Skip to content

Commit c948af4

Browse files
bors[bot]dependabot[bot]
bors[bot]
and
dependabot[bot]
authored
Merge #364 #365
364: chore(deps): bump remark-html from 14.0.0 to 14.0.1 in /examples/testing-options r=jbolda a=dependabot[bot] Bumps [remark-html](https://github.com/remarkjs/remark-html) from 14.0.0 to 14.0.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/remarkjs/remark-html/releases">remark-html's releases</a>.</em></p> <blockquote> <h2>14.0.1</h2> <ul> <li> <p>b75c9dd <strong>Security</strong>: Fix to sanitize by default The docs have always said <code>remark-html</code> is safe by default. It wasn’t and this patches that.</p> <p>If you do want to be unsafe, use <code>remark-html</code> with <code>sanitize: false</code>:</p> <pre lang="diff"><code>- .use(remarkHtml) + .use(remarkHtml, {sanitize: false}) </code></pre> </li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/remarkjs/remark-html/compare/14.0.0...14.0.1">https://github.com/remarkjs/remark-html/compare/14.0.0...14.0.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/remarkjs/remark-html/commit/ac80e5f221b48f476a2a3dd1e4885a8faa9791e7"><code>ac80e5f</code></a> 14.0.1</li> <li><a href="https://github.com/remarkjs/remark-html/commit/b75c9dde582ad87ba498e369c033dc8a350478c1"><code>b75c9dd</code></a> Fix to sanitize by default</li> <li>See full diff in <a href="https://github.com/remarkjs/remark-html/compare/14.0.0...14.0.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=remark-html&package-manager=npm_and_yarn&previous-version=14.0.0&new-version=14.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting ``@dependabot` rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - ``@dependabot` rebase` will rebase this PR - ``@dependabot` recreate` will recreate this PR, overwriting any edits that have been made to it - ``@dependabot` merge` will merge this PR after your CI passes on it - ``@dependabot` squash and merge` will squash and merge this PR after your CI passes on it - ``@dependabot` cancel merge` will cancel a previously requested merge and block automerging - ``@dependabot` reopen` will reopen this PR if it is closed - ``@dependabot` close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - ``@dependabot` ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - ``@dependabot` ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - ``@dependabot` ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - ``@dependabot` use these labels` will set the current labels as the default for future PRs for this repo and language - ``@dependabot` use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - ``@dependabot` use these assignees` will set the current assignees as the default for future PRs for this repo and language - ``@dependabot` use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/jbolda/gatsby-source-airtable/network/alerts). </details> 365: chore(deps): bump remark-html from 14.0.0 to 14.0.1 in /examples/markdown-docs r=jbolda a=dependabot[bot] Bumps [remark-html](https://github.com/remarkjs/remark-html) from 14.0.0 to 14.0.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/remarkjs/remark-html/releases">remark-html's releases</a>.</em></p> <blockquote> <h2>14.0.1</h2> <ul> <li> <p>b75c9dd <strong>Security</strong>: Fix to sanitize by default The docs have always said <code>remark-html</code> is safe by default. It wasn’t and this patches that.</p> <p>If you do want to be unsafe, use <code>remark-html</code> with <code>sanitize: false</code>:</p> <pre lang="diff"><code>- .use(remarkHtml) + .use(remarkHtml, {sanitize: false}) </code></pre> </li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/remarkjs/remark-html/compare/14.0.0...14.0.1">https://github.com/remarkjs/remark-html/compare/14.0.0...14.0.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/remarkjs/remark-html/commit/ac80e5f221b48f476a2a3dd1e4885a8faa9791e7"><code>ac80e5f</code></a> 14.0.1</li> <li><a href="https://github.com/remarkjs/remark-html/commit/b75c9dde582ad87ba498e369c033dc8a350478c1"><code>b75c9dd</code></a> Fix to sanitize by default</li> <li>See full diff in <a href="https://github.com/remarkjs/remark-html/compare/14.0.0...14.0.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=remark-html&package-manager=npm_and_yarn&previous-version=14.0.0&new-version=14.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting ``@dependabot` rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - ``@dependabot` rebase` will rebase this PR - ``@dependabot` recreate` will recreate this PR, overwriting any edits that have been made to it - ``@dependabot` merge` will merge this PR after your CI passes on it - ``@dependabot` squash and merge` will squash and merge this PR after your CI passes on it - ``@dependabot` cancel merge` will cancel a previously requested merge and block automerging - ``@dependabot` reopen` will reopen this PR if it is closed - ``@dependabot` close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - ``@dependabot` ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - ``@dependabot` ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - ``@dependabot` ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - ``@dependabot` use these labels` will set the current labels as the default for future PRs for this repo and language - ``@dependabot` use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - ``@dependabot` use these assignees` will set the current assignees as the default for future PRs for this repo and language - ``@dependabot` use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/jbolda/gatsby-source-airtable/network/alerts). </details> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 parents c3a83dc + 0c11821 + ae12627 commit c948af4

File tree

4 files changed

+16
-16
lines changed

4 files changed

+16
-16
lines changed

examples/markdown-docs/package-lock.json

Lines changed: 7 additions & 7 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

examples/markdown-docs/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@
99
"gatsby-transformer-remark": "4.9.0",
1010
"react": "17.0.2",
1111
"react-dom": "17.0.2",
12-
"remark-html": "14.0.0"
12+
"remark-html": "14.0.1"
1313
},
1414
"keywords": [
1515
"gatsby"

examples/testing-options/package-lock.json

Lines changed: 7 additions & 7 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

examples/testing-options/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@
99
"gatsby-transformer-remark": "4.9.0",
1010
"react": "17.0.2",
1111
"react-dom": "17.0.2",
12-
"remark-html": "14.0.0"
12+
"remark-html": "14.0.1"
1313
},
1414
"keywords": [
1515
"gatsby"

0 commit comments

Comments
 (0)