🚨 [security] Update commonmarker 0.17.13 → 0.23.10 (major)

[depfu]

---

Welcome to Depfu 👋

This is one of the first three pull requests with dependency updates we've sent your way. We tried to start with a few easy patch-level updates. Hopefully your tests will pass and you can merge this pull request without too much risk. This should give you an idea how Depfu works in general.

After you merge your first pull request, we'll send you a few more. We'll never open more than seven PRs at the same time so you're not getting overwhelmed with updates.

Let us know if you have any questions. Thanks so much for giving Depfu a try!

---

---

🚨 Your current dependencies have known security vulnerabilities 🚨

This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!

---

Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.

What changed?

⚠️ Listing all changes has exceeded the size limit of this text. See full version on Depfu

↗️ commonmarker (indirect, 0.17.13 → 0.23.10) · Repo · Changelog

✳️ github-pages (200 → 228) · Repo

↗️ activesupport (indirect, 4.2.11.1 → 5.2.8.1) · Repo · Changelog

↗️ addressable (indirect, 2.7.0 → 2.8.5) · Repo · Changelog

↗️ concurrent-ruby (indirect, 1.1.5 → 1.2.2) · Repo · Changelog

↗️ dnsruby (indirect, 1.61.3 → 1.70.0) · Repo

↗️ em-websocket (indirect, 0.5.1 → 0.5.3) · Repo · Changelog

↗️ ethon (indirect, 0.12.0 → 0.16.0) · Repo · Changelog

↗️ execjs (indirect, 2.7.0 → 2.8.1) · Repo

↗️ faraday (indirect, 0.16.2 → 2.7.10) · Repo · Changelog

↗️ ffi (indirect, 1.11.1 → 1.15.5) · Repo · Changelog

↗️ github-pages-health-check (indirect, 1.16.1 → 1.17.9) · Repo

↗️ html-pipeline (indirect, 2.12.0 → 2.14.3) · Repo · Changelog

↗️ http_parser.rb (indirect, 0.6.0 → 0.8.0) · Repo

↗️ i18n (indirect, 0.9.5 → 1.14.1) · Repo · Changelog

↗️ jekyll (indirect, 3.8.5 → 3.9.3) · Repo · Changelog

↗️ jekyll-avatar (indirect, 0.6.0 → 0.7.0) · Repo · Changelog

↗️ jekyll-commonmark (indirect, 1.3.1 → 1.4.0) · Repo · Changelog

↗️ jekyll-commonmark-ghpages (indirect, 0.1.5 → 0.4.0) · Repo

↗️ jekyll-feed (indirect, 0.11.0 → 0.15.1) · Repo · Changelog

↗️ jekyll-github-metadata (indirect, 2.12.1 → 2.13.0) · Repo · Changelog

↗️ jekyll-mentions (indirect, 1.4.1 → 1.6.0) · Repo · Changelog

↗️ jekyll-optional-front-matter (indirect, 0.3.0 → 0.3.2) · Repo

↗️ jekyll-readme-index (indirect, 0.2.0 → 0.3.0) · Repo

↗️ jekyll-redirect-from (indirect, 0.14.0 → 0.16.0) · Repo · Changelog

↗️ jekyll-relative-links (indirect, 0.6.0 → 0.6.1) · Repo

↗️ jekyll-remote-theme (indirect, 0.4.0 → 0.4.3) · Repo

↗️ jekyll-seo-tag (indirect, 2.5.0 → 2.8.0) · Repo · Changelog

↗️ jekyll-sitemap (indirect, 1.2.0 → 1.4.0) · Repo · Changelog

↗️ jekyll-swiss (indirect, 0.4.0 → 1.0.0) · Repo

↗️ jekyll-theme-architect (indirect, 0.1.1 → 0.2.0) · Repo

↗️ jekyll-theme-cayman (indirect, 0.1.1 → 0.2.0) · Repo

↗️ jekyll-theme-dinky (indirect, 0.1.1 → 0.2.0) · Repo

↗️ jekyll-theme-hacker (indirect, 0.1.1 → 0.2.0) · Repo

↗️ jekyll-theme-leap-day (indirect, 0.1.1 → 0.2.0) · Repo

↗️ jekyll-theme-merlot (indirect, 0.1.1 → 0.2.0) · Repo

↗️ jekyll-theme-midnight (indirect, 0.1.1 → 0.2.0) · Repo

↗️ jekyll-theme-minimal (indirect, 0.1.1 → 0.2.0) · Repo

↗️ jekyll-theme-modernist (indirect, 0.1.1 → 0.2.0) · Repo

↗️ jekyll-theme-primer (indirect, 0.5.3 → 0.6.0) · Repo

↗️ jekyll-theme-slate (indirect, 0.1.1 → 0.2.0) · Repo

↗️ jekyll-theme-tactile (indirect, 0.1.1 → 0.2.0) · Repo

↗️ jekyll-theme-time-machine (indirect, 0.1.1 → 0.2.0) · Repo

↗️ jekyll-titles-from-headings (indirect, 0.5.1 → 0.5.3) · Repo

↗️ jemoji (indirect, 0.10.2 → 0.12.0) · Repo · Changelog

↗️ kramdown (indirect, 1.17.0 → 2.3.2) · Repo · Changelog

↗️ liquid (indirect, 4.0.0 → 4.0.4) · Repo · Changelog

↗️ listen (indirect, 3.1.5 → 3.8.0) · Repo · Changelog

↗️ mini_portile2 (indirect, 2.4.0 → 2.8.4) · Repo · Changelog

↗️ minima (indirect, 2.5.0 → 2.5.1) · Repo · Changelog

↗️ minitest (indirect, 5.12.2 → 5.19.0) · Repo · Changelog

↗️ nokogiri (indirect, 1.10.4 → 1.15.3) · Repo · Changelog

↗️ octokit (indirect, 4.14.0 → 4.25.1) · Repo · Changelog

↗️ public_suffix (indirect, 3.1.1 → 4.0.7) · Repo · Changelog

↗️ rb-fsevent (indirect, 0.10.3 → 0.11.2) · Repo

↗️ rb-inotify (indirect, 0.10.0 → 0.10.1) · Repo

↗️ rouge (indirect, 2.2.1 → 3.26.0) · Repo · Changelog

↗️ rubyzip (indirect, 2.0.0 → 2.3.2) · Repo · Changelog

↗️ sawyer (indirect, 0.8.2 → 0.9.2) · Repo

↗️ typhoeus (indirect, 1.3.1 → 1.4.0) · Repo · Changelog

↗️ tzinfo (indirect, 1.2.5 → 1.2.11) · Repo · Changelog

↗️ unicode-display_width (indirect, 1.6.0 → 1.8.0) · Repo · Changelog

🆕 faraday-net_http (added, 3.0.2)

🆕 jekyll-include-cache (added, 0.2.1)

🆕 kramdown-parser-gfm (added, 1.1.0)

🆕 racc (added, 1.7.1)

🆕 rexml (added, 3.2.6)

🆕 ruby2_keywords (added, 0.0.5)

🆕 simpleidn (added, 0.2.1)

🆕 unf (added, 0.1.4)

🆕 unf_ext (added, 0.0.8.2)

🗑️ multipart-post (removed)

🗑️ ruby-enum (removed)

🗑️ ruby_dep (removed)

---

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands

@​depfu rebase

Rebases against your default branch and redoes this update

@​depfu recreate

Recreates this PR, overwriting any edits that you've made to it

@​depfu merge

Merges this PR once your tests are passing and conflicts are resolved

@​depfu cancel merge

Cancels automatic merging of this PR

@​depfu close

Closes this PR and deletes the branch

@​depfu reopen

Restores the branch and reopens this PR (if it's closed)

@​depfu pause

Ignores all future updates for this dependency and closes this PR

@​depfu pause [minor|major]

Ignores all future minor/major updates for this dependency and closes this PR

@​depfu resume

Future versions of this dependency will create PRs again (leaves this PR as is)

[vtex-io-ci-cd]

Hi! I'm VTEX IO CI/CD Bot and I'll be helping you to publish your app! 🤖

Please select which version do you want to release:

• Patch (backwards-compatible bug fixes)

• Minor (backwards-compatible functionality)

• Major (incompatible API changes)

And then you just need to merge your PR when you are ready! There is no need to create a release commit/tag.

• No thanks, I would rather do it manually 😞

[changeset-bot]

⚠️ No Changeset found

Latest commit: e4f666c

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
No Duplication information