[Snyk] Fix for 2 vulnerabilities

[aboire]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Infinite loop SNYK-JS-MARKDOWNIT-6483324	Yes	Proof of Concept
	718/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.5	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: bcrypt

The new version differs by 91 commits.

• 2f124bd Fix artifact upload path
• 10eacf5 Prepare v5.0.1
• 6eacfe1 Merge pull request #856 from kelektiv/update-deps
• feb477c Update node-pre-gyp to 1.0.0
• 42c8b0c Merge pull request #852 from kelektiv/update-deps
• bafefc3 Update packages
• 7c5d8df Merge pull request #851 from recrsn/node-15-ci
• 1ba55f9 Add Node 15 to CI
• 19c06c1 Update Node version compatibility info
• 09cb4fc Merge pull request #825 from dogon11/patch-1
• 2821c03 Merge pull request #811 from techhead/use_buffers
• 63c8403 Merge pull request #838 from alete89/docs/improve-hash-info
• 984ef18 remove reference to $2y$ algo identifier
• 630c897 fixes: #828
• 0f93284 README.md typo fix
• 4125ebc Update README.md
• f503e57 Create SECURITY.md
• f158e6e Allow optional use of Node Buffers.
• 8866277 Deploy on any travis tag
• 61139e6 v5.0.0
• 1bde62c Update node-pre-gyp to 0.15.0
• 40770d6 Add NodeJS 14 to appveyor CI
• 5916a46 Merge pull request #807 from techhead/known_length
• f28e916 Reword comment

See the full diff

Package name: markdown-it

The new version differs by 154 commits.

• e476f78 13.0.2 released
• dfd485b Dist rebuild
• 80a3adc Fix crash in linkify inline rule on malformed input
• 49ca65b Sync pathological tests with cmark
• 2b6cac2 Sync pathological tests with cmark
• 08444a5 Fix typo; minor copy-edits (#879)
• 940459e fix: remove outdated comments (#891)
• 1529ff4 Guard against custom rule not incrementing pos
• 6325878 Multiple refactors
• 9ff460e Drop a lot of extra code from blockquotes
• e843acc Merge branch 'master' of github.com:markdown-it/markdown-it
• bda7182 13.0.1 released
• b8b610f Dist rebuild
• d17df13 Bump linkify-it to 4.0.1
• 0c19c37 Merge pull request #866 from yne/patch-1
• e157cd2 doc: Add syntax highlighting
• 6ec0b76 13.0.0 released
• 0e4c0f4 Dist rebuild
• d1757ed Bump linkify-it to v4
• bab0baf Added examples on how to add and modify rules (#619)
• e6d1bfd refactor: replace deprecated String.prototype.substr()
• f523514 Remove (p) => § replacement in typographer
• 3fc0deb Put entities to separate token
• 6b58ec4 Add linkifier rule to inline chain for full links

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Uncontrolled Resource Consumption ('Resource Exhaustion')