Update `cmark-gfm` and `commonmarker` gems due to vulnerability
In DOS via issue preview and markdown preview (#361982 - closed) we learned that cmark-gfm
(as well as commonmarker
because it wraps cmark-gfm
) have a vulnerability in the autolink
extension.
A patch has been sent to GitHub through their Security Policy. Until that is fixed, a workaround MR has been applied.
Once it is fixed upstream, we need to update the gems and remove the PathologicalMarkdownFilter
added in the MR
Instructions to re-create the problem in cmark-gfm
are outlined in #361982 (comment 974654562)
Submitted patch: 0001-Fix-pathological-case-in-autolink-extension.patch
Edited by Brett Walker