New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
markdown-it: remove dependency highlight.js
(and only keep @types/highlight.js
) to resolve vulnerability GHSA-7wwv-vh3v-89cq
#49964
Conversation
@UNIDY2002 Thank you for submitting this PR! This is a live comment which I will keep updated. 1 package in this PR
Code ReviewsBecause you edited one package and updated the tests (👏), I can help you merge this PR once someone else signs off on it. Status
All of the items on the list are green. To merge, you need to post a comment including the string "Ready to merge" to bring in your changes. Diagnostic Information: What the bot saw about this PR{
"type": "info",
"now": "-",
"pr_number": 49964,
"author": "UNIDY2002",
"headCommitAbbrOid": "f6e7cf5",
"headCommitOid": "f6e7cf5ec78bd152393f847e4dd60a0761b7830a",
"lastPushDate": "2020-12-05T08:36:47.000Z",
"lastActivityDate": "2020-12-16T13:27:11.000Z",
"maintainerBlessed": false,
"mergeOfferDate": "2020-12-16T13:25:19.000Z",
"mergeRequestDate": "2020-12-16T13:27:11.000Z",
"mergeRequestUser": "UNIDY2002",
"hasMergeConflict": false,
"isFirstContribution": false,
"popularityLevel": "Popular",
"pkgInfo": [
{
"name": "markdown-it",
"kind": "edit",
"files": [
{
"path": "types/markdown-it/index.d.ts",
"kind": "definition"
},
{
"path": "types/markdown-it/lib/index.d.ts",
"kind": "definition"
},
{
"path": "types/markdown-it/package.json",
"kind": "package-meta-ok"
},
{
"path": "types/markdown-it/test/index.ts",
"kind": "test"
}
],
"owners": [
"plantain-00",
"rapropos",
"duduluu"
],
"addedOwners": [],
"deletedOwners": [],
"popularityLevel": "Popular"
}
],
"reviews": [
{
"type": "approved",
"reviewer": "plantain-00",
"date": "2020-12-16T13:24:41.000Z",
"isMaintainer": false
}
],
"ciResult": "pass"
} |
🔔 @plantain-00 @rapropos @duduluu — please review this PR in the next few days. Be sure to explicitly select |
@UNIDY2002 The CI build failed! Please review the logs for more information. Once you've pushed the fixes, the build will automatically re-run. Thanks! |
👋 Hi there! I’ve run some quick measurements against master and your PR. These metrics should help the humans reviewing this PR gauge whether it might negatively affect compile times or editor responsiveness for users who install these typings. Let’s review the numbers, shall we? These typings are for a version of markdown-it that doesn’t yet exist on master, so I’ve compared them with v10.0. Comparison details 📊
It looks like nothing changed too much. I won’t post performance data again unless it gets worse. |
(So that the TypeScript version can remain 2.0, and will not break the requirements of the dependents of this library.)
highlight.js
to resolve vulnerability GHSA-7wwv-vh3v-89cqhighlight.js
(and only keep @types/highlight.js
) to resolve vulnerability GHSA-7wwv-vh3v-89cq
So, any updates? |
Re-ping @plantain-00, @rapropos, @duduluu: This PR has been out for over a week, yet I haven't seen any reviews. Could someone please give it some attention? Thanks! |
@UNIDY2002 Everything looks good here. Great job! I am ready to merge this PR (at f6e7cf5) on your behalf. If you'd like that to happen, please post a comment saying:
and I'll merge this PR almost instantly. Thanks for helping out! ❤️ (@plantain-00, @rapropos, @duduluu: you can do this too.) |
Ready to merge |
I just published |
Hi there, I am a bit confused. Since markdown-it@v12 is already using hightlight.js@v10, why revert back to v9?🧐 @UNIDY2002 Edit: I found that you seem wanna support TypescriptV2, but I disagree about this.
|
@Mister-Hope Sorry for the late reply (I was surprised to find the email notification in my junk list...) I did this because when I first tried to simply bump the version up (07069a8), the CI of DefinitelyTyped wouldn't pass as some dependents of |
Please fill in this template.
npm test <package to test>
.Select one of these and delete the others:
If changing an existing definition:
tslint.json
containing{ "extends": "dtslint/dt.json" }
. If for reason the any rule need to be disabled, disable it for that line using// tslint:disable-next-line [ruleName]
and not for whole package so that the need for disabling can be reviewed.Note: besides, adjustments have been made in line with the changed API: markdown-it/markdown-it#626