[Snyk] Upgrade: markdown-it, semver, eleventy-sass, node-fetch, ts-node

[X-oss-byte]

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

markdown-it
from 13.0.1 to 13.0.2 | 1 version ahead of your current version | a year ago
on 2023-09-26
semver
from 7.3.8 to 7.6.3 | 10 versions ahead of your current version | 2 months ago
on 2024-07-16
eleventy-sass
from 2.2.1 to 2.2.6 | 5 versions ahead of your current version | 24 days ago
on 2024-08-16
node-fetch
from 3.3.1 to 3.3.2 | 1 version ahead of your current version | a year ago
on 2023-07-25
ts-node
from 10.9.1 to 10.9.2 | 1 version ahead of your current version | 9 months ago
on 2023-12-08

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Infinite loop SNYK-JS-MARKDOWNIT-6483324	696	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	696	Proof of Concept

Release notes

Package name: markdown-it

• 13.0.2 - 2023-09-26
  

  13.0.2 released

• 13.0.1 - 2022-05-03
  

  Merge branch 'master' of github.com:markdown-it/markdown-it

from markdown-it GitHub release notes

Package name: semver

• 7.6.3 - 2024-07-16
  

  7.6.3 (2024-07-16)

  Bug Fixes

  • 73a3d79 #726 optimize Range parsing and formatting (#726) (@ jviide)

  Documentation

  • 2975ece #719 fix extra backtick typo (#719) (@ stdavis)
• 7.6.2 - 2024-05-09
  

  7.6.2 (2024-05-09)

  Bug Fixes

  • 6466ba9 #713 lru: use map.delete() directly (#713) (@ negezor, @ lukekarrys)
• 7.6.1 - 2024-05-07
  

  7.6.1 (2024-05-04)

  Bug Fixes

  • c570a34 #704 linting: no-unused-vars (@ wraithgar)
  • ad8ff11 #704 use internal cache implementation (@ mbtools)
  • ac9b357 #682 typo in compareBuild debug message (#682) (@ mbtools)

  Dependencies

  • 988a8de #709 uninstall lru-cache (#709)
  • 3fabe4d #704 remove lru-cache

  Chores

  • dd09b60 #705 bump @ npmcli/template-oss to 4.22.0 (@ lukekarrys)
  • ec49cdc #701 chore: chore: postinstall for dependabot template-oss PR (@ lukekarrys)
  • b236c3d #696 add benchmarks (#696) (@ H4ad)
  • 692451b #688 various improvements to README (#688) (@ mbtools)
  • 5feeb7f #705 postinstall for dependabot template-oss PR (@ lukekarrys)
  • 074156f #701 bump @ npmcli/template-oss from 4.21.3 to 4.21.4 (@ dependabot[bot])
• 7.6.0 - 2024-02-05
  

  7.6.0 (2024-01-31)

  Features

  • a7ab13a #671 preserve pre-release and build parts of a version on coerce (#671) (@ madtisa, madtisa, @ wraithgar)

  Chores

  • 816c7b2 #667 postinstall for dependabot template-oss PR (@ lukekarrys)
  • 0bd24d9 #667 bump @ npmcli/template-oss from 4.21.1 to 4.21.3 (@ dependabot[bot])
  • e521932 #652 postinstall for dependabot template-oss PR (@ lukekarrys)
  • 8873991 #652 chore: chore: postinstall for dependabot template-oss PR (@ lukekarrys)
  • f317dc8 #652 bump @ npmcli/template-oss from 4.19.0 to 4.21.0 (@ dependabot[bot])
  • 7303db1 #658 add clean() test for build metadata (#658) (@ jethrodaniel)
  • 6240d75 #656 add missing quotes in README.md (#656) (@ zyxkad)
  • 14d263f #625 postinstall for dependabot template-oss PR (@ lukekarrys)
  • 7c34e1a #625 bump @ npmcli/template-oss from 4.18.1 to 4.19.0 (@ dependabot[bot])
  • 123e0b0 #622 postinstall for dependabot template-oss PR (@ lukekarrys)
  • 737d5e1 #622 bump @ npmcli/template-oss from 4.18.0 to 4.18.1 (@ dependabot[bot])
  • cce6180 #598 postinstall for dependabot template-oss PR (@ lukekarrys)
  • b914a3d #598 bump @ npmcli/template-oss from 4.17.0 to 4.18.0 (@ dependabot[bot])
• 7.5.4 - 2023-07-07
  

  7.5.4 (2023-07-07)

  Bug Fixes

  • cc6fde2 #588 trim each range set before parsing (@ lukekarrys)
  • 99d8287 #583 correctly parse long build ids as valid (#583) (@ lukekarrys)
• 7.5.3 - 2023-06-22
  

  7.5.3 (2023-06-22)

  Bug Fixes

  • abdd93d #571 set max lengths in regex for numeric and build identifiers (#571) (@ lukekarrys)

  Documentation

  • bf53dd8 #569 add example for > comparator (#569) (@ mbtools)
• 7.5.2 - 2023-06-15
  

  7.5.2 (2023-06-15)

  Bug Fixes

  • 58c791f #566 diff when detecting major change from prerelease (#566) (@ lukekarrys)
  • 5c8efbc #565 preserve build in raw after inc (#565) (@ lukekarrys)
  • 717534e #564 better handling of whitespace (#564) (@ lukekarrys)
• 7.5.1 - 2023-05-12
  

  7.5.1 (2023-05-12)

  Bug Fixes

  • d30d25a #559 show type on invalid semver error (#559) (@ tjenkinson)
• 7.5.0 - 2023-04-17
• 7.4.0 - 2023-04-10
• 7.3.8 - 2022-10-04

from semver GitHub release notes

Package name: eleventy-sass

• 2.2.6 - 2024-08-16
  

  2.2.6

• 2.2.5 - 2024-08-14
  

  2.2.5

• 2.2.4 - 2023-11-28
  

  2.2.4

• 2.2.3 - 2023-06-24
  

  2.2.3

• 2.2.2 - 2023-06-24
  

  2.2.2

• 2.2.1 - 2023-02-18
  

  2.2.1

from eleventy-sass GitHub release notes

Package name: node-fetch

• 3.3.2 - 2023-07-25
  

  3.3.2 (2023-07-25)

  Bug Fixes

  • Remove the default connection close header. (#1736) (8b3320d), closes #1735 #1473
• 3.3.1 - 2023-03-11
  

  3.3.1 (2023-03-11)

  Bug Fixes

  • release "Allow URL class object as an argument for fetch()" #1696 (#1716) (7b86e94)

from node-fetch GitHub release notes

Package name: ts-node

• 10.9.2 - 2023-12-08
  

  Fixed

  • Fixed tsconfig.json file not found on latest TypeScript version (#2091)
• 10.9.1 - 2022-07-14
  

  Fixed

  • Workaround nodejs bug introduced in 18.6.0 (#1838) @ cspotcode
    • Only affects projects on node >=18.6.0 using --esm
    • Older versions of node and projects without --esm are unaffected

  v10.9.0...v10.9.1
  https://github.com/TypeStrong/ts-node/milestone/18?closed=1

from ts-node GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 577d8d4

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[sourcery-ai]

We have skipped reviewing this pull request. Here's why:

• It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
• We don't review packaging changes - Let us know if you'd like us to change this.