From 45e32342497ce8ecddc22d5db925497a5a49dfeb Mon Sep 17 00:00:00 2001 From: Vitaly Puzrin Date: Mon, 30 May 2016 17:22:59 +0300 Subject: [PATCH] Bump likify-it & uc-micro deps to force use versions with fixed ReDOS issue --- CHANGELOG.md | 8 ++++++++ package.json | 4 ++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a993332..45075cb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,11 @@ +6.0.3 / 2016-05-30 +------------------ + +- Security fix: possible ReDOS in `linkify-it` (forced bump of `linkify-it` & + `uc-micro` dependencies). New installs will use fixed packages automatically, + but we bumped `markdown-it` version for sure & for web builds. + + 6.0.2 / 2016-05-16 ------------------ diff --git a/package.json b/package.json index 305444b..8fdd0b7 100644 --- a/package.json +++ b/package.json @@ -27,9 +27,9 @@ "dependencies": { "argparse": "^1.0.7", "entities": "~1.1.1", - "linkify-it": "~1.2.0", + "linkify-it": "~1.2.2", "mdurl": "~1.0.1", - "uc.micro": "^1.0.0" + "uc.micro": "^1.0.1" }, "devDependencies": { "ansi": "~0.3.0",