter` objects on the stack; a new `Bracket` type with its own stack is used instead - `UrlAutolinkParser` no longer parses URLs with more than 127 subdomains - Expanded reference links can no longer exceed 100kb, or the size of the input document (whichever is greater) - Delimiters should always provide a non-null value via `DelimiterInterface::getIndex()` - We'll attempt to infer the index based on surrounding delimiters where possible - The `DelimiterStack` now accepts integer positions for any `$stackBottom` argument - Several small performance optimizations </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4xNDIuNyIsInVwZGF0ZWRJblZlciI6IjM5LjgzLjMiLCJ0YXJnZXRCcmFuY2giOiJ0cnVuayIsImxhYmVscyI6WyIwVHlwZS9EZXBlbmRlbmNpZXMiLCIxRGVwZW5kZW5jeS9Db21wb3NlciIsIjJEZXBlbmRlbmN5LUltcGFjdC9NaW5vciJdfQ==-->
professeur-chen force-pushed renovate/league-commonmark-2.x from 9a4fc6f009 to b1c32fbe64 2024-12-29 18:19:16 +01:00 Compare
professeur-chen changed title from Update dependency league/commonmark to v2.6.0 to Update dependency league/commonmark to v2.6.1 2024-12-29 18:19:17 +01:00
professeur-chen changed title from Update dependency league/commonmark to v2.6.1 to Update dependency league/commonmark to v2.6.1 - autoclosed 2025-01-01 14:58:37 +01:00
professeur-chen closed this pull request 2025-01-01 14:58:37 +01:00

Pull request closed

This pull request cannot be reopened because the branch was deleted.
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
0Type
Dependencies

  
1Dependency
Composer

  
1Dependency
NPM

  
2Dependency-Impact
Major

  
2Dependency-Impact
Minor
Mises à jour de dépendances mineures

  
2Dependency-Impact
Patch
Mises à jour de dépendances patch

No labels
0Type
Dependencies
1Dependency
Composer
1Dependency
NPM
2Dependency-Impact
Major
2Dependency-Impact
Minor
2Dependency-Impact
Patch
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
l4p1n-bot/website!80
No description provided.