Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

build(deps): bump league/commonmark from 2.7.1 to 2.8.1

Closed
Number: #177
Type: Pull Request
State: Closed
Author: dependabot[bot] dependabot[bot]
Association: Unknown
Comments: 1
Created: March 07, 2026 at 02:05 AM UTC
(3 months ago)
Updated: March 16, 2026 at 11:43 AM UTC
(3 months ago)
Closed: March 16, 2026 at 11:43 AM UTC
(3 months ago)
Time to Close: 9 days
Labels:
dependencies php
Description:

Bumps league/commonmark from 2.7.1 to 2.8.1.

Release notes

Sourced from league/commonmark's releases.

2.8.1

What's Changed

This is a security release to address an issue where DisallowedRawHtml can be bypassed, resulting in a possible cross-site scripting (XSS) vulnerability.

Fixed

  • Fixed DisallowedRawHtmlRenderer not blocking raw HTML tags with trailing ASCII whitespace (GHSA-4v6x-c7xx-hw9f)
  • Fixed PHP 8.5 deprecation (#1107)

New Contributors

Full Changelog: https://github.com/thephpleague/commonmark/compare/2.8.0...2.8.1

2.8.0

What's Changed

Added

  • Added a new HighlightExtension for marking important text using == syntax (#1100)

Fixed

  • Fixed AutolinkExtension incorrectly matching URLs after invalid www. prefix (#1095, #1103)

New Contributors

Full Changelog: https://github.com/thephpleague/commonmark/compare/2.7.1...2.8.0

Changelog

Sourced from league/commonmark's changelog.

[2.8.1] - 2026-03-05

This is a security release to address an issue where DisallowedRawHtml can be bypassed, resulting in a possible cross-site scripting (XSS) vulnerability.

Fixed

  • Fixed DisallowedRawHtmlRenderer not blocking raw HTML tags with trailing ASCII whitespace (GHSA-4v6x-c7xx-hw9f)
  • Fixed PHP 8.5 deprecation (#1107)

[2.8.0] - 2025-11-26

Added

  • Added a new HighlightExtension for marking important text using == syntax (#1100)

Fixed

  • Fixed AutolinkExtension incorrectly matching URLs after invalid www. prefix (#1095, #1103)
Commits
  • 84b1ca4 Almost forgot this entry
  • bcf54f5 Merge commit from fork
  • 7a68ed1 Prepare to release 2.8.1
  • 5c0c4c8 Fix DisallowedRawHtml bypass via newline/tab in tag names
  • f6e7443 Add regression test
  • 0719b67 Merge pull request #1107 from freost/fix-php85-deprecation-error
  • 63ff2e0 Fix PHP 8.5 deprecation
  • 8608e9c Merge pull request #1106 from Kocal/patch-1
  • 10f246a [Docs] Fix "rendering" page rendering
  • 24b0774 Merge pull request #1104 from thephpleague/renovate/major-symfony
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Package Dependencies
Package:
league/commonmark
Ecosystem:
packagist
Version Change:
2.7.1 → 2.8.1
Update Type:
Minor
Actions
View on GitHub View Repository All Dependabot PRs
Technical Details
ID: 14647188
UUID: 4036992109
Node ID: PR_kwDOELJ9zs7IpNnW
Host: GitHub
Repository: nextcloud/integration_github