Skip to content

Releases: ariabuckles/simple-markdown

0.7.3: Fix ReDoS with strikethroughs

08 Jan 03:26
@ariabuckles ariabuckles
0.7.3
f5bfed6
Compare
Choose a tag to compare
0.7.3: Fix ReDoS with strikethroughs Latest
Latest

Fixes an exponentially backtracking regex DoS in the strikethrough rule ( #95 / #92 )

please update on npm with npm install simple-markdown@latest

Assets 2

Update flow types & add support for single level parenthesis in links

04 Nov 00:24
@ariabuckles ariabuckles
0.7.1
5bed44a
Compare
Choose a tag to compare
Update flow types & add support for single level parenthesis in links

Changes:

  • d26a295 fixes flow types for the latest version of flow as of writing, 0.111.1
  • #74 allows one level of balanced parenthesis in link targets without escaping those parenthesis

This release also changes a bit of the internal structure of things. If you run into any issues with that or the above, please file an issue or message me on twitter @ariabuckles.

Assets 2

0.7.0: Add typescript types & support!

24 Oct 23:36
@ariabuckles ariabuckles
0.7.0
c1e7ce4
Compare
Choose a tag to compare
0.7.0: Add typescript types & support!

Adds a typescript type definition file (simple-markdown.d.ts).

Assets 2

0.6.1: Fix ReDoS with autolink

24 Oct 23:35
@ariabuckles ariabuckles
0.6.1
a630853
Compare
Choose a tag to compare
0.6.1: Fix ReDoS with autolink

Fixes an exponentially backtracking regex DoS (#73)

Assets 2

0.6.0: Add `state.prevCapture`

19 Sep 02:07
@ariabuckles ariabuckles
0.6.0
8a2b428
Compare
Choose a tag to compare
0.6.0: Add `state.prevCapture`

Adds a new state.prevCapture during parsing, so that match functions can use it instead of the third parameter to match(). This state.prevCapture is now an regex match object, the result of the last successful call to match, or null if this is the first found match.

Unlike the previous third parameter to match(), state.prevCapture is not reset to empty during nested parse traversals, giving you a more accurate view of the previous capture during nested parses (i.e. inside of block elements)

Assets 2

0.5.3: Fix bug with backticks in inline code

19 Sep 02:04
@ariabuckles ariabuckles
0.5.3
bdf0427
Compare
Choose a tag to compare
0.5.3: Fix bug with backticks in inline code

Fixes #72 , where backticks inside inline code were sometimes removed.

Assets 2

0.5.2: Fix exponential backtracking regex vulnerabilities

19 Sep 02:02
@ariabuckles ariabuckles
0.5.2
01bcc3e
Compare
Choose a tag to compare
0.5.2: Fix exponential backtracking regex vulnerabilities

NOTE: v0.5.3 contains a bugfix on this release's change to inline code. I recommend using 0.5.3 instead

Fixes #71 and several other regex DDOS vulnerabilities.

Assets 2

0.5.1: Fix broken .git in npm bundle

19 Sep 01:58
@ariabuckles ariabuckles
0.5.1
b9c05c5
Compare
Choose a tag to compare
0.5.1: Fix broken .git in npm bundle

Fixes an issue where 0.5.0 would not uninstall from npm.

If you end up in this case, you can fix it by:

  1. deleting your node modules
    • or just deleting any .git folders in your simple-markdown dependency
  2. bumping your simple-markdown version to 0.5.1 or later
  3. running npm install
Assets 2

0.5.0: Allow escaping `|` pipes in tables

19 Sep 01:52
@ariabuckles ariabuckles
0.5.0
96ef4ea
Compare
Choose a tag to compare
0.5.0: Allow escaping `|` pipes in tables

PLEASE DO NOT USE. Use v0.5.1 instead, which fixes a bug that confuses npm, but is otherwise identical.

Fixes #68 and allows pipes to be escaped in tables.

Gets a minor version bump because it's a new feature / significant bug fix that could break existing code.

Assets 2

0.4.4: Fix vbscript xss

19 Sep 01:56
@ariabuckles ariabuckles
0.4.4
e8e4048
Compare
Choose a tag to compare
0.4.4: Fix vbscript xss

Fixes #63 an xss vulnerability in links with vbscript: in their url

Assets 2