Browse Source

Bump likify-it & uc-micro deps to force use versions with fixed ReDOS issue

pull/251/head
Vitaly Puzrin 9 years ago
parent
commit
45e3234249
  1. 8
      CHANGELOG.md
  2. 4
      package.json

8
CHANGELOG.md

@ -1,3 +1,11 @@
6.0.3 / 2016-05-30
------------------
- Security fix: possible ReDOS in `linkify-it` (forced bump of `linkify-it` &
`uc-micro` dependencies). New installs will use fixed packages automatically,
but we bumped `markdown-it` version for sure & for web builds.
6.0.2 / 2016-05-16 6.0.2 / 2016-05-16
------------------ ------------------

4
package.json

@ -27,9 +27,9 @@
"dependencies": { "dependencies": {
"argparse": "^1.0.7", "argparse": "^1.0.7",
"entities": "~1.1.1", "entities": "~1.1.1",
"linkify-it": "~1.2.0", "linkify-it": "~1.2.2",
"mdurl": "~1.0.1", "mdurl": "~1.0.1",
"uc.micro": "^1.0.0" "uc.micro": "^1.0.1"
}, },
"devDependencies": { "devDependencies": {
"ansi": "~0.3.0", "ansi": "~0.3.0",

Loading…
Cancel
Save