[Snyk] Upgrade @metalsmith/markdown from 1.6.0 to 1.10.0

[Woodpile37]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade @metalsmith/markdown from 1.6.0 to 1.10.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 5 versions ahead of your current version.
• The recommended version was released 3 months ago, on 2023-06-05.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Uncaught Exception SNYK-JS-YAML-5458867	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: @metalsmith/markdown

• 1.10.0 - 2023-06-05
  
  • Resolves #68: adds ability to render targets in metalsmith.metadata() #68
  • test: update mocha to latest, move from nyc to c8 for test coverage, update Node versions b8872a8
  • Updates marked 4.2.12 -> 4.3.0 79a0939
  • Drops support for Node < 14.14.0 (Node 12 EOL = 2023-04-30) 67db54d
• 1.9.2 - 2023-05-08
  
  • Fixes missing types and adds source maps to package 78eaefc
• 1.9.1 - 2023-02-26
  
  • Updates marked from 4.2.4 -> 4.2.12 c9881d1
  • fix: don't log a warning for undefined key values, only when typeof is not string 53feb48
  • fix: don't crash but gracefully ignore undefined for wildcard keypaths d05e39a
• 1.9.0 - 2023-02-02
  
  • Resolves #65: adds globalRefs option #65
  • Resolves #63: provides a render option allowing usage of any markdown parser. #63
  • Documents the render option and restructures README.md in alignment with other core plugins 2ea44cd
• 1.8.0 - 2022-12-18
  
  • Resolves #62, deprecates markdown options.<option> in favor of options.engineOptions.<option> #62
  • Provides dual ESM/CJS module a3b6271
  • Adds Typescript support 5ce04b8
  • Updates marked from 4.2.0 -> 4.2.4 fd2fc65
  • Renames default export to markdown for better auto-complete ba9c515
• 1.6.0 - 2022-05-29
  
  • Resolves #60: support nested keypaths for keys option #60
  • Fixes #61: replace Travis CI badge with GH actions in README.md #61
  • Feature: Add support for simple wildcards, get 100% test coverage 9c53cfe
  • Update supported Node version to >=10, update marked 4.0.12 -> 4.0.16 c0d1a86

from @metalsmith/markdown GitHub release notes

Commit messages

Package name: @metalsmith/markdown

• 845daa9 Release 1.10.0
• 2b95606 Resolves [Snyk] Upgrade eslint from 8.19.0 to 8.47.0 #68: adds ability to render targets in metalsmith.metadata()
• e104d3b chore: move tests from CJS to ESM on src + prettier formatting
• 67db54d Drops support for Node < 14.14.0 (Node 12 EOL = 2023-04-30)
• b8872a8 test: update mocha to latest, move from nyc to c8 for test coverage, update Node versions
• 1a67966 chore: update devDependencies & fix security vulnerabilities
• 79a0939 Updates marked 4.2.12 -> 4.3.0
• faf9e40 Release 1.9.2
• 78eaefc Fixes missing types and adds source maps to package
• 61976dc Release 1.9.1
• 1d73ca3 chore: fix tests typo
• 4cef519 ci: remove gitter notify workflow & use engineOptions in tests
• d05e39a fix: don't crash but gracefully ignore undefined for wildcard keypaths
• 53feb48 fix: don't log a warning for undefined key values, only when typeof is not string
• c9881d1 Updates marked from 4.2.4 -> 4.2.12
• 2eb0312 dev: update devDependencies
• 4c155ab dev: update devDependencies
• f996354 chore: update CHANGELOG.md
• 1071086 Release 1.9.0
• 77e6f20 Resolves [Snyk] Upgrade eslint-config-standard from 17.0.0 to 17.1.0 #65: adds globalRefs option
• 2ea44cd Documents the render option and restructures README.md in alignment with other core plugins
• 509e24c Resolves [Snyk] Upgrade eslint-plugin-promise from 6.0.0 to 6.1.1 #63: provides a render option allowing usage of any markdown parser.
• 235df4b Release 1.8.0
• 5652c26 Resolves [Snyk] Upgrade eslint-plugin-prettier from 4.2.1 to 5.0.0 #62, deprecates markdown options.<option> in favor of options.engineOptions.<option>

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[changeset-bot]

⚠️ No Changeset found

Latest commit: f8bc582

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR